The proliferation of non-human identities
97% of non-human identities (NHIs) have excessive privileges, increasing unauthorized access and broadening the attack surface, according to Entro Security’s 2025 State …
Cybersecurity jobs available right now: September 18, 2024
Some of the jobs listed here are no longer accepting applications. For a fresh list of open cybersecurity jobs, go here. Application Security Engineer CHANEL | France | …
Organizations overwhelmed by numerous and insecure remote access tools
Organizations are combating excessive remote access demands with an equally excessive number of tools that provide varying degrees of security, according to Claroty. Data from …
Apple releases iOS 18, with security and privacy improvements
Apple has launched iOS 18, the latest significant iteration of the operating system powering its iPhones. Along with many new features and welcome customization options, iOS …
PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)
CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, …
Gateways to havoc: Overprivileged dormant service accounts
Service accounts are non-human identities used to automate machine-to-machine interactions. They support critical functions – such as running scripts, services, and …
The growing danger of visual hacking and how to protect against it
In this Help Net Security interview, Robert Ramsey, CEO at Rain Technology, discusses the growing threat of visual hacking, how it bypasses traditional cybersecurity measures, …
Beyond human IAM: The rising tide of machine identities
Remember when managing user accounts was your biggest headache? Those were simpler times. Today, we’re drowning in a sea of machine identities, and it’s time to …
The cybersecurity workforce of the future requires diverse hiring practices
The global cybersecurity workforce gap reached a new high with an estimated 4.8 million professionals needed to effectively secure organizations, a 19% year-on-year increase, …
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering web pages on Windows – “was …
EchoStrike: Generate undetectable reverse shells, perform process injection
EchoStrike is an open-source tool designed to generate undetectable reverse shells and execute process injection on Windows systems. “EchoStrike allows you to generate …
Compliance frameworks and GenAI: The Wild West of security standards
In this Help Net Security interview, Kristian Kamber, CEO at SplxAI, discusses how security challenges for GenAI differ from traditional software. Unlike predictable software, …