Breaking down FCC’s proposal to strengthen BGP security
In this Help Net Security interview, Doug Madory, Director of Internet Analysis at Kentik, discusses the FCC’s proposal requiring major U.S. ISPs to implement RPKI Route Origin Validation (ROV), and addresses concerns about the impact on smaller IS.....»»
iOS 18.1 added a new ‘Inactivity Reboot’ security feature for iPhone
Last week, a report from 404 Media highlighted concerns from law enforcement officials about iPhones rebooting automatically rebooting themselves. While law enforcement officials had erroneously speculated that iPhones were secretly communicating.....»»
Evaluating your organization’s application risk management journey
In this Help Net Security interview, Chris Wysopal, Chief Security Evangelist at Veracode, discusses strategies for CISOs to quantify application risk in financial terms. Wysopal outlines the need for continuous risk management practices and robust s.....»»
The changing face of identity security
It’s easy to see why identity security is often synonymous with user security. Social engineering tactics are the mainstay of the threat actor’s arsenal, and it’s rare to find an attack that doesn’t feature them to some degree. Getting hold o.....»»
Ambitious cybersecurity regulations leave companies in compliance chaos
While the goal of cybersecurity regulations is to bring order among organizations and ensure they take security and risks seriously, the growing number of regulations has also introduced a considerable set of challenges that organizations and their l.....»»
Cybersecurity jobs available right now: November 12, 2024
Cloud Security Lead CIÉ – Córas Iompair Éireann | Ireland | Hybrid – View job details As a Cloud Security Lead, you will ensure the security of CIE’s Azure environment by developing and implementing cloud security strat.....»»
How human ingenuity continues to outpace automated security tools
10% of security researchers now specialize in AI technology as 48% of security leaders consider AI to be one of the greatest risks to their organizations, according to HackerOne. HackerOne’s report combines perspectives from the researcher communit.....»»
Setting a security standard: From vulnerability to exposure management
Vulnerability management has been the standard approach to fending off cyber threats for years. Still, it falls short by focusing on a limited number of vulnerabilities, often resolving only 1% to 20% of issues. In 2024, with the average data breach.....»»
Strategies for CISOs navigating hybrid and multi-cloud security
In this Help Net Security interview, Alex Freedland, CEO at Mirantis, discusses the cloud security challenges that CISOs need to tackle as multi-cloud and hybrid environments become the norm. He points out the expanded attack surfaces, the importance.....»»
iPhones on iOS 18.1 will automatically reboot and lock down after being idle for a while
A hidden feature in iOS 18.1 will automatically reboot a locked iPhone when it is asleep but hasn't been unlocked for a while, presumably as a security measure.The feature has been identified as an "inactivity reboot," and is similar to a feature fou.....»»
A hidden iOS 18.1 upgrade made it harder to extract data from iPhones
According to security experts, Apple added a new feature in iOS 18.1 that puts an iPhone in a special secure mode after a period of inactivity to protect data......»»
Cops think iPhones are secretly communicating with each other to reboot [U]
Update: A security researcher on Mastodon has cracked the case on this, proving that it has nothing to do with iPhones secretly communicating with each other. A new report from 404 Media says that law enforcement officials in Detroit, Michiga.....»»
Verizon, AT&T tell courts: FCC can’t punish us for selling user location data
Carriers claim location data isn't protected, say they have right to jury trial. Verizon, AT&T, and T-Mobile are continuing their fight against fines for selling user location dat.....»»
AppOmni partners with Cisco to extend zero trust to SaaS
AppOmni announced a significant partnership that combines the company’s Zero Trust Posture Management (ZTPM) solution with Cisco’s Security Service Edge (SSE) technology suite to enable zero trust principles at the application layer in Security-a.....»»
Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)
A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-.....»»
Veterinarian identifies household threats for pets
There's no place like home; it's where our pets find comfort, security, and safety. Some common household items, however, can inadvertently bring danger to a pet's loving household......»»
A closer look at the 2023-2030 Australian Cyber Security Strategy
In this Help Net Security video, David Cottingham, CEO of Airlock Digital, discusses the 2023-2030 Australian Cyber Security Strategy and reviews joint and individual cybersecurity efforts, progress, and strategies over the past year. The Australian.....»»
Am I Isolated: Open-source container security benchmark
Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. The Rust-based container runtime scanner runs as a container, detecting gaps in users’ container runtime i.....»»
Apple’s 45-day certificate proposal: A call to action
In a bold move, Apple has published a draft ballot for commentary to GitHub to shorten Transport Layer Security (TLS) certificates down from 398 days to just 45 days by 2027. The Apple proposal will likely go up for a vote among Certification Authori.....»»
New infosec products of the week: November 8, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Atakama, Authlete, Symbiotic Security, and Zywave. Atakama introduces DNS filtering designed for MSPs Atakama announced the latest expansion of its Managed B.....»»
Security experts warn of new hacker strategy targeting Windows drivers
A new BYOVD attack ends with an infostealer and cryptominer inserted into your Windows PC. The threat campaign named SteelFox uses fake activators......»»