Security News

U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the...

NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines. In this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to integrate the various building blocks of software supply chain security assurance into CI/CD pipelines to enhance the preparedness of organizations to address supply chain security in the development and deployment of cloud-native applications.

For several years, cybersecurity leaders have grappled with talent shortages in crucial cyber roles. A new report illustrates that typical functional combinations within a role include architecture and engineering, application security, and product security.

Despite its importance, patching can be challenging for organizations due to factors such as the sheer volume of patches released by software vendors, compatibility issues with existing systems, and the need to balance security with operational continuity. To ensure effective patch management, organizations should establish clear policies and procedures for patching, automate patch deployment where possible, regularly scan for vulnerabilities, prioritize patches based on risk, and conduct thorough testing before deployment.

BSidesZagreb is a complimentary, non-profit conference driven by community participation, designed for information security professionals and enthusiasts to gather, exchange ideas, and collaborate. Help Net Security sponsored the 2024 edition that took place on March 1, and here are photos from the event.

Infosec in brief The infamous LockBit ransomware gang has been busy in the ten days since an international law enforcement operation took down many of its systems. LockBit quickly set up a new website and updated it with a list of forthcoming victim ransom deadlines - one of which included data allegedly stolen from Fulton County, Georgia.

Feature Two US intelligence bigwigs last week issued stark warnings about foreign threats to American election integrity and security - and the nation's ability to counter these adversaries. A few days earlier, US senator Mark Warner, who chairs the Senate's Intelligence Committee, told Trellix CEO Bryan Palma that the United States is less prepared to combat foreign intervention in the 2024 elections than was the case in 2020.

Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks. The GRX is a component of mobile telecommunications that facilitates data roaming services across different geographical areas and networks.

Starting next month, Microsoft nag screens pushing Windows 11 will also show up on non-managed enterprise devices running Windows 10 Pro and Pro Workstation. After receiving the prompts, the users can upgrade to Windows 11 23H2 or keep using Windows 10.

Overcoming the pressures of cybersecurity startup leadershipIn this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO's leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. How organizations can navigate identity security risks in 2024In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks and threats.