Category: Help Net Security

Fraudsters can add stolen payment cards to digital wallet apps and continue making online purchases even after victims’ report the card stolen and the bank blocks it, computer engineers with University of Massachusetts Amherst and Pennsylvania State University have discovered.…

Read more →

Own released Continuous Data Protection for Salesforce customers, further strengthening its product offering to include recovery and analysis capabilities. Own Continuous Data Protection provides a turn-key solution that delivers significant value to customers that have mission-critical, frequently changing, or highly…

Read more →

Appian announced the latest version of the Appian Platform, designed to transform how organizations orchestrate enterprise data and automate processes. This release delivers support for more enterprise AI use cases with expanded compliance, offering a strong framework to help organizations…

Read more →

Microsoft is making multi-factor authentication (MFA) – “one of the most effective security measures available” – mandatory for all Azure sign-ins. Preparing for mandatory MFA for Azure The plan is for the shift to happen in two phases: October 2024:…

Read more →

Group-IB announced the signing of a global partnership agreement with SecurityHQ, a global independent Managed Security Service Provider (MSSP). With this partnership, SecurityHQ will leverage Group-IB’s Threat Intelligence, Attack Surface Management and Digital Risk Protection to bolster its global Security…

Read more →

Cyber attacks against higher education institutions increased by 70% in 2023. This is largely due to legacy endpoint security management and practices, limited IT support staff, and overwhelming amounts of data, much of which is PII (personally identifiable information). In…

Read more →

x64dbg is an open-source binary debugger for Windows, designed for malware analysis and reverse engineering of executables without access to the source code. It offers a wide range of features and a plugin system, allowing you to customize and extend…

Read more →

Effectively converging, managing and using enterprise data is a huge undertaking. Enterprises have vast hoards of data, but those hoards exist within siloed systems and applications, and it requires a lot of manual effort by highly skilled data scientists, engineers…

Read more →

Despite their role in connecting applications and driving innovation, APIs often suffer from serious security vulnerabilities. Recent investigations reveal that many organizations are struggling with exposed secrets such as passwords and API keys, which attackers frequently misuse. The persistence of…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab…

Read more →

Google Search ads that target users looking for Google’s own services lead them to spoofed sites and Microsoft and Apple tech support scams. The fake Google Search ads (Source: Malwarebytes) “In this particular scheme, all web resources used from start…

Read more →

I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security experts in the world. A major theme…

Read more →

Pindrop launched Pindrop Pulse Inspect in Preview. This innovative tool, the latest addition to Pindrop’s deepfake detection Pindrop Pulse product family, can detect AI-generated speech in any digital audio file with 99% accuracy. Following the launch of Pindrop Pulse earlier…

Read more →

Critical Start announced Critical Start Vulnerability Management Service (VMS) and Vulnerability Prioritization. These new offerings are a foundational pillar of Managed Cyber Risk Reduction, allowing organizations to assess, manage, prioritize, and reduce cyber risk exposure posed by vulnerabilities across their…

Read more →

Authentik is an open-source identity provider designed for maximum flexibility and adaptability. It easily integrates into existing environments and supports new protocols. It’s a comprehensive solution for implementing features like sign-up, account recovery, and more in your application, eliminating the…

Read more →

Cyber threats continued to intensify in the first half of 2024 as cybercriminals exploited security gaps from growing business and technological consolidation, according to Resilience. Consolidation in business and tech fuels new third-party risks Rebounding merger and acquisition (M&A) activity…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from ClearSale, Guardio, Ivanti, Resecurity, and Stellar. Resecurity unveils new AI-driven Fraud Prevention Platform Resecurity unveiled its advanced AI-driven Fraud Prevention Platform. This versatile solution is…

Read more →

In this Help Net Security video, Frederic Najman, Executive Member of the SFPN (French Union of NoCode Professionals), discusses how NoCode and LowCode technologies enable companies to free up development resources to tackle cybersecurity issues. In a context where three-quarters…

Read more →

Cybercriminals are breaking into organizations’ cloud storage containers, exfiltrating their sensitive data and, in several cases, have been paid off by the victim organizations to not leak or sell the stolen data. “The attackers behind this campaign likely leveraged extensive…

Read more →

SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it…

Read more →