Is Your Organization Taking a Rigorous Approach to Secrets Rotation? In today’s advanced technological landscape, ensuring compliance and maintaining a capable security posture is no longer optional. Particularly, the management of Non-Human Identities (NHIs) and secrets rotation has become a…
Category: EN
Protected Access: Enhancing Cloud IAM Strategies
Unpacking the Importance of Non-Human Identities (NHIs) in Cloud Security Can we imagine a world where Non-Human Identities (NHIs) weren’t instrumental to our cybersecurity strategies? NHIs, or machine identities, perform an irreplaceable function in today’s environment, where businesses are increasingly…
Building Trust with Efficient Privileged Access Management
Why is Privileged Access Management Crucial? Does it ever cross your mind how privileged access management plays a significant role in safeguarding your organization’s data and systems? With a largely digitalized economy, the landscape of potential security threats has dramatically…
Harnessing Innovation in Machine Identity Management
How Does Innovation Impact Machine Identity Management? Imagine an environment where machine identities are as secure as human identities, where every “tourist” in the system is accounted for, their “passports” encrypted and secure. This is the goal of Non-Human Identity…
Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations
Italy’s data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users’…
17M Patient Records Stolen in Ransomware Attack on Three California Hospitals
A staggering 17 million patient records, containing sensitive personal and medical information, have been stolen in a devastating ransomware attack on PIH Health. The cyberattack, which began on December 1, has disrupted operations at three hospitals: PIH Health Downey Hospital,…
Modiloader From Obfuscated Batch File, (Mon, Dec 23rd)
My last investigation is a file called “Albertsons_payment.GZâ€, received via email. The file looks like an archive but is identified as a picture by TrID: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original…
Top 5 Ransomware Attacks and Data Breaches of 2024
As we approach the end of 2024, it’s clear that the landscape of cyber threats has continued to evolve at an alarming pace. With an increasing reliance on digital infrastructures, both private and public sectors have become prime targets for…
WhatsApp Wins NSO in Pegasus Spyware Hacking Lawsuit After 5 Years
After a prolonged legal battle stretching over five years, WhatsApp has triumphed over NSO Group in a significant lawsuit concerning the use of Pegasus spyware. The verdict, handed down by the United States District Court for the Northern District of…
Germany Investigates BadBox Malware Infections, Targeting Over 192,000 Devices
Germany has launched an investigation into reports of a significant cyber threat believed to be linked to the BadBox Malware, which has allegedly infected over 192,000 devices across the country. These devices include a wide array of electronics, such as…
Evilginx: Open-source man-in-the-middle attack framework
Evilginx is an open-source man-in-the-middle attack framework designed to phish login credentials and session cookies, enabling attackers to bypass 2FA safeguards. “Back in 2017, I was experimenting with extracting cookies from one browser and importing them into another. I realized…
Maximizing the impact of cybercrime intelligence on business resilience
In this Help Net Security interview, Jason Passwaters, CEO of Intel 471, discusses how integrating cybercrime intelligence into an organization’s security strategy enables proactive threat management and how measuring intelligence efforts can help mitigate risks before they escalate. Passwaters also…
How companies can fight ransomware impersonations
As these threat actors become increasingly strategic and harder to detect, organizations must take all measures to protect their data, including cybersecurity training. In this Help Net Security video, Rodman Ramezanian, Global Cloud Threat Lead at Skyhigh Security, discusses how…
PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool
GBHackers come across a new ChatGPT-powered Penetration testing Tool called “PentestGPT” that helps penetration testers to automate their pentesting operations. PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore. It is…
What open source means for cybersecurity
With outdated and inadequately maintained components, along with insecure dependencies, the open-source ecosystem presents numerous risks that could expose organizations to threats. In this article, you will find excerpts from 2024 open-source security reports that can help your organization strengthen…
Understanding Cyber Threats During the Holiday Season
Understanding Cyber Threats During the Holiday Season Understanding Cyber Threats During the Holiday Season The holiday season, while festive, presents heightened cybersecurity risks for businesses. Cybercriminals exploit increased online activity and reduced vigilance during this period. Understanding these threats is…
How to craft a comprehensive data cleanliness policy
Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential. But what does this involve, and…
DEF CON 32 – NTLM: The Last Ride
Authors/Presenters: Jim Rush, Tomais Williamson Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.…
Cybersecurity Essentials : Key to Success for All Businesses to Navigate Security
The journey of building a business is an exhilarating experience, whether it’s a startup taking its first steps, a small-to-medium business (SMB) scaling new heights, or an enterprise striving for sustained growth. However, regardless of the size or stage,…
Apple might be working on a smart doorbell
There’s been a lot of reporting in recent months around Apple’s efforts to expand its footprint in customers’ homes with in-development products like a wall-mounted smart home hub. According to a new report in Bloomberg, that strategy could also include…