What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on organizations across the EU, particularly in ICT risk management and cybersecurity.
Leveraging AI and automation for enhanced cloud communication securityIn this Help Net Security interview, Sanjay Macwan, CIO and CISO at Vonage, addresses emerging threats to cloud communications and the role of AI and automation in cybersecurity.
OpenARIA: Open-source edition of the Aviation Risk Identification and AssessmentMITRE now offers an open-source version of its Aviation Risk Identification and Assessment software suite, OpenARIA. RiskInDroid: Open-source risk analysis of Android appsRiskInDroid is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques.
PyRIT: Open-source framework to find risks in generative AI systemsPython Risk Identification Tool is Microsoft's open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems.
Cisco patches Secure Client VPN flaw that could reveal authentication tokensCisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which could be exploited by unauthenticated, remote attackers to grab users' valid SAML authentication token.
Web-based PLC malware: A new potential threat to critical infrastructureA group of researchers from Georgia Tech's College of Engineering have developed web-based programmable logic controller malware able to target most PLCs produced by major manufacturers.
Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashesA threat actor specializing in establishing initial access to target organizations' computer systems and networks is using booby-trapped email attachments to steal employees' NTLM hashes.
GitHub push protection now on by default for public repositoriesGitHub push protection - a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online - is being switched on by default for all public repositories.
Integrating software supply chain security in DevSecOps CI/CD pipelinesIn this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to integrate the various building blocks of software supply chain security assurance into CI/CD pipelines to enhance the preparedness of organizations to address supply chain security in the development and deployment of cloud-native applications.
In the face of escalating financial requirements and expanding responsibilities, these leaders are under heightened pressure to achieve more with fewer resources, creating roles encompassing multiple security functions.
Secure your hybrid workforce: The advantages of encrypted storageIn this Help Net Security video, Ryan Amparo, Field Application Engineer at Kingston Technology, discusses the benefits of encrypted external SSDs and USBs for hybrid workforces.
Navigating regulation challenges for protecting sensitive healthcare dataIn this Help Net Security video, Chris Bowen, CISO at ClearDATA, emphasizes the importance of digital health companies being more transparent with their users.
AI tools put companies at risk of data exfiltrationData loss from insiders continues to pose a growing threat to security, with emerging technologies such as AI and generative AI only compounding the issue, indicating swift action is needed, according to Code42.
Major shifts in identity, ransomware, and critical infrastructure threat trendsIn this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and how these shifts are forming the threat landscape in 2024 and beyond.
95% believe LLMs making phishing detection more challengingMore than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to LastPass.
Securing the future: Addressing cybersecurity challenges in the education sectorIn this Help Net Security video, Kory Daniels, CISO at Trustwave, shines a light on the impact the current threat environment can have for both universities and students.
How to create an efficient governance control programYour success as an organization, especially in the cyber realm, depends on your security posture.
To account for the ongoing evolution of digital threats, you need to implement robust governance control programs that address the current control environment and help you to prepare for the future risk environment.
Photos: BSidesZagreb 2024BSidesZagreb is a complimentary, non-profit conference driven by community participation, designed for information security professionals and enthusiasts to gather, exchange ideas, and collaborate.
Help Net Security sponsored the 2024 edition that took place on March 1, and here are photos from the event.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Sun, 10 Mar 2024 09:13:08 +0000