Category: Help Net Security

GenAI adoption has reached a critical phase, with 67% of respondents reporting their organization is increasing its investment in GenAI due to strong value to date, according to Deloitte. “The State of Generative AI in the Enterprise: Now decides Next,”…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. Vulnerabilities in Microsoft macOS apps may give…

Read more →

A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out. CVE-2024-28987 CVE-2024-28987 stems from…

Read more →

Drawbridge released its next generation cyber risk assessment service. Provided as a suite of modules, the solution combines a set of analytics with Drawbridge’s client service. Clients can now benchmark and score their cyber programs to prioritize risk remediation by…

Read more →

After peaking in late 2023, the ransomware industry is beginning to stabilize in productivity, with notable developments in ransomware targets, and industry dynamics, according to WithSecure. Sectors impacted by ransomware (Source: WithSecure) While ransomware productivity has shown signs of leveling…

Read more →

In the first six months of 2024, Hiya flagged nearly 20 billion calls as suspected spam – more than 107 million spam calls everyday. The data showed spam flag rates of more than 20% of unknown calls (calls coming from…

Read more →

To date, most technology solutions focused on vulnerability management have focused on the prioritization of risks. That usually took the shape of some risk-ranking structure displayed in a table with links out to the CVEs and other advisory or threat…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Entrust, Fortanix, McAfee, Own, RightCrowd, and Wallarm. Own proactively detects and stores data changes in Salesforce Continuous Data Protection from Own pushes data changes to…

Read more →

QNAP has released the QTS 5.2 NAS operating system. A standout feature of this release is the debut of Security Center, which actively monitors file activities and thwarts ransomware threats. Additionally, system security receives a boost with the inclusion of…

Read more →

Enzoic released the latest version of Enzoic for Active Directory. The solution provides a frictionless way to continuously monitor, identify and remediate unsafe credentials by screening username and password combinations in Active Directory against Enzoic’s dynamic database. This helps organizations…

Read more →

Prism Infosec launched its innovative PULSE testing service to enable organizations which may not have the bandwidth or resource to dedicate to a full-scale red team exercise to assess their defence capabilities against real-world threats. PULSE addresses the gap that…

Read more →

Anomali announced new capabilities for Anomali Copilot to help security, and now also IT departments, use the latest innovations in AI to successfully defend, protect, and propel their organizations forward. Anomali Copilot empowers security or IT analysts at any skill…

Read more →

A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty program, has been addressed and administrators are…

Read more →

Wallarm announced its latest innovation: API Attack Surface Management (AASM). This agentless technology transforms how organizations identify, analyze, and secure their entire API attack surface. Designed for effortless deployment, Wallarm AASM empowers organizations to discover all of their externally-facing APIs…

Read more →

ESET researchers uncovered NGate malware, which can relay data from victims’ payment cards via a malicious app installed on their Android devices to the attacker’s rooted Android phone. Attack overview (Source: ESET) Unauthorized ATM withdrawals The campaign’s primary goal in…

Read more →

A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript and WebAssembly engine developed by…

Read more →

LibreOffice 24.8, the new major release of the free Windows, macOS, and Linux office suite, is now available. This is the first to provide an official package for Windows PCs based on ARM processors. The LibreOffice advantage LibreOffice is the…

Read more →

Things change fast in the world of data privacy. Just earlier this year, the question I was being asked most frequently was, “How similar will the proposed federal privacy law (APRA) be to the EU’s GDPR?” Now that APRA is…

Read more →

Senior executives are prime targets for cybercriminals, with 72% of surveyed cybersecurity professionals in the US reporting that cyberattacks have targeted this group in the past 18 months. This trend, highlighted in GetApp’s 2024 Executive Cybersecurity Report, underscores the growing…

Read more →

There’s been an alarming increase in ransomware attacks over the past year, alongside significant shifts in the tactics and strategies employed by cybercriminals that underscore the necessity for organizations to implement around-the-clock monitoring and investigation of suspicious behaviors, according to…

Read more →