GitGuardian unveiled a comprehensive Non-Human Identity (NHI) security strategy with integrations across major secrets management platforms, addressing the growing challenge of secrets sprawl in enterprise environments. With Non-Human Identities—digital references used to authenticate machine-to-machine access—now outnumbering human users 100:1, organizations…
Tag: EN
Stairwell Core boosts threat intelligence for security teams
Stairwell announces Stairwell Core, which enables organizations to privately collect, store, and continuously reassess executable files so they can confidently determine if malware has affected their systems. Core offers customers an accessible entry point into the Stairwell ecosystem, giving users…
CISA cloud directive, Texas Tech breach, Meta GDPR fine
CISA delivers new directive for securing cloud environments Texas Tech reports a data breach affecting 1.4 million people Meta fined $263 million for alleged GDPR violations Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep…
Blackberry Sells Cylance To Arctic Wolf At Huge Loss: Cyber Security Today for Wednesday, December 18, 2024
BlackBerry’s Cylance Sale, Major AWS Breach, Klopp Ransomware Strikes Again, and Russian Cyber Attacks In this episode of Cybersecurity Today, host Jim Love discusses BlackBerry’s sale of Cylance to Arctic Wolf for significantly less than its purchase price, the massive…
Spring Framework Path Traversal Vulnerability (CVE-2024-38819) PoC Exploit Released
A Proof of Concept (PoC) exploit for the critical path traversal vulnerability identified as CVE-2024-38819 in the Spring Framework has been released, shedding light on a serious security issue affecting applications that serve static resources via functional web frameworks. This…
Multiple SHARP Routers Vulnerabilities Let Attackers Execute Arbitrary Code
Multiple vulnerabilities have been identified in SHARP routers, potentially allowing attackers to execute arbitrary code with root privileges or compromise sensitive data. Labeled under JVN#61635834, the vulnerabilities highlight significant security concerns for affected devices. Overview and Key Vulnerabilities JPCERT/CC, alongside…
The Complete Guide: How to Create an Endpoint Detection and Response (EDR) Strategy
This post is authored by Heimdal’s Cybersecurity Architect and Technical Product Marketing Manager Andrei Hinodache. You may know him as the face of our popular series of webinars. If you want to watch the full webinar this EDR strategy guide…
CrowdStrike Allies With Salt Security to Improve API Security
CrowdStrike and Salt Security have extended their alliance to make it simpler to feed application programming interface (API) security data directly into a security information event management (SIEM) platform. The post CrowdStrike Allies With Salt Security to Improve API Security…
Hackers Attacking Linux SSH Servers DDoS Bot cShell Using Screen & hping3 Tools
The AhnLab Security Intelligence Center (ASEC) has detected a new strain of malware targeting poorly protected Linux SSH servers. This malware, named “cShell,” exploits existing Linux tools such as screen and hping3 to launch distributed denial-of-service (DDoS) attacks, highlighting a growing concern for server…
How to Prevent Cyber Threats in the Chemical Sector
The chemical sector plays a crucial role in the global economy, providing essential materials for industries ranging from pharmaceuticals to agriculture. However, as technology advances, so do the risks associated with digital systems. Cyber threats, such as ransomware, data breach-es,…
Ransomware attacks on Texas University and Namibia Telecom
Interlock Ransomware Targets Texas Tech University Health Sciences Center A relatively unknown ransomware group, Interlock, has reportedly targeted the Texas Tech University Health Sciences Center, posing a significant threat to the personal data of over 1.46 million patients. The gang…
CISA Releases Secure Practices for Microsoft 365 Cloud Services
The Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01: Implementing Secure Practices for Cloud Services, to enhance the cybersecurity posture of Federal Civilian Executive Branch (FCEB) agencies utilizing cloud services, including Microsoft 365. This directive,…
Data Sovereignty in a Cloud-Driven World is not a Given
Data sovereignty refers to the principle that digital information can remain subject to the laws and governance structures of the country where it is collected or stored. But this, like most things related to the cloud, is more complicated than…
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity.…
Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts
Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what’s the latest financial hit the company…
These Six Innovations Have the Potential to Transform Cybersecurity in 2025
The cybersecurity landscape evolves at a breakneck pace, with new, sophisticated threats challenging even the most intricate defenses. As 2025 approaches, several groundbreaking innovations are poised to redefine how businesses and individuals secure their digital assets and respond to emerging…
CISO accountability: Navigating a landscape of responsibility
What was once primarily a technical role, CISOs now find themselves accountable for organizational risk, regulatory compliance, and even legal liabilities across the entire organization. However, as cyber threats intensify, it’s clear that overseeing cybersecurity operations enterprise-wide is not feasible…
Key steps to scaling automated compliance while maintaining security
In this Help Net Security interview, Vivek Agarwal, Privacy Program Manager at Meta Platforms, shares insights on strategies for reducing time to market, improving vendor onboarding, and updating privacy requirements to ensure compliance across third-party contracts. From leveraging automation and…
Securing Your SaaS: How AppOmni Mitigates SaaS Risks and Protects Data
In this 20 minute session, we’ll introduce you to AppOmni, the platform designed to reduce SaaS data exposure, detect threats, and prevent data breaches. The post Securing Your SaaS: How AppOmni Mitigates SaaS Risks and Protects Data appeared first on…
Securing SaaS – Lessons, Trends, and Strategies for 2025 with Guest Forrester
Our guest speaker, Forrester Vice President, Principal Analyst, Andras Cser, will share key insights on the risks and trends shaping the SaaS security landscape as we move into 2025. The post Securing SaaS – Lessons, Trends, and Strategies for 2025…