Category: Help Net Security

Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by sending a specially crafted…

Read more →

VIVOTEK has announced an upgrade to its comprehensive AI security solution with the release of the new AI feature, RealSight Engine. This feature transforms images captured by network cameras into clear, visible facial images under any lighting conditions. Even in…

Read more →

Transport for London (TfL) has sent out notifications to customers on Sunday evening saying that they “are currently dealing with an ongoing cyber security incident.” The government body that manages most of the transport network of United Kingdom’s capital did…

Read more →

ACI Worldwide announced a collaboration with Red Hat to make ACI’s cloud-native Enterprise Payments Platform available on any cloud infrastructure. With this collaboration, ACI will help customers ease their migration to the cloud to better adapt to the rapidly evolving…

Read more →

Continuous threat exposure management (CTEM) – a concept introduced by Gartner – monitors cybersecurity threats continuously rather than intermittently. This five-stage framework (scoping, discovery, prioritization, validation, and mobilization) allows organizations to constantly assess and manage their security posture, reduce exposure…

Read more →

Bad actors leverage premium-rate phone numbers and bots to steal billions of dollars from businesses. In this Help Net Security video, Frank Teruel, CFO at Arkose Labs, discusses how to spot and stop them. The post The attack with many…

Read more →

In this Help Net Security interview, Tim West, Director of Threat Intelligence and Outreach at WithSecure, discusses Ransomware-as-a-Service (RaaS) with a focus on how these cybercriminal operations are adapting to increased competition, shifting structures, and a fragmented ecosystem. West talks…

Read more →

While SaaS security is finally getting the attention it deserves, there’s still a significant gap between intent and implementation. Ad hoc strategies and other practices still fall short of a security program. The move toward decentralization has generated confusion over…

Read more →

Version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS), which came into effect back in April, incorporates a few important changes to make it fit for the modern digital world, addressing how technologies, the threat landscape and…

Read more →

98% of organizations attacked by bots in the past year lost revenue as a result, according to Kasada. Web scraping (web crawling) is a significant threat followed closely by account fraud, with more than one third of IT/IS specialists reporting…

Read more →

During the second quarter, new ransomware groups, including PLAY, Medusa, RansomHub, INC Ransom, BlackSuit, and some additional lesser-known factions, led a series of attacks that eclipsed the first quarter of this year by 16% and the second quarter of 2023…

Read more →

Damn Vulnerable UEFI (DVUEFI) is an open-source exploitation toolkit and learning platform for unveiling and fixing UEFI firmware vulnerabilities. Simulate real-world firmware attacks DVUEFI was created to assist ethical hackers, security researchers, and firmware enthusiasts in beginning their journey into…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Adaptive Shield, AppOmni, ArmorCode, Bitwarden, Cequence Security, ClearSale, Clutch Security, Contrast Security, Dragos, Elastic, Endor Labs, Entrust, Fortanix, Fortinet, Guardio, HYCU, Ivanti, McAfee, Nucleus Security,…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized…

Read more →

RansomHub, a ransomware-as-a-service (RaaS) outfit that “popped up” earlier this year, has already amassed at least 210 victims (that we know of). Its affiliates have hit government services, IT and communication companies, healthcare institutions, financial organizations, emergency services, manufacturing and…

Read more →

Accenture and Google Cloud announced that their strategic alliance is advancing solutions for enterprise clients and seeing strong momentum across industries in two critical and related areas: GenAI and cybersecurity. As part of the announcement today, the two companies are…

Read more →

Forescout’s 2024H1 Threat Review is a new report that reviews the current state of vulnerabilities, threat actors, and ransomware attacks in the first half of 2024 and compares them to H1 2023. “Attackers are looking for any weak point to…

Read more →

Sinon is an open-source, modular tool for the automatic burn-in of Windows-based deception hosts. It aims to reduce the difficulty of orchestrating deception hosts at scale while enabling diversity and randomness through generative capabilities. Sinon is designed to automate the…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Bitwarden, Dragos, Fortinet, HYCU, and Rezonate. Fortinet introduces sovereign SASE and GenAI capabilities Fortinet announced the addition of sovereign SASE and GenAI capabilities to its…

Read more →

Global cybercrime has shown no sign of decline and is expected to grow strong per year over the next five years. To identify the most urgent cybersecurity threats of the first half of 2024, the Critical Start Cyber Research Unit…

Read more →