More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%,” ransomware incident response firm Coveware…
Category: Help Net Security
LastPass users targeted by vishing attackers
The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. “Initially, we learned of a new parked domain (help-lastpass[.]com) and immediately marked the website for monitoring should it go live…
Protobom: Open-source software supply chain tool
Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data across standard industry SBOM formats. “he…
The key pillars of domain security
From branded emails and marketing campaigns to critical protocols, internal portals, and internet traffic, domains are central to digital enterprise operations. They are constantly created for new assets and initiatives. In this Help Net Security video, Mark Flegg, Global Director…
New infosec products of the week: April 19, 2024
Here’s a look at the most interesting products from the past week, featuring releases from IDnow, Immuta, Privacera, Redgate, ShadowDragon, and Tanium. ShadowDragon Horizon enhancements help users conduct investigations from any device Horizon is accessible with any internet connection and…
51% of enterprises experienced a breach despite large security stacks
Threat actors are continuing to successfully breach across the entire attack surface and the stakes are only getting higher: 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result, according to Pentera.…
Gurucul federated search provides insights into data that is not centralized
Gurucul announced enhancements to its federated search capabilities. Gurucul federated search empowers users to run queries from a single console across any data source, including data lakes, cloud object storage, databases, identity systems, threat intel sources, and SIEMs – including…
Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)
The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary commands on…
Redgate Monitor Enterprise prevents unauthorized access to sensitive information
Redgate has launched an enterprise version of its popular database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations. Redgate Monitor Enterprise offers advanced capabilities for monitoring large, complex…
Immuta launches Domains policy enforcement to improve security and governance for data owners
Immuta launched Domains policy enforcement, a new capability in the Immuta Data Security Platform that provides additional controls for data owners to implement a data mesh architecture with domain-specific data access policies. Centralizing data access decisions across organizations often leads…
SAS unveils products and services to help customers embrace AI
SAS is launching new AI products and services to improve AI governance and support model trust and transparency. Model cards and new AI Governance Advisory services will help organizations navigate the turbulent AI landscape, mitigating risk and helping them pursue…
Authorities take down LabHost, phishing-as-a-service platform
Law enforcement from 19 countries severely disrupted one of the world’s largest phishing-as-a-service platform, known as LabHost. This year-long operation, coordinated at the international level by Europol, resulted in the compromise of LabHost’s infrastructure. International investigation disrupts phishing-as-a-service platform LabHost…
Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate
Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants — cheap, independently produced, and crudely constructed — on the dark web. The developers of these junk gun variants are attempting to disrupt the traditional affiliate-based ransomware-as-a-service (RaaS)…
Who owns customer identity?
When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team touches customer identity at some point, the teams that own it differ from organization to…
Enterprises face significant losses from mobile fraud
A recent Enea survey highlights a worrying trend in enterprise security: Following ChatGPT’s launch, 76% of businesses are inadequately protected against rising AI-driven vishing and smishing threats. In this Help Net Security video, John Hughes, SVP, Head of Network Security…
92% of enterprises unprepared for AI security challenges
Most industries continue to run almost two or more months behind in patching software vulnerabilities, endpoints remain vulnerable to threats, and most enterprise PCs must be replaced to support AI-based technologies, according to the Absolute Security Cyber Resilience Risk Index…
Bots dominate internet activity, account for nearly half of all traffic
49.6% of all internet traffic came from bots in 2023, a 2% increase over the previous year, and the highest level Imperva has reported since it began monitoring automated traffic in 2013. For the fifth consecutive year, the proportion of…
Armis acquires Silk Security for $150 million
Armis has acquired Silk Security for a total of $15 million and will integrate the Silk Platform into the Armis Centrix AI-based Vulnerability Prioritization and Remediation solution to supercharge its capabilities and now be able to provide security teams with…
Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation
While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be as easy a disabling the devices’ telemetry, it has now been comfirmed that this mitigation is ineffectual. “Device telemetry does not need to be…
Thinking outside the code: How the hacker mindset drives innovation
Keren Elazari is an internationally recognized security analyst, author, and researcher. Since 2000, Keren has worked with leading Israeli security firms, government organizations, innovative start-ups, and Fortune 500 companies. She is the founder of BSidesTLV and Leading Cyber Ladies and…
Cybersecurity jobs available right now: April 17, 2024
Client Security Officer Unisys | USA | Remote – View job details The Client Security Officer (CSO) is part of Unisys account management team servicing its clients as cybersecurity representative alongside the Client Executive and the Client Delivery Executive. Cybersecurity…
Damn Vulnerable RESTaurant: Open-source API service designed for learning
Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game. “I wanted to create a generic playground for ethical hackers, developers, and security engineers where…
IT and security professionals demand more workplace flexibility
The concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a key workplace priority, according to Ivanti. Ivanti surveyed over 7,700 executive leaders, IT and cybersecurity…
Understanding next-level cyber threats
In this Help Net Security video, Trevor Hilligoss, VP of SpyCloud Labs, discusses the 2024 SpyCloud Identity Exposure Report, an annual report examining the latest trends in cybercrime and its impact. Researchers recaptured nearly 1.38 billion passwords circulating the darknet…
PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)
A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To be more precise, the first…
Cisco Duo provider breached, SMS MFA logs compromised
Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-factor authentication) SMS message logs of Duo customers. About the attack The unnamed provider – one of two that Duo…
Tanium Automate reduces manual processes for repeatable tasks
Alongside Tanium Guardian and its partnership with Microsoft Copilot for Security, Tanium Automate serves as another critical component in support of the autonomous endpoint management (AEM) capabilities within the Tanium XEM platform. The trusted automation built into the Tanium XEM…
Vercara UltraEdge offers protection against internet-based threats
Vercara launched UltraEdge, a comprehensive edge platform that includes an innovative Content Delivery Network (CDN), integrated application security, and edge compute. Powered by Edgio and supported through Vercara’s Security Operations Center (SOC), UltraEdge speeds up time to market for new…
New open-source project takeover attacks spotted, stymied
The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious maintainer achieved that coveted…
GuidePoint Security introduces IoT Security Assessment
GuidePoint Security announced its IoT Security Assessment, a new cybersecurity service. GuidePoint Security’s team of IoT security and embedded systems experts have extensive experience identifying potential weaknesses in IoT devices and applications across a wide range of industries. Organizations that…
Sectigo SCM Pro automates certificate management
Sectigo launched SCM Pro, a solution to bring the robustness of enterprise CLM to Small and midsize enterprises (SMEs), effectively leveling the playing field between large enterprises and the mid-market. Online identity proliferation, hybrid work, and device sprawl increase the…
IDnow VideoIdent Flex blends AI technology with human interaction
IDnow has unveiled VideoIdent Flex, a new version of its expert-led video verification service that blends advanced AI technology with human interaction. The human-based video call solution, supported by AI, has been designed and built to boost customer conversion rates,…
5 free red teaming resources to get you started
Red teaming is evaluating the effectiveness of your cybersecurity by eliminating defender bias and adopting an adversarial perspective within your organization. Tactics may include anything from social engineering to physical security breaches to simulate a real-world advanced persistent threat. Here…
Audio deepfakes: What they are, and the risks they present
Audio deepfakes are becoming a big problem. Recent cybercriminal campaigns use voice cloning technology to replicate the speech tone and patterns of celebrities such as Elon Musk, Mr. Beast Tiger Woods, and others and use them for endorsing fake contests,…
AI set to enhance cybersecurity roles, not replace them
In this Help Net Security interview, Caleb Sima, Chair of CSA AI Security Alliance, discusses how AI empowers security pros, emphasizing its role in enhancing skills and productivity rather than replacing staff. AI is seen as empowering rather than replacing…
31% of women in tech consider switching roles over the next year
31% of women in tech are considering leaving their organization over the next 12 months due foremost to poor management, followed by a lack of training and a desire for better compensation, according to Skillsoft. The survey yielded more than…
Privacera adds access control and data filtering functionality for Vector DB/RAG
Privacera announced the addition of new access control and fine-grained data filtering functionality for Vector DB/RAG to Privacera AI Governance (PAIG). “In generative AI, Retrieval-Augmented Generation (RAG) systems operate by sourcing contextual information from a VectorDB, aggregating data from diverse…
A critical vulnerability in Delinea Secret Server allows auth bypass, admin access
Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets. Fixing the Delinea Secret Server SOAP API vulnerability…
eBook: Why CISSP?
As new cyber threats emerge daily in our connected world, there’s never been a greater urgency for cybersecurity professionals than now. What can CISSP certification do for you? In the eBook, hear from cybersecurity experts on how certification: Gives you…
ShadowDragon Horizon enhancements help users conduct investigations from any device
ShadowDragon announced significant enhancements to its Open-Source Intelligence Investigative platform Horizon. These updates represent a milestone in the evolution of investigative technology, offering capabilities to streamline investigative processes and uncover valuable insights. The OSINT Platform encompasses an all-in-one solution for…
Geopolitical tensions escalate OT cyber attacks
In this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology (OT) cyber attacks and their 2024 Threat Report. He examines how global geopolitical tensions and evolving ransomware tactics are reshaping industrial cybersecurity.…
How to protect IP surveillance cameras from Wi-Fi jamming
Gone are the days of criminals cutting camera wires to evade detection: with the proliferation of affordable internet-connected cameras, burglars must resort to Wi-Fi jamming. Blocking the signal blinds the device and stalls home and business surveillance systems, which is…
Exposing the top cloud security threats
Many companies consider AI-powered threats to be the top cloud security threat to their business. Concerningly, less than half are confident in their ability to tackle those threats, according to a recent Aqua Security survey. In this Help Net Security…
Zarf: Open-source continuous software delivery on disconnected networks
Zarf is a free, open-source tool that enables continuous software delivery on disconnected networks. It currently offers fully automated support for K3s, K3d, and Kind and is also compatible with EKS, AKS, GKE, RKE2, and many other distro services. The…
Expand your library with these cybersecurity books
In this Help Net Security video round-up, authors discuss their cybersecurity books and provide an inside look at each title. Complete videos George Finney, CSO at Southern Methodist University, talks about his book – “Project Zero Trust: A Story about…
Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) Attackers are exploiting a command injection vulnerability (CVE-2024-3400) affecting Palo Alto Networks’ firewalls, the company has…
CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks
Earlier today, Palo Alto Networks revealed that a critical command injection vulnerability (CVE-2024-3400) in the company’s firewalls has been exploited in limited attacks and has urged customers with vulnerable devices to quickly implement mitigations and workarounds. Palo Alto Networks’ Unit…
Check Point boosts security in Harmony Email & Collaboration
Check Point announced new email security features that enhance its Check Point Harmony Email & Collaboration portfolio: Patented unified quarantine, DMARC monitoring, archiving, and Smart Banners. Since 2023, Check Point has released over 75 new features for Harmony Email &…
Zscaler extends zero trust SASE and eliminates the need for firewall-based segmentation
Zscaler has signed an agreement to acquire Airgap Networks. Combining Zscaler’s zero trust SD-WAN and Airgap Networks’ agentless segmentation technology will transform how enterprises implement zero trust segmentation to IoT/OT devices, and critical infrastructure across branches, campuses, factories, and data…
Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)
Attackers are exploiting a command injection vulnerability (CVE-2024-3400) affecting Palo Alto Networks’ firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised. “Palo Alto Networks is…
Cado Security teams up with Wiz to accelerate forensic investigations and minimize cloud threats
Cado Security has uveiled its partnership with Wiz and joins Wiz Integration (WIN) Platform. Cado Security enhances WIN by bringing the power of the Cado Security platform to the partner ecosystem so that Wiz customers can seamlessly integrate Cado into…
Palo Alto Networks enhances Cortex XSIAM to help SecOps teams identify cloud threats
Palo Alto Networks announced a new milestone in how security operations centers (SOC) secure the cloud. The new innovations as part of Cortex XSIAM for Cloud bolster the Palo Alto Networks Cortex XSIAM platform to natively deliver Cloud Detection and…
Strategies to cultivate collaboration between NetOps and SecOps
In this Help Net Security interview, Debby Briggs, CISO at Netscout, discusses breaking down silos between NetOps and SecOps. Practical steps include scheduling strategy meetings, understanding communication preferences, and fostering team collaboration. With evolving cloud models, collaboration and clear role…
The next wave of mobile threats
According to McAfee, apps, whether for communication, productivity, or gaming, are among the biggest threats to mobile security. Technavio expects the global mobile security software market to grow by $2.75 billion between 2020 and 2025, expanding at a CAGR of…
Why women struggle in the cybersecurity industry
The workplace experiences of women in cybersecurity are dramatically worse than men across virtually every category, according to a WiCyS and Aleria survey. Previous studies have illustrated that the representation of women in cybersecurity is much lower than it should…
New infosec products of the week: April 12, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Akamai, Bitdefender, Siemens, Veriato, and Index Engines. SINEC Security Guard identifies vulnerable production assets The SINEC Security Guard offers automated vulnerability mapping and security management…
Ivanti empowers IT and security teams with new solutions and enhancements
Ivanti released Ivanti Neurons for External Attack Surface management (EASM), which helps combat attack surface expansion with full visibility of external-facing assets and actionable intelligence on exposures. With the evolution of Everywhere Work comes an increasingly complex threat landscape and…
CISA warns about Sisense data breach
Business intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure Security Agency to push the company’s customers to “reset credentials and secrets potentially exposed to, or…
Ransomware group maturity should influence ransom payment decision
Your organization has been hit by ransomware and a decision has to be made on whether or not to make the ransom payment to get your data decrypted, deleted from attackers’ servers, and/or not leaked online. The decision will depend…
Simbian raises $10 million to automate security operations with GenAI
Simbian emerged from stealth mode with oversubscribed $10 million seed funding to deliver on fully autonomous security. As a first step towards that goal, the company is introducing a GenAI-powered security co-pilot that integrates secure and intelligent AI solutions into…
AppViewX CERT+ helps organizations identify and renew certificates before they expire
AppViewX announced new functionality in the AppViewX CERT+ certificate lifecycle management automation product that helps organizations prepare for Google’s proposed 90-day TLS certificate validity policy. AppViewX CERT+ provides visibility, automation and control to manage both public and private trust certificates…
Digimarc and DataTrails join forces to provide proof of digital content authenticity
Digimarc and DataTrails have partnered to deliver a fully integrated content protection solution to fortify digital content using advanced digital watermarks in tandem with cryptographic proofs, or fingerprints. Combined with provenance metadata, these technologies create a multi-layered toolset to provide…
PVML raises $8 million to offer protection for enterprise data
PVML unveils its platform for secure AI-powered data access and $8 million in Seed funding led by NFX with participation from FJ Labs and Gefen Capital. While the complexity, variety and scale may vary from organization to organization, all companies…
How Google’s 90-day TLS certificate validity proposal will affect enterprises
Announced last year, Google’s proposal to reduce the lifespan of TLS (transport layer security) certificates from 13 months to 90 days could be implemented in the near future. It will certainly improve security and shrink the window of opportunity for…
Leveraging AI for enhanced compliance and governance
In this Help Net Security interview, Dr. Joseph Sweeney, Advisor at IBRS, discusses the risks of integrating AI into information management systems. He talks about emerging trends such as content cognition. He predicts advancements in AI-driven information management tools, as…
Graylog: Open-source log management
Graylog is an open-source solution with centralized log management capabilities. It enables teams to collect, store, and analyze data to get answers to security, application, and IT infrastructure questions. Graylog key features It is easy to install with a standard…
37% of publicly shared files expose personal information
Many sensitive documents stored on platforms such as Google Drive, Slack, and other collaborative work applications have been left unattended for several months or even years. This has led to data sprawl challenges for companies and significant data security threats…
Stopping security breaches by managing AppSec posture
Many security vulnerabilities result from human error, and the majority of these are reflected in the application layer. These errors may occur at any stage in the software development life cycle, from code to cloud. In this Help Net Security…
New covert SharePoint data exfiltration techniques revealed
Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. “These techniques can bypass the detection and enforcement policies of traditional tools, such as cloud access security…
Malwarebytes Digital Footprint Portal offers insights into exposed passwords and personal data
Malwarebytes has launched Malwarebytes Digital Footprint Portal, a web portal that gives individuals deep visibility into their exposed personal information, including clear text passwords. Now, anyone can easily see where and when a breach compromised their data, types of data…
Vultr Sovereign Cloud and Private Cloud delivers data control to nations and enterprises
Vultr launched Vultr Sovereign Cloud and Private Cloud in response to the increased importance of data sovereignty and the growing volumes of enterprise data being generated, stored and processed in even more locations — from the public cloud to edge…
Eclypsium Automata discovers vulnerabilities in IT infrastructure
Eclypsium launches Automata, a new AI-assisted feature for its digital supply chain security platform. Available now, Automata is an automated binary analysis system that replicates the knowledge and tooling of expert security researchers to discover previously unknown threats, vulnerabilities, and…
Index Engines CyberSense 8.6 detects malicious activity
Index Engines announced the latest release of its CyberSense software, with version 8.6 delivering a revamped user interface to support smarter recovery from ransomware attacks, new custom Advanced Threshold Alerts to proactively detect unusual activity, and AI-powered detection of ransomware-based…
Concentric AI unveils employee offboarding risk monitoring and reporting module
Concentric AI announced its new employee offboarding risk monitoring and reporting module that delivers critical data detection and response capabilities to identify true risk to data and secure sensitive information when employees leave a company. Concentric AI’s new release also…
IT pros targeted with malicious Google ads for PuTTY, FileZilla
An ongoing malvertising campaign is targeting IT administrators looking to download system utilities such as PuTTY (a free SSH and Telnet client) and FileZilla (a free cross-platform FTP application). “We have reported this campaign to Google but no action has…
Cohesity teams up with Intel to integrate confidential computing into Data Cloud Services
Cohesity has announced it is collaborating with Intel to bring Intel’s confidential computing capabilities to the Cohesity Data Cloud. Leveraged with Fort Knox, Cohesity’s cyber vault service, this data-in-use encryption innovation will be the first of its kind in the…
NICE Actimize enhances Integrated Fraud Management platform to help financial services prevent scams
NICE Actimize announced IFM 11 (Integrated Fraud Management), a new release of its AI-driven fraud management and detection platform. The new release leverages recent advancements in artificial intelligence together with NICE Actimize’s collective intelligence capabilities to introduce fraud detection accuracy,…
Alethea raises $20 million to combat disinformation campaigns
Alethea announced the close of a $20 million Series B funding round led by GV, with participation from Ballistic Ventures, who led Alethea’s Series A funding in 2022. Also participating in the round is Hakluyt Capital, which invests alongside leading…
Upcoming report on the state of cybersecurity in Croatia
Next week, Diverto is set to release a comprehensive report on Croatia’s cybersecurity landscape. This report will provide a detailed summary of the key events from 2023, offer targeted recommendations for managerial strategies, and highlight crucial regulations like NIS2 and…
Why are many businesses turning to third-party security partners?
In 2023, 71% of organizations across various industries reported that their business feels the impact of the ongoing cybersecurity skills shortage. Many companies have been forced to scale back their cybersecurity programs as they struggle to find experienced candidates to…
WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime
In early 2023, the World Economic Forum (WEF) launched Cybercrime Atlas, with the intent to map the cybercriminal ecosystem by facilitating collaboration between private and public organizations. What does this collaboration look like in practice? We’ve asked Sean Doyle, the…
AI risks under the auditor’s lens more than ever
According to a recent Gartner survey, widespread GenAI adoption has resulted in a scramble to provide audit coverage for potential risks arising from the technology’s use. In this Help Net Security video, Thomas Teravainen, a Research Specialist at Gartner, discusses…
GSMA releases Mobile Threat Intelligence Framework
GSM Association’s Fraud and Security Group (FASG) has published the first version of a framework for describing, in a structured way, how adversaries attack and use mobile networks, based on the tactics, techniques and procedures (TTPs) that they use. The…
Cybersecurity jobs available right now: April 10, 2024
Application Security Engineer HCLTech | Mexico | Remote – View job details As an Application Security Engineer, you will work on the security engineering team and collaborate with other IT professionals to ensure that user data is protected. Cybersecurity Incident…
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being…
Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)
LG smart TVs may be taken over by remote attackers
New Google Workspace feature prevents sensitive security changes if two admins don’t approve them
ESET Small Business Security offers protection against online fraud, data theft and human error
TufinMate accelerates network access troubleshooting
Tufin launched TufinMate, an AI assistant that helps organizations troubleshoot network access issues across hybrid and multi-vendor network environments. TufinMate automates the secure network access enablement process across the organization, allowing a broad array of stakeholders, including those outside of…