Tag: infosec
-
11 hottest IT security certs for higher pay today
Tags: access, attack, automation, business, cloud, container, control, corporate, credentials, cyber, cybersecurity, data, defense, encryption, exploit, finance, fortinet, google, governance, incident response, infosec, intelligence, Internet, jobs, linux, malicious, malware, monitoring, network, penetration-testing, remote-code-execution, resilience, reverse-engineering, risk, risk-assessment, risk-management, skills, software, technology, threat, tool, training, vulnerability, windowsOffensive Security Certified Expert (OSCE): OffSec’s Offensive Security Certified Expert consists of three courses: Advanced Web Attacks and Exploitation, Advanced Evasion Techniques and Breaching Defenses, and Windows User Mode Exploit Development. The format for each course exam is the same: Candidates have 48 hours to compromise a given target using various techniques. No formal prerequisites exist for any of the…
-
New infosec products of the week: March 21, 2025
Here’s a look at the most interesting products from the past week, featuring releases from 1Kosmos, Cloudflare, Cytex, Keysight Technologies, and TXOne Networks. Keysight AI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/21/new-infosec-products-of-the-week-march-21-2025/
-
New infosec products of the week: March 14, 2025
Tags: infosecHere’s a look at the most interesting products from the past week, featuring releases from Alloy, Detectify, Pondurance, and SimSpace. SimSpace Stack Optimizer allows … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/14/new-infosec-products-of-the-week-march-14-2025/
-
What is risk management? Quantifying and mitigating uncertainty
Tags: breach, business, cio, ciso, compliance, control, cyber, cyberattack, data, finance, flaw, framework, governance, healthcare, infosec, infrastructure, insurance, international, jobs, mitigation, monitoring, nist, risk, risk-analysis, risk-assessment, risk-management, software, strategy, technology, tool, vulnerabilityHow do organizations structure risk management operations?: Risk management has in some organizations traditionally been multicentric, with different departments or individuals within the org implementing risk management techniques in their work: Risk management is a component of good project management, for instance. IT leaders in particular must be able to integrate risk management philosophies and…
-
New infosec products of the week: March 7, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Outpost24, Palo Alto Networks, Red Canary, and Sonatype. Outpost24 introduces … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/07/new-infosec-products-of-the-week-march-7-2025/
-
Infosec products of the month: February 2025
Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Armor, BigID, Dynatrace, Fortinet, Legit Security, Netwrix, Nymi, Palo … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/28/infosec-products-of-the-month-february-2025/
-
Ghost ransomware crew continues to haunt IT depts with scarily bad infosec
FBI and CISA issue reminder – deep sigh – about the importance of patching and backups First seen on theregister.com Jump to article: www.theregister.com/2025/02/20/fbi_beware_of_ghost_ransomware/
-
Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11M
If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help First seen on theregister.com Jump to article: www.theregister.com/2025/02/19/decadeold_healthcare_security_snafu_settled/
-
Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11 million
If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help First seen on theregister.com Jump to article: www.theregister.com/2025/02/19/decadeold_healthcare_security_snafu_settled/
-
New infosec products of the week: February 14, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Armor, EchoMark, Netwrix, Palo Alto Networks, and Socure. Palo Alto Networks Cortex … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/14/new-infosec-products-of-the-week-february-14-2025/
-
US lawmakers press Trump admin to oppose UK’s order for Apple iCloud backdoor
Senator, Congressman tell DNI to threaten infosec agreements if Blighty won’t back down First seen on theregister.com Jump to article: www.theregister.com/2025/02/13/us_demand_uk_apple_backdoor_close/
-
Sophos sheds 6% of staff after swallowing Secureworks
De-dupes some roles, hints others aren’t needed as the infosec scene shifts First seen on theregister.com Jump to article: www.theregister.com/2025/02/13/sophos_secureworks_layoff/
-
Fortinet discloses second authentication bypass vulnerability
Fortinet disclosed CVE-2025-24472 in an updated advisory that confused some in the infosec community because it stated that ‘reports show this is being exploited in the wild.’ First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619314/Fortinet-discloses-second-authentication-bypass-vulnerability
-
Getting the Most Value out of the OSCP: Pre-Course Prep
Tags: access, antivirus, attack, compliance, control, credentials, cyber, cybersecurity, detection, exploit, finance, framework, guide, hacker, hacking, infosec, infrastructure, jobs, kali, linux, mandiant, metric, microsoft, mitre, network, organized, password, penetration-testing, PurpleTeam, RedTeam, risk, service, skills, software, tactics, technology, tool, training, vulnerability, windowsThe first post in a five-part practical guide series on maximizing the professional, educational, and financial value of the OffSec certification pursuit for a successful career in offensive cybersecurity consulting Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements.…
-
UK armed forces fast-tracking cyber warriors to defend digital front lines
High starting salaries promised after public sector infosec pay criticized First seen on theregister.com Jump to article: www.theregister.com/2025/02/10/uk_armed_forces_cyber_hires/
-
Infosec pros struggle under growing compliance
The implementation of new regulatory measures that impact the UK, EU, and beyond are driving organizations to enhance vigilance in addressing evolving cybersecurity and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/07/infosec-pros-compliance-pressure/
-
New infosec products of the week: February 7, 2025
Tags: infosecHere’s a look at the most interesting products from the past week, featuring releases from Dynatrace, Nymi, Qualys, SafeBreach, and Satori. Qualys TotalAppSec enables … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/07/new-infosec-products-of-the-week-february-7-2025/
-
Musk’s DOGE effort could spread malware, expose US systems to threat actors
Tags: access, ai, api, attack, authentication, ceo, cio, computer, computing, control, cyber, cybercrime, cybersecurity, data, defense, email, exploit, governance, government, hacking, infection, infosec, international, jobs, malicious, malware, network, office, privacy, ransomware, risk, service, technology, threat, toolOver the past 10 days, an astonishing series of actions by Elon Musk via his Department of Government Efficiency (DOGE) project has elevated the cybersecurity risk of some of the most sensitive computing systems in the US government. Musk and his team of young, inexperienced engineers, at least one of whom is not a US…
-
Proactive Vulnerability Management for Engineering Success
By integrating security into CI/CD, applying automated policies, and supporting developers with the right processes and tools, infosec teams can increase efficiency and build secure software. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/proactive-vulnerability-management-engineering-success
-
Hackers game out infowar against China with the US Navy
Taipei invites infosec bods to come and play on its home turf First seen on theregister.com Jump to article: www.theregister.com/2025/01/20/china_taiwan_wargames/
-
US hits back against China’s Salt Typhoon group
Tags: attack, backdoor, china, cisa, ciso, communications, computer, control, crypto, cve, cyber, cyberattack, cybersecurity, defense, detection, disinformation, espionage, exploit, finance, government, group, infosec, infrastructure, intelligence, ivanti, law, malicious, mandiant, microsoft, network, north-korea, office, tactics, technology, theft, threat, tool, vpn, vulnerabilityThe US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.On Friday the Department of the Treasury’s Office of Foreign Assets Control (OFAC) said it is sanctioning Sichuan Juxinhe Network Technology, a…
-
Microsoft eggheads say AI can never be made secure after testing Redmond’s own products
If you want a picture of the future, imagine your infosec team stamping on software forever First seen on theregister.com Jump to article: www.theregister.com/2025/01/17/microsoft_ai_redteam_infosec_warning/
-
New infosec products of the week: January 10, 2025
Tags: infosecHere’s a look at the most interesting products from the past week, featuring releases from BioConnect, BreachLock, McAfee, Netgear, and Swimlane. NETGEAR Armor, powered by … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/10/new-infosec-products-of-the-week-january-10-2025/
-
ADFS”Š”, “ŠLiving in the Legacy of DRS
ADFS”Š”, “ŠLiving in the Legacy of DRS It’s no secret that Microsoft have been trying to move customers away from ADFS for a while. Short of slapping a “deprecated” label on it, every bit of documentation I come across eventually explains why Entra ID should now be used in place of ADFS. And yet”¦ we still encounter…
-
Critical Windows LDAP flaw could lead to crashed servers, RCE attacks
Researchers have published a proof-of-concept exploit for a pair of Windows Lightweight Directory Access Protocol (LDAP) flaws that could lead to server crashes or remote code execution (RCE) on Windows servers.”Active Directory Domain Controllers (DCs) are considered to be one of the crown jewels in organizational computer networks,” noted researchers at security firm SafeBreach, who…
-
Infosec products of the month: December 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, Cato Networks, Datadog, Fortinet, GitGuardian, Horizon3.ai, Netwrix, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/27/infosec-products-of-the-month-december-2024/