How CISOs navigate policies and access across enterprisesIn this Help Net Security interview, Marco Eggerling, Global CISO at Check Point, discusses the challenge of balancing data protection with diverse policies, devices, and access controls in a distributed enterprise.
Enhancing adversary simulations: Learn the business to attack the businessIn this Help Net Security interview, Jamieson O'Reilly, Founder of DVULN, discusses adversary simulations, shedding light on challenges rooted in human behavior, decision-making, and responses to evolving cyber threats.
Choosing the right partner when outsourcing cybersecurityIn this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing cybersecurity services.
Key strategies for ISO 27001 compliance adoptionIn this Help Net Security interview, Robin Long, founder of Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001 information security standard.
Latio Application Security Tester: Use AI to scan your codeLatio Application Security Tester is an open-source tool that enables the usage of OpenAI to scan code from the CLI for security and health issues.
Prowler: Open-source security tool for AWS, Google Cloud Platform, AzureProwler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure.
SOAPHound: Open-source tool to collect Active Directory data via ADWSSOAPHound is an open-source data collection tool capable of enumerating Active Directory environments through the Active Directory Web Services protocol.
Lagging Mastodon admins urged to patch critical account takeover flawFive days after Mastodon developers pushed out fixes for a remotely exploitable account takeover vulnerability, over 66% of Mastodon servers out there have been upgraded to close the hole.
The fight against commercial spyware misuse is heating upThough there are organizations out there investigating how commercial spyware is misused to target journalists, human rights defenders and dissidents, the growing market related to the development and sale of this type of software and the exploits used to deploy it is still very much shrouded in mystery.
Akira, LockBit actively searching for vulnerable Cisco ASA devicesAkira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning.
Common cloud security mistakes and how to avoid themAccording to recent surveys, 98% of organizations keep their financial, business, customer and/or employee information in the cloud but, at the same time, 95% of cloud security professionals are not sure their security protections and their team would manage to detect and respond to security threats or incidents affecting their cloud infrastructure.
10 must-read cybersecurity books for 2024Our list of cybersecurity books has been curated to steer your professional growth in 2024.
Demystifying SOC-as-a-ServiceIn this Help Net Security video, Erik Holmes, CEO of Cyber Guards, unpacks what a SOCaaS is, how it works, and how to use it.
Researchers discover exposed API secrets, impacting major tech tokensEscape's security research team scanned 189.5 million URLs and found more than 18,000 exposed API secrets.
10 tips for creating your security hackathon playbookHackathon events bring together product and security experts for the sole purpose of finding security vulnerabilities within a product.
How threat actors abuse OAuth appsIn this Help Net Security video, Tal Skverer, Research Team Lead at Astrix Security, shares insights on how threat actors abuse OAuth apps as an easy, unmonitored way into companies' environments.
Paying ransoms is becoming a cost of doing business for manyToday's pervasive cyberattacks are forcing the majority of companies to pay ransoms and break their 'do not pay' policies, with data recovery deficiencies compounding the problem, according to Cohesity.
February 2024 Patch Tuesday forecast: Zero days are back and a new server tooJanuary 2024 Patch Tuesday is behind us.
How companies are misjudging their data privacy preparednessIn this Help Net Security video, Karen Schuler, Global Privacy & Data Protection Chair at BDO, discusses overconfidence in data privacy and data protection practices.
Whitepaper: Why Microsoft's password protection is not enoughMicrosoft's Azure AD Password Protection, now rebranded as Microsoft Entra ID helps users create a password policy they hope will protect their systems from account takeover and other identity and access management issues.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Sun, 11 Feb 2024 09:13:06 +0000