Collaborate Disseminate
In this Help Net Security video, Tina Srivastava, MIT Lecturer and CEO of Badge, discusses a 20-year cryptography problem – using biometrics for authentication without storing a face/finger/voice print. This has massive implications for corporate… Continue reading Preventing credential theft in the age of AI
GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and sustainability of their software. The program is funded by companies (AmEx Chaingua… Continue reading GitHub Secure Open Source Fund: Project maintainers, apply now!
Apple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308) that “may have been actively exploited on Intel-based Mac systems”. About CVE-2024-44309 and CVE-2024-443… Continue reading Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)
The ransomware attack on UnitedHealth earlier this year is quickly becoming the healthcare industry’s version of Colonial Pipeline, prompting congressional testimony, lawmaker scrutiny and potential legislation. Over the past few months, there have be… Continue reading Five backup lessons learned from the UnitedHealth ransomware attack
In this Help Net Security interview, Stephanie Domas, CISO at Canonical, discusses common misconceptions about open-source security and how the community can work to dispel them. She explains how open-source solutions, contrary to myths, offer enterpri… Continue reading Debunking myths about open-source security
The integrity of our online ecosystem heavily relies on domain registries, which serve as the foundation for secure and trusted digital experiences. However, threats like Domain Name System (DNS) abuse– manifesting as phishing, malware, and botnets – j… Continue reading Safeguarding the DNS through registries
Microsoft is enhancing its bug bounty initiatives with the launch of the Zero Day Quest hacking event. With $4 million in potential rewards, it focuses on driving research in critical areas such as cloud computing and AI. Event focus The event invites … Continue reading Microsoft announces Zero Day Quest hacking event with big rewards
Microsoft has implemented some and is working on delivering several other security-related features and improvements for Windows 11. Administrator protection will allow users to make system changes on their PCs without having administrator rights (that… Continue reading Microsoft announces new and improved Windows 11 security features
Microsoft has announced the Windows Resiliency Initiative, aimed at avoiding a repeat of the prolonged worldwide IT outage caused by a buggy CrowdStrike update that took down millions of Windows machines and rendered them remotely unfixable. As part of… Continue reading Microsoft plans to boot security vendors out of the Windows kernel
Cross-IdP impersonation – a technique that enables attackers to hijack the single sign-on (SSO) process to gain unauthorized access to downstream software-as-a-service (SaaS) applications without compromising a company’s primary identity pr… Continue reading Cross-IdP impersonation bypasses SSO protections