Help Net Security Newsletter - January 22, 2024

Help Net Security weekly newsletter

View in your browser.

Must-read to detect, remediate, and handle all of your secrets in 2024:

The State of Secrets in AppSec (by CISOs for CISOs)
Secrets Management Maturity Model
Implementing Automated Secrets Detection for Application Security
Big thanks to GitGuardian for providing high-quality research!

Latest news:

Week in review: 10 cybersecurity frameworks you need to know, exploited Chrome zero-day fixed

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)

Out with the old and in with the improved: MFA needs a revamp

New infosec products of the week: January 19, 2024

Digital nomads amplify identity fraud risks

Unlocking GenAI’s full potential through work reinvention

Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)

Attribute-based encryption could spell the end of data compromise

Skytrack: Open-source aircraft reconnaissance tool

Ransomware negotiation: When cybersecurity meets crisis management

The power of AI in cybersecurity

Adversaries exploit trends, target popular GenAI apps

Kaspersky releases utility to detect iOS spyware infections

Google fixes actively exploited Chrome zero-day (CVE-2024-0519)

Security considerations during layoffs: Advice from an MSSP

The right strategy for effective cybersecurity awareness

CISOs’ crucial role in aligning security goals with enterprise expectations

IT teams unable to deliver data fast enough to match the speed of business

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

1,700 Ivanti VPN devices compromised. Are yours among them?

3 ways to combat rising OAuth SaaS attacks

10 cybersecurity frameworks you need to know about

Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations

Geopolitical tensions combined with technology will drive new security risks

Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

Flipping the BEC funnel: Phishing in the age of GenAI

Adalanche: Open-source Active Directory ACL visualizer, explorer

Key elements for a successful cyber risk management strategy

Videos:

Best practices to mitigate alert fatigue

Preventing insider access from leaking to malicious actors

Government organizations’ readiness in the face of cyber threats

Industry news:

Vercara UltraSecure offers protection from malicious attacks

VulnCheck IP Intelligence identifies vulnerable internet-connected infrastructure

N-able MDR ingests data from existing security and IT tools

ESET launches MDR service to improve cybersecurity for SMBs

Swimlane enhances Turbine platform to alleviate the pressure on SecOps teams

Sourcepoint introduces sensitive data opt-in feature to prepare users for privacy changes

Skyhigh Security’s AI-driven DLP Assistant prevents critical data loss

Wing Security unveils automated protection against AI-SaaS risks

Living Security Unify Power Insights identifies vulnerable members within an organization

Fortinet unveils networking solution integrated with Wi-Fi 7

Skopenow Grid detects the earliest signals of critical risks

Trellix XDR Platform for RDR strengthens operational resilience

Copyright © 2024 Astus d.o.o. (Help Net Security), All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list