News - Security Ticks

5 open-source tools for pentesting Kubernetes you should check out

Don't miss, GitHub, Hot stuff, Kubernetes, News, open source, penetration testing, software / SecurityTicks

5 open-source tools for pentesting Kubernetes you should check out 06/12/2023 at 08:02 By Help Net Security Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications. Kubernetes has become a critical part of the infrastructure for many organizations. However, with its widespread adoption, Kubernetes environments […]

React to this headline:

5 open-source tools for pentesting Kubernetes you should check out Read More »

Businesses gain upper hand with GenAI integration

Artificial Intelligence, cybersecurity, digital transformation, Forrester Research, generative AI, News, report, survey / SecurityTicks

Businesses gain upper hand with GenAI integration 06/12/2023 at 07:02 By Help Net Security Firms that actively harness generative AI to enhance experiences, offerings, and productivity will realize outsized growth and will outpace their competition, according to Forrester. Between July and September 2023, the number of enterprises that are in the experimentation and expansion stages

React to this headline:

Businesses gain upper hand with GenAI integration Read More »

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more!

Don't miss, Hot stuff, Kali Linux, Linux, News, OffSec, open source, penetration testing / SecurityTicks

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! 05/12/2023 at 21:31 By Zeljka Zorz OffSec (previously Offensive Security) has released Kali Linux 2023.4, the latest version of its penetration testing and digital forensics platform. New tools in Kali Linux 2023.4 The list of tools freshly added to Kali Linux includes:

React to this headline:

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! Read More »

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)

APT, cyber espionage, Don't miss, Email, EU, Hot stuff, Microsoft, Microsoft Exchange, News, Outlook, vulnerability / SecurityTicks

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) 05/12/2023 at 17:47 By Helga Labus Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining

React to this headline:

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) Read More »

SessionProbe: Open-source multi-threaded pentesting tool

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software / SecurityTicks

SessionProbe: Open-source multi-threaded pentesting tool 05/12/2023 at 09:03 By Mirko Zorz SessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications. It takes a user’s session token and checks for a list of URLs if access is possible, highlighting potential authorization issues. It deduplicates URL lists and provides real-time logging and

React to this headline:

SessionProbe: Open-source multi-threaded pentesting tool Read More »

How AI is revolutionizing “shift left” testing in API security

API security, Application Security, Artificial Intelligence, Cequence Security, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion / SecurityTicks

How AI is revolutionizing “shift left” testing in API security 05/12/2023 at 08:33 By Help Net Security Catching coding errors in API preproduction, before they are spun up and go live is critical in preventing exploitable vulnerabilities. It’s why we’ve seen “shift left” become a significant focus in API development, whereby DevOps takes responsibility for

React to this headline:

How AI is revolutionizing “shift left” testing in API security Read More »

Advanced ransomware campaigns expose need for AI-powered cyber defense

Artificial Intelligence, attacks, cybersecurity, Deep Instinct, Don't miss, Features, Hot stuff, machine learning, News, opinion, Ransomware, skill development, SOC / SecurityTicks

Advanced ransomware campaigns expose need for AI-powered cyber defense 05/12/2023 at 08:02 By Mirko Zorz In this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in ransomware attacks, emphasizing the need for businesses to use advanced AI technologies, such as deep learning (DL), for prevention rather than just detection and

React to this headline:

Advanced ransomware campaigns expose need for AI-powered cyber defense Read More »

2024 brings changes in data security strategies

Artificial Intelligence, cybersecurity, data, data security, Metomic, News, report, strategy, survey / SecurityTicks

2024 brings changes in data security strategies 05/12/2023 at 07:02 By Help Net Security 2024 will be a revolutionary year for the data security landscape as Data Security Posture Management (DSPM) technology rapidly evolves to keep pace with the colossal amount of data being created, stored and shared within organizations and across business sectors, according

React to this headline:

2024 brings changes in data security strategies Read More »

eBook: Defending the Infostealer Threat

Don't miss, Enzoic, News, Whitepapers and webinars / SecurityTicks

eBook: Defending the Infostealer Threat 05/12/2023 at 06:48 By Help Net Security Enterprises’ increasing digital reliance has fueled an array of cybersecurity threats. One rapidly growing area is information-stealing malware known as infostealers, which is malicious software designed to steal data. Unlike ransomware, where information is held hostage, infostealer attacks happen covertly, and the growth

React to this headline:

eBook: Defending the Infostealer Threat Read More »

Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16

cybersecurity, Editors' Pick, Innovation, News, premium, Technology / SecurityTicks

Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 04/12/2023 at 22:03 By Thomas Brewster, Forbes Staff A Moscow legal battle strongly indicates that phone forensics tools used by both the FBI and FSB are exploiting security loopholes in Apple’s operating system. This article is an excerpt from Forbes – Cybersecurity View Original Source React

React to this headline:

Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 Read More »

RDRS: ICANN’s new service for easier access to nonpublic domain data

Assured Data Protection, ICANN, News, Privacy / SecurityTicks

RDRS: ICANN’s new service for easier access to nonpublic domain data 04/12/2023 at 17:31 By Help Net Security The Internet Corporation for Assigned Names and Numbers (ICANN) has launched the Registration Data Request Service (RDRS). The RDRS is a new service that introduces a more consistent and standardized format to handle requests for access to

React to this headline:

RDRS: ICANN’s new service for easier access to nonpublic domain data Read More »

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities

Check Point, CISA, critical infrastructure, Don't miss, Hot stuff, Israel, NCSC, News, PLC, USA / SecurityTicks

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities 04/12/2023 at 16:48 By Helga Labus Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers (PLCs), US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series

React to this headline:

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities Read More »

Booking.com customers targeted in hotel booking scam

account hijacking, Don't miss, hospitality industry, Hot stuff, Malware, News, Perception Point, scams, SecureWorks, social engineering / SecurityTicks

Booking.com customers targeted in hotel booking scam 04/12/2023 at 13:31 By Helga Labus Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. “Customers of multiple properties received email or in-app messages from Booking.com that purported to be from

React to this headline:

Booking.com customers targeted in hotel booking scam Read More »

Put guardrails around AI use to protect your org, but be open to changes

Artificial Intelligence, ChatGPT, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, NS1, opinion, regulation / SecurityTicks

Put guardrails around AI use to protect your org, but be open to changes 04/12/2023 at 08:31 By Help Net Security Artificial intelligence (AI) is a topic that’s currently on everyone’s minds. While in some industries there is concern it could replace workers, other industries have embraced it as a game-changer for streamlining processes, automating

React to this headline:

Put guardrails around AI use to protect your org, but be open to changes Read More »

2024 cybersecurity outlook: The rise of AI voice chatbots and prompt engineering innovations

Artificial Intelligence, cybercrime, cybersecurity, machine learning, News, report, survey, WatchGuard / SecurityTicks

2024 cybersecurity outlook: The rise of AI voice chatbots and prompt engineering innovations 04/12/2023 at 07:31 By Help Net Security In their 2024 cybersecurity outlook, WatchGuard researchers forecast headline-stealing hacks involving LLMs, AI-based voice chatbots, modern VR/MR headsets, and more in the coming year. Companies and individuals are experimenting with LLMs to increase operational efficiency.

React to this headline:

2024 cybersecurity outlook: The rise of AI voice chatbots and prompt engineering innovations Read More »

Maximizing cybersecurity on a budget

Arctic Wolf Networks, cybersecurity, Don't miss, investment, News, SecureIQLab, Threater, Video / SecurityTicks

Maximizing cybersecurity on a budget 04/12/2023 at 07:01 By Help Net Security A cybersecurity budget is an allocation of resources, both financial and otherwise, dedicated to protecting an organization’s digital assets from cyber threats. This includes funds for security software, hardware, training, and personnel. A well-structured cybersecurity budget ensures that an organization is adequately prepared

React to this headline:

Maximizing cybersecurity on a budget Read More »

Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens

News, Week in review / SecurityTicks

Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens 03/12/2023 at 12:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerability disclosure: Legal risks and ethical considerations for researchers In this Help Net Security interview, Eddie Zhang, Principal

React to this headline:

Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens Read More »

Qlik Sense flaws exploited in Cactus ransomware campaign

Arctic Wolf Networks, data analytics, Don't miss, exploit, Hot stuff, News, Ransomware, security update, vulnerability / SecurityTicks

Qlik Sense flaws exploited in Cactus ransomware campaign 01/12/2023 at 15:18 By Helga Labus Attackers are exploiting three critical vulnerabilities in internet-facing Qlik Sense instances to deliver Cactus ransomware to target organizations, Arctic Wolf researchers have warned. The exploited vulnerabilities Qlik Sense is a business intelligence and data analytics solution popular with governmental organizations and

React to this headline:

Qlik Sense flaws exploited in Cactus ransomware campaign Read More »

Critical Zyxel NAS vulnerabilities patched, update quickly!

Don't miss, Hot stuff, IBM X-Force, NAS, News, security update, vulnerability, Zyxel / SecurityTicks

Critical Zyxel NAS vulnerabilities patched, update quickly! 01/12/2023 at 14:33 By Zeljka Zorz Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by unauthenticated attackers. The vulnerabilities in Zyxel NAS devices One of the six plugged security holes is an improper

React to this headline:

Critical Zyxel NAS vulnerabilities patched, update quickly! Read More »

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update / SecurityTicks

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) 01/12/2023 at 12:33 By Zeljka Zorz With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-42916, CVE-2023-42917) CVE-2023-42916 is a out-of-bounds read

React to this headline:

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) Read More »