Category: Help Net Security

95% of cybersecurity experts express low confidence in GenAI security measures while red team data shows anyone can easily hack GenAI models, according to Lakera. Attack methods specific to GenAI, or prompt attacks, are easily used by anyone to manipulate…

Read more →

Entrust unveiled KeyControl as a Service (KCaaS), providing organizations with control of their cryptographic keys while leveraging the benefits of the cloud. Existing key management solutions can lack advanced features required to meet evolving compliance mandates and security policy requirements.…

Read more →

HITRUST launched its AI Risk Management (AI RM) Assessment, a comprehensive assessment approach for AI risk management processes in an organization. The HITRUST AI Risk Management Assessment ensures that governance associated with implementing AI solutions is in place and can…

Read more →

Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a honeypot system – starts with the threat actors brute-forcing access credentials. Once access is achieved, the…

Read more →

RightCrowd introduced Mobile Credential Management feature for RightCrowd SmartAccess. This solution transforms how organizations manage and control access, replacing traditional methods with a more secure, efficient, and cost-effective approach. As the physical and digital worlds continue to converge, the management…

Read more →

American semiconductor manufacturer Microchip Technology Incorporated has had some of its business operations disrupted by a cyberattack. “As a result of the incident, certain of the Company’s manufacturing facilities are operating at less than normal levels, and the Company’s ability…

Read more →

McAfee launched McAfee Deepfake Detector, the latest addition to the company’s suite of AI-powered products. With AI-created videos, or deepfakes, flooding the internet and circulating across social media, we now live in a world where seeing and hearing are no…

Read more →

OpenCTI is an open-source platform designed to help organizations manage their cyber threat intelligence (CTI) data and observables. The platform structures its data using a knowledge schema built on the STIX2 standards. It features a modern web application architecture with…

Read more →

In this Help Net Security video, Mike Lexa, CISO and Global VP of IT Infrastructure and Operations at CNH, discusses how the federal government is taking food security more seriously and what steps must be taken to prioritize security measures.…

Read more →

Associate Cybersecurity Operations Officer UNICC | USA | On-site – View job details The Center aims to provide trusted ICT services and digital business solutions. You will work under the direct supervision and guidance of the Head of Cybersecurity Operations…

Read more →

2023 saw a surge in the frequency and duration of DDoS attacks, and in the first half of 2024, it’s clear that surge has become the new normal, according to Zayo. DDoS attack duration increases DDoS attacks surged 106% from…

Read more →

Fortanix announced a major enhancement to its Fortanix Data Security Manager (DSM): File System Encryption. This new feature complements full disk encryption with the ability to protect individual file systems on specified hosts through encryption, governed by granular decryption policies.…

Read more →

ESET researchers discovered an uncommon type of phishing campaign targeting Android and iPhone users. They analyzed a case observed in the wild that targeted clients of a prominent Czech bank. PWA phishing flow (Source: ESET) This technique is noteworthy because…

Read more →

CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-38193 is a use-after-free vulnerability in the Windows…

Read more →

Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in Microsoft apps for macOS…

Read more →

GuidePoint Security has launched a new Phishing as a Service (PhaaS) offering. Phishing remains one of the most common entry points for threat actors – according to CISA, over 90% of successful cyberattacks start with a phishing email. However, managing…

Read more →

The risk of deepfakes is rising with 47% of organizations having encountered a deepfake and 70% of them believing deepfake attacks which are created using generative AI tools, will have a high impact on their organizations, according to iProov. Perceptions…

Read more →

In this Help Net Security interview, Kyle Wickert, Worldwide Strategic Architect at AlgoSec, discusses the role of AI in application security, exploring how it’s transforming threat detection and response. Wickert talks about integrating security testing throughout the development lifecycle, the…

Read more →

Culture is a catalyst for security success. It can significantly reduce cybersecurity risks and boost cybersecurity resilience of any organization. Culture can also greatly enhance the perceived value, relevance and reputation of the cybersecurity function. So how can security leaders…

Read more →

Threat actors use popular file-hosting or e-signature solutions as a disguise to manipulate their targets into revealing private information or downloading malware, according to Abnormal Security. A file-sharing phishing attack is a unique type of phishing threat in which a…

Read more →