tips

Where NSA zero trust guidance aligns with enterprise reality

AppOmni, CISO, cybersecurity, Government, how-to, News, NSA, strategy, tips, zero trust /

Where NSA zero trust guidance aligns with enterprise reality 2026-02-02 at 09:10 By Sinisa Markovic The NSA has published Phase One and Phase Two of its Zero Trust Implementation Guidelines, providing structured guidance for organizations working to implement zero trust cybersecurity practices. The documents are part of a larger series designed to support adoption of […]

Where NSA zero trust guidance aligns with enterprise reality Read More »

A practical take on cyber resilience for CISOs

CISO, cyber resilience, cyber risk, cybersecurity, Don't miss, News, strategy, tips, Video /

A practical take on cyber resilience for CISOs 2026-01-29 at 08:06 By Help Net Security In this Help Net Security video, Shebani Baweja, CISO for Consumer, Private, Wealth & Business Banking at Standard Chartered, explains how security leaders should think about cyber resilience. She outlines why preparation for extreme events matters as much as day

A practical take on cyber resilience for CISOs Read More »

A new framework helps banks sort urgent post-quantum crypto work from the rest

CISO, Encryption, EU, Europe, Europol, finance, financial industry, News, Post-Quantum, quantum computing, Risk Management, strategy, tips /

A new framework helps banks sort urgent post-quantum crypto work from the rest 2026-01-22 at 04:57 By Sinisa Markovic Financial institutions now have a concrete method for deciding where post-quantum cryptography belongs on their security roadmaps. New research coordinated by Europol sets out a scoring framework that helps banks rank systems and business use cases

A new framework helps banks sort urgent post-quantum crypto work from the rest Read More »

The NSA lays out the first steps for zero trust adoption

CISO, Don't miss, Government, how-to, News, NSA, strategy, tips, USA, zero trust /

The NSA lays out the first steps for zero trust adoption 2026-01-15 at 07:28 By Anamarija Pogorelec Security pros often say that zero trust sounds straightforward until they try to apply it across real systems, real users, and real data. Many organizations are still sorting out what they own, how access works, and where authority

The NSA lays out the first steps for zero trust adoption Read More »

Turning plain language into firewall rules

cybersecurity, Don't miss, Features, FireMon, firewall, Hot stuff, how-to, LLMs, News, research, security operations, strategy, tips, Versa Networks /

Turning plain language into firewall rules 2026-01-06 at 09:00 By Sinisa Markovic Firewall rules often begin as a sentence in someone’s head. A team needs access to an application. A service needs to be blocked after hours. Translating those ideas into vendor specific firewall syntax usually involves detailed knowledge of zones, objects, ports, and rule

Turning plain language into firewall rules Read More »

NIST issues guidance on securing smart speakers

hardware, healthcare, how-to, Internet of Things, medical devices, News, NIST, strategy, tips /

NIST issues guidance on securing smart speakers 2025-12-22 at 07:02 By Sinisa Markovic Smart home devices, such as voice-activated digital assistants, are increasingly used in home health care, with risks involved. An attacker could change a prescription, steal medical data, or connect a patient to an impostor. To reduce cybersecurity risks tied to this use,

NIST issues guidance on securing smart speakers Read More »

LLMs work better together in smart contract audits

blockchain, CISO, cybersecurity, Don't miss, Ethereum, framework, LLMs, News, research, strategy, tips /

LLMs work better together in smart contract audits 2025-12-19 at 08:42 By Sinisa Markovic Smart contract bugs continue to drain real money from blockchain systems, even after years of tooling and research. A new academic study suggests that large language models can spot more of those flaws when they work in coordinated groups instead of

LLMs work better together in smart contract audits Read More »

Microsoft 365 users targeted in device code phishing attacks

Don't miss, enterprise, Microsoft 365, News, phishing, Proofpoint, tips /

Microsoft 365 users targeted in device code phishing attacks 2025-12-18 at 16:12 By Zeljka Zorz Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when

Microsoft 365 users targeted in device code phishing attacks Read More »

The soft underbelly of space isn’t in orbit, it’s on the ground

aerospace, CISO, cybersecurity, Don't miss, Features, Hot stuff, KSAT, News, security telemetry, strategy, supply chain, tips /

The soft underbelly of space isn’t in orbit, it’s on the ground 2025-12-18 at 09:08 By Mirko Zorz In this Help Net Security interview, Øystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why stations remain a focal point for security efforts. He

The soft underbelly of space isn’t in orbit, it’s on the ground Read More »

Why vulnerability reports stall inside shared hosting companies

cybersecurity, Don't miss, Features, Hot stuff, News, research, strategy, tips, vulnerability disclosure, vulnerability management /

Why vulnerability reports stall inside shared hosting companies 2025-12-17 at 09:24 By Mirko Zorz Security teams keep sending vulnerability notifications, and the same pattern keeps repeating. Many alerts land, few lead to fixes. A new qualitative study digs into what happens after those reports arrive and explains why remediation so often stops short. The research

Why vulnerability reports stall inside shared hosting companies Read More »

Social data puts user passwords at risk in unexpected ways

authentication, cyber risk, Don't miss, Facebook, Hot stuff, Instagram, LinkedIn, LLMs, News, passwords, Privacy, research, social media, tips /

Social data puts user passwords at risk in unexpected ways 2025-11-28 at 09:08 By Anamarija Pogorelec Many CISOs already assume that social media creates new openings for password guessing, but new research helps show what that risk looks like in practice. The findings reveal how much information can be reconstructed from public profiles and how

Social data puts user passwords at risk in unexpected ways Read More »

Heineken CISO champions a new risk mindset to unlock innovation

boardroom, CISO, Compliance, cyber risk, cybersecurity, Don't miss, Features, Heineken, Hot stuff, News, Risk Management, strategy, tips /

Heineken CISO champions a new risk mindset to unlock innovation 2025-11-26 at 09:16 By Mirko Zorz In this Help Net Security interview, Marina Marceta, CISO at Heineken, discusses what it takes for CISOs to be seen as business-aligned leaders rather than technical overseers. She shares how connecting security to business impact can shift perceptions and

Heineken CISO champions a new risk mindset to unlock innovation Read More »

How an AI meltdown could reset enterprise expectations

access control, Artificial Intelligence, CIO, CISO, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, Redgate Software, regulation, strategy, tips /

How an AI meltdown could reset enterprise expectations 2025-11-25 at 09:02 By Mirko Zorz In this Help Net Security interview, Graham McMillan, CTO at Redgate Software, discusses AI, security, and the future of enterprise oversight. He explains why past incidents haven’t pushed the industry to mature. McMillan also outlines the structural shifts he expects once

How an AI meltdown could reset enterprise expectations Read More »

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices

data theft, Don't miss, Hot stuff, Jamf, macOS, Malware, News, tips /

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices 2025-11-20 at 15:03 By Zeljka Zorz A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. Multi-stage delivery Dubbed DigitStealer by Jamf researchers, this threat is unusually sophisticated. Before

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices Read More »

How to cut security tool sprawl without losing control

CISO, cybersecurity, Don't miss, News, policy, strategy, threats, tips, Versa Networks, Video, zero trust /

How to cut security tool sprawl without losing control 2025-11-19 at 07:58 By Help Net Security In this Help Net Security video, Jon Taylor, Director and Principal of Security at Versa Networks, talks about how organizations can deal with security tool sprawl. He explains why many teams end up with too many tools, especially as

How to cut security tool sprawl without losing control Read More »

What security pros should know about insurance coverage for AI chatbot wiretapping claims

Artificial Intelligence, Don't miss, Features, Hot stuff, law, law firms, News, Privacy, strategy, tips /

What security pros should know about insurance coverage for AI chatbot wiretapping claims 2025-11-18 at 08:44 By Mirko Zorz AI-powered chatbots raise profound concerns under federal and state wiretapping and eavesdropping statutes that is being tested by recent litigation, creating greater exposure to the companies and developers that use this technology. Security professionals that integrate

What security pros should know about insurance coverage for AI chatbot wiretapping claims Read More »

Healthcare security is broken because its systems can’t talk to each other

Compliance, cybersecurity, Don't miss, Features, framework, healthcare, Hot stuff, News, Prime Therapeutics, security controls, strategy, tips /

Healthcare security is broken because its systems can’t talk to each other 2025-11-13 at 09:39 By Mirko Zorz In this Help Net Security interview, Cameron Kracke, CISO at Prime Therapeutics, discusses how the healthcare ecosystem can achieve cohesive security visibility. With hospitals, clinics, telehealth, and cloud partners all in the mix, maintaining visibility remains a

Healthcare security is broken because its systems can’t talk to each other Read More »

What keeps phishing training from fading over time

CISO, cybersecurity, Don't miss, Features, Hot stuff, News, phishing, research, security awareness, strategy, tips, training /

What keeps phishing training from fading over time 2025-11-07 at 13:28 By Mirko Zorz When employees stop falling for phishing emails, it is rarely luck. A new study shows that steady, mandatory phishing training can cut risky behavior over time. After one year of continuous simulations and follow-up lessons, employees were half as likely to

What keeps phishing training from fading over time Read More »

PortGPT: How researchers taught an AI to backport security patches automatically

Artificial Intelligence, automation, Canonical, CISO, cybersecurity, DevSecOps, Don't miss, Features, Git, Hot stuff, Linux, LLMs, News, open source, patching, research, strategy, tips /

PortGPT: How researchers taught an AI to backport security patches automatically 2025-11-05 at 09:07 By Mirko Zorz Keeping older software versions secure often means backporting patches from newer releases. It is a routine but tedious job, especially for large open-source projects such as the Linux kernel. A new research effort has built a tool that

PortGPT: How researchers taught an AI to backport security patches automatically Read More »

How nations build and defend their cyberspace capabilities

attacks, CERT, CISO, cyber attribution, cybersecurity, Cyberwarfare, Don't miss, Features, Government, Hot stuff, News, strategy, tips /

How nations build and defend their cyberspace capabilities 2025-11-04 at 11:54 By Mirko Zorz In this Help Net Security interview, Dr. Bernhards Blumbergs, Lead Cyber Security Expert at CERT.LV, discusses how cyberspace has become an integral part of national and military operations. He explains how countries develop capabilities to act and defend in this domain,

How nations build and defend their cyberspace capabilities Read More »

Scroll to Top