Category: Help Net Security

In this Help Net Security interview, Chris Wysopal, Chief Security Evangelist at Veracode, discusses strategies for CISOs to quantify application risk in financial terms. Wysopal outlines the need for continuous risk management practices and robust strategies to manage third-party software…

Read more →

It’s easy to see why identity security is often synonymous with user security. Social engineering tactics are the mainstay of the threat actor’s arsenal, and it’s rare to find an attack that doesn’t feature them to some degree. Getting hold…

Read more →

Cloud Security Lead CIÉ – Córas Iompair Éireann | Ireland | Hybrid – View job details As a Cloud Security Lead, you will ensure the security of CIE’s Azure environment by developing and implementing cloud security strategies and policies. You…

Read more →

Even the brightest minds benefit from guidance on the journey to success. The Ultimate Guide covers everything you need to know about Certified in Governance, Risk and Compliance (CGRC) certification. See how CGRC – and ISC2 – can help you…

Read more →

While the goal of cybersecurity regulations is to bring order among organizations and ensure they take security and risks seriously, the growing number of regulations has also introduced a considerable set of challenges that organizations and their leaders must address.…

Read more →

Microsoft followed their October precedent set with Windows 11 24H2 and announced Microsoft Server 2025 on the first of November. We were expecting the official announcement at Microsoft Ignite near the end of the month, but with the early release,…

Read more →

In this Help Net Security interview, Alex Freedland, CEO at Mirantis, discusses the cloud security challenges that CISOs need to tackle as multi-cloud and hybrid environments become the norm. He points out the expanded attack surfaces, the importance of consistent…

Read more →

Through their past military service, veterans are trained to think like adversaries, often share that mission-driven spirit and excel when working with a team to achieve a larger goal. They develop and champion the unique traits that cybersecurity companies need…

Read more →

10% of security researchers now specialize in AI technology as 48% of security leaders consider AI to be one of the greatest risks to their organizations, according to HackerOne. HackerOne’s report combines perspectives from the researcher community, customers, and security…

Read more →

Vulnerability management has been the standard approach to fending off cyber threats for years. Still, it falls short by focusing on a limited number of vulnerabilities, often resolving only 1% to 20% of issues. In 2024, with the average data…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION)…

Read more →

A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-5910 Unearthed and reported by Brian Hysell of…

Read more →

Mirantis launched Mirantis Harbor Registry Support and Mirantis KubeVirt Support offerings, providing support for managing container image registries and virtual machine workloads within any Kubernetes environment, irrespective of the underlying infrastructure or Kubernetes distribution. “For organizations seeking pure open-source deployments,…

Read more →

AppOmni announced a significant partnership that combines the company’s Zero Trust Posture Management (ZTPM) solution with Cisco’s Security Service Edge (SSE) technology suite to enable zero trust principles at the application layer in Security-as-a-Service (SaaS) applications. The combined solution provides…

Read more →

In a bold move, Apple has published a draft ballot for commentary to GitHub to shorten Transport Layer Security (TLS) certificates down from 398 days to just 45 days by 2027. The Apple proposal will likely go up for a…

Read more →

Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. The Rust-based container runtime scanner runs as a container, detecting gaps in users’ container runtime isolation. It also provides guidance to…

Read more →

In this Help Net Security video, David Cottingham, CEO of Airlock Digital, discusses the 2023-2030 Australian Cyber Security Strategy and reviews joint and individual cybersecurity efforts, progress, and strategies over the past year. The Australian Government’s 2023-2030 Cyber Security Strategy,…

Read more →

AI-enhanced malicious attacks are the top emerging risk for enterprises in the third quarter of 2024, according to Gartner. Key emerging risks for enterprises It’s the third consecutive quarter with these attacks being the top of emerging risk. IT vendor…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Atakama, Authlete, Symbiotic Security, and Zywave. Atakama introduces DNS filtering designed for MSPs Atakama announced the latest expansion of its Managed Browser Security Platform, introducing…

Read more →

Fortinet announced the expansion of GenAI capabilities across its product portfolio with the launch of two new integrations with FortiAI, Fortinet’s AI-powered security assistant that uses GenAI to guide, simplify, and automate security analyst activities. “Our commitment to AI innovation…

Read more →