SCS 9001 2.0 reveals enhanced controls for global supply chainsIn this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in operationalizing the NIST and other government guidelines and frameworks.
Balancing AI advantages and risks in cybersecurity strategiesIn this Help Net Security interview, Matt Holland, CEO of Field Effect, discusses achieving a balance for businesses between the advantages of using AI in their cybersecurity strategies and the risks posed by AI-enhanced cyber threats.
Nemesis: Open-source offensive data enrichment and analytic pipelineNemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data.
ThreatNG open-source datasets aim to improve cybersecurity practicesThe ThreatNG Governance and Compliance Dataset is an open-source initiative that aims to democratize access to critical data, fostering transparency, collaboration, and improvement of cybersecurity practices globally.
December 2023 Patch Tuesday: 33 fixes to wind the year downMicrosoft's December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical.
EOL Sophos firewalls get hotfix for old but still exploited vulnerabilityOver a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices.
Attackers are trying to exploit Apache Struts vulnerabilityAttackers are trying to leverage public proof-of-exploit exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2.
Lazarus exploit Log4Shell vulnerability to deliver novel RAT malwareNorth Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability and novel malware written in DLang.
Russian hackers target unpatched JetBrains TeamCity serversRussian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned.
There are actions you can take to plan your automation and as part of your regular cybersecurity hygiene check.
A closer look at LATMA, the open-source lateral movement detection toolIn this Help Net Security video, Gal Sadeh, Head of Data and Security Research at Silverfort, discusses LATMA, a free, open-source tool.
Cybercriminals continue targeting open remote access productsCybercriminals still prefer targeting open remote access products, or like to leverage legitimate remote access tools to hide their malicious actions, according to WatchGuard.
eIDAS: EU's internet reforms will undermine a decade of advances in online securityThe European Union's attempt to reform its electronic identification and trust services - a package of laws better known as eIDAS 2.0 - contains legislation that poses a grave threat to online privacy and security.
Shifting data protection regulations show why businesses must put privacy at their coreLike it or not, data protection will be one of the biggest issues organizations face in 2024.
WhatsApp, Slack, Teams, and other messaging platforms face constant security risks42% of businesses report employees with BYOD devices in business settings that use tools like WhatsApp have led to new security incidents, according to SafeGuard Cyber.
Digital ops and ops management security predictions for 2024CISOs don't need a crystal ball - they already know that 2024 will be another tough year, especially with AI at everyone's mind.
I. Fortifying cyber defenses: A proactive approach to ransomware resilienceRansomware has become a pervasive threat, compromising the security and functionality of vital systems across the United States.
Guide: Application security posture management deep diveDistinguishing real, business-critical application risks is more challenging than ever.
A siloed, ad hoc approach to AppSec generates noisy false positives that overwhelm under-resourced security teams.
Photos: CyberMarketingCon 2023Help Net Security sponsored and attended Cybersecurity Marketing Society's CyberMarketingCon 2023 in Austin, TX. New infosec products of the week: December 15, 2023Here's a look at the most interesting products from the past week, featuring releases from Censys, Confirm, Drata, Safe Security, and SpecterOps.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Sun, 17 Dec 2023 09:43:04 +0000