Category: Help Net Security

Sophos conducted defensive and counter-offensive operation over the last five years with multiple interlinked nation-state adversaries based in China targeting perimeter devices, including Sophos Firewalls. Espionage campaigns tied to Chinese hacking groups The attackers used a series of campaigns with…

Read more →

A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect their wallets, TradingView has reported. The pop-up (Source: Lottie Player…

Read more →

In this Help Net Security interview, Miguel Guevara, Product Manager, Privacy Safety and Security at Google, discusses the complexities involved in scaling differential privacy technology across large systems. He emphasizes the need to develop secure, private, and user-controlled products while…

Read more →

Cost savings and business benefits were quantified in “The Total Economic Impact of Cynet All-in-One Security,” a commissioned study conducted by Forrester Consulting on behalf of Cynet in October 2024. The Total Economic Impact Study framework helps organizations understand the…

Read more →

North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo Alto Networks) The attack…

Read more →

Claro Enterprise Solutions launched Collaboration Security Management solution. This comprehensive service addresses critical security challenges related to file sharing, data loss events, or unknown shadow users, faced by organizations using Microsoft 365. As remote and hybrid work models become the…

Read more →

Yet again, connected devices are in the news for all the wrong reasons. In October, security researchers found that robot vacuums from Chinese company, Ecovacs, can be compromised via a backdoor. In one case, hackers gained control over the device…

Read more →

In this Help Net Security interview, Lior Div, CEO at Seven AI, discusses the concept of agentic AI and its application in cybersecurity. He explains how it differs from traditional automated security systems by offering greater autonomy and decision-making capabilities.…

Read more →

The most common challenge for CISOs is resource constraints: not enough staff, budget or technology to support the security program needed or meet compliance requirements, according to DirectDefense. Cybersecurity industry faces ongoing talent shortage The World Economic Forum claims there’s…

Read more →

A recent Vectra AI report highlights a growing distrust of threat detection tools. 47% of respondents note they do not trust their tools to work the way they need them to. Moreover, 60% of SOC practitioners say security vendors flood…

Read more →

XM Cyber launched its innovative Vulnerability Risk Management (VRM) solution, extending its Continuous Exposure Management Platform. This new approach to vulnerability management empowers organizations to see through the fog of false positives left behind by legacy vulnerability assessment tools and…

Read more →

Immuta announced an expansion of its platform with the launch of a new Data Marketplace solution to power fast and safe internal data sharing. Fueling a data marketplace that is owned and managed by the customer, the Immuta Platform enables…

Read more →

Neon, the serverless Postgres database built for developers, launched Neon Authorize. It enables developers to manage permissions and access controls with ease. This new offering leverages Postgres RLS (Row-Level Security) – a Postgres primitive that protects data from malicious actors…

Read more →

A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX and other ransomware. The PSAUX ransom note (Source: LeakIX) The CyberPanel vulnerabilities CyberPanel…

Read more →

With the proliferation of APIs, and the speed at which AI functionality is helping fuel innovation, a strategic approach for securing APIs is no longer a nice to have, it’s a criticality. Without a proactive approach, your APIs could become…

Read more →

Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protocol (RDP) configuration file. “Based…

Read more →

Kaseya announced Kaseya 365 User, joining Kaseya 365 Endpoint which launched in April 2024. Kaseya 365 User gives managed service providers (MSPs) the ability to help their customers prevent, respond to and recover from threats to user identity and security.…

Read more →

Seclore announced the extension of its Seclore Enterprise Digital Rights Management (EDRM) capabilities to support neutral or interoperable computer-aided design (CAD) files for industries that create, manage, and share intellectual property (IP). The support for neutral CAD files creates better…

Read more →

In this Help Net Security interview, Carla Roncato, VP of Identity at WatchGuard Technologies, discusses how companies can balance privacy, security, and usability in digital identity systems. She emphasizes modern techniques like biometrics and passkeys to replace knowledge-based authentication methods…

Read more →

Cybersecurity is an overly reactive industry. Too often we act like firefighters, rushing from blaze to blaze, extinguishing flames hoping to keep the damage to a minimum, rather than fire suppression experts designing environments that refuse to burn. Just consider…

Read more →