Key elements for a successful cyber risk management strategyIn this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution.
CISOs' crucial role in aligning security goals with enterprise expectationsIn this Help Net Security interview, Chris Mixter, Vice President, Analyst at Gartner, discusses the dynamic world of CISOs and how their roles have evolved significantly over the years.
Ransomware negotiation: When cybersecurity meets crisis managementIn this Help Net Security interview, Tim Morris, Chief Security Advisor at Tanium, discusses ransomware negotiation, how it typically unfolds, and how organizations should have a playbook that clearly outlines what to do, when to do it, who is notified, who will inform the board, who will talk to the press, etc.
Skytrack: Open-source aircraft reconnaissance toolSkytrack is an open-source command-line tool for plane spotting and aircraft OSINT reconnaissance.
Windows SmartScreen bug exploited to deliver powerful info-stealerA vulnerability that Microsoft fixed in November 2023 continues to be exploited by malware peddlers: this time around, the delivered threat is a variant of the Phemedrone Stealer.
Google fixes actively exploited Chrome zero-dayIn the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day with an existing exploit.
Poorly secured PostgreSQL, MySQL servers targeted by ransomware botUsers exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning.
Juniper fixes critical RCE in its SRX firewalls and EX switchesJuniper Networks has fixed a critical pre-authentication remote code execution vulnerability in Junos OS on SRX firewalls and EX switches.
The right strategy for effective cybersecurity awarenessEmployees play a significant role in safeguarding organizational assets.
With a constantly evolving threat landscape, cybersecurity awareness training is an essential component in creating a good security culture.
Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirmsA previously patched critical vulnerability affecting Ivanti Endpoint Manager Mobile and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities Catalog.
The power of AI in cybersecurityThe widespread adoption of artificial intelligence, particularly generative AI, has revolutionized organizational landscapes and transformed both the cyber threat landscape and cybersecurity.
Flipping the BEC funnel: Phishing in the age of GenAIIn addition to deploying the right AI security tools, every CISO should prioritize security awareness training and phishing simulation testing.
Preventing insider access from leaking to malicious actorsIn this Help Net Security video, John Morello, CTO of Gutsy, discusses the often-overlooked aspect of cybersecurity - the offboarding process.
10 cybersecurity frameworks you need to know aboutAs cyber threats grow more sophisticated, understanding and implementing robust cybersecurity frameworks is crucial for organizations of all sizes.
Kaspersky releases utility to detect iOS spyware infectionsKaspersky's researchers have developed a lightweight method to detect indicators of infection from sophisticated iOS spyware such as NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator through analyzing a log file created on iOS devices.
Security considerations during layoffs: Advice from an MSSPOne of the first decisions an organization should make before any downsizing efforts is to decide how transparent they will be about the layoff process with the affected employees.
Attribute-based encryption could spell the end of data compromiseThe future of data privacy is the end of compromise.
With the world producing data at astounding rates, we need ways to put data to the best use while protecting against breaches and ensuring privacy, data protection and access control.
New infosec products of the week: January 19, 2024Here's a look at the most interesting products from the past week, featuring releases from Living Security, Skopenow, Skyhigh Security, and Wing Security.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Sun, 21 Jan 2024 09:43:04 +0000