Transitioning to memory-safe languages: Challenges and considerationsIn this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation, discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. LastPass' CIO vision for driving business strategy, innovationRecently, LastPass appointed Asad Siddiqui as its CIO. He brings over two decades of experience leading startups and large technology organizations.
It was the perfect time for Help Net Security to find out what's next for Siddiqui in his new role and how he plans to bridge the gap between business objectives and technological solutions.
Cybersecurity jobs available right now: March 12, 2024We've scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field.
CloudGrappler: Open-source tool detects activity in cloud environmentsCloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments.
MobSF: Open-source security research platform for mobile appsThe Mobile Security Framework is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile.
Microsoft: Russian hackers accessed internal systems, code repositoriesMidnight Blizzard, a group of Russian hackers tied to the country's Foreign Intelligence Service, has leveraged information stolen from Microsoft corporate email systems to burrow into the company's source code repositories and internal systems.
BSAM: Open-source methodology for Bluetooth security assessmentMany wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid.
The effects of law enforcement takedowns on the ransomware landscapeWhile the results of law enforcement action against ransomware-as-a-service operators Alphv/BlackCat and LockBit are yet to be fully realized, the August 2023 disruption of the Qakbot botnet has had one notable effect: ransomware affiliates have switched to vulnerability exploitation as the primary method of delivering the malware.
PoC for critical Arcserve UDP vulnerabilities publishedArcserve has fixed critical security vulnerabilities in its Unified Data Protection solution that can be chained to upload malicious files to the underlying Windows system.
Critical FortiClient EMS vulnerability fixed, PoC for saleA recently fixed SQL injection vulnerability in Fortinet's FortiClient Endpoint Management Server solution has apparently piqued the interest of many: Horizon3's Attack Team means to publish technical details and a proof-of-concept exploit for it next week, and someone is attempting to sell a PoC for less than $300 via GitHub.
Hackers leverage 1-day vulnerabilities to deliver custom Linux malwareA financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems.
Email security trends in the energy and infrastructure sectorIn this Help Net Security video, Mike Britton, CISO at Abnormal Security, discusses how energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks.
10 free cybersecurity guides you might have missedThis collection of free cybersecurity guides covers a broad range of topics, from resources for developing cybersecurity programs to specific guides for various sectors and organizations.
How organizations can keep up with shifting data privacy regulationsIn this Help Net Security video, Romain Deslorieux, Global Director, Strategic Partnerships at Thales, discusses what companies should be planning based on current regulations and what steps they can take to prepare for the future.
Image-based phishing tactics evolveWhile 70% of organizations feel their current security stacks are effective against image-based and QR code phishing attacks, 76% were still compromised in the last 12 months, according to IRONSCALES and Osterman Research.
The most concerning risks for 2024 and beyondIn this Help Net Security video, Melissa Bischoping, Director, Endpoint Security Research at Tanium, discusses the most concerning risks for 2024 and beyond, from both an internal and external perspective.
Keyloggers, spyware, and stealers dominate SMB malware detectionsIn 2023, 50% of malware detections for SMBs were keyloggers, spyware and stealers, malware that attackers use to steal data and credentials, according to Sophos.
How teams can improve incident recovery time to minimize damagesIn this Help Net Security video, Nick Scozzaro, CEO at ShadowHQ, discusses why incident response and disaster recovery processes are flawed and offers advice on how teams can improve incident recovery time to minimize damages.
AI and the future of corporate securityIn this Help Net Security video, Tracy Reinhold, CSO at Everbridge, discusses why AI technology must be embraced while also exploring some guardrails that must be in place to protect organizations against threats using AI to penetrate facilities.
Product showcase: How to track SaaS security best practices with Nudge SecurityNudge Security discovers all SaaS apps ever introduced by anyone in your organization and offers automation and orchestration capabilities to make it easy to implement SaaS security best practices.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Sun, 17 Mar 2024 09:43:07 +0000