Category: Help Net Security

In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond basic visibility to understand device behavior and risk—is…

Read more →

The proliferation of non-human identities and the complexity of modern application architectures has created significant security challenges, particularly in managing sensitive credentials, according to GitGuardian. Based on a survey of 1,000 IT decision-makers in organizations with over 500 employees across…

Read more →

Application Security Engineer MassMutual | USA | Hybrid – View job details As an Application Security Engineer, you will conduct in-depth security assessments, including vulnerability scanning, and code reviews. Ensure secure coding practices are followed, and security controls are incorporated…

Read more →

Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-2024-10443 was discovered by Rick de Jager, a security researcher at Midnight…

Read more →

The IRISSCERT Cyber Crime Conference (IRISSCON) returns on November 6th at the Aviva Stadium, where global cybersecurity leaders will explore AI’s revolutionary role in defending against and contributing to cyber threats. As Ireland’s longest-standing cybersecurity conference, IRISSCON 2024 will dive…

Read more →

In this Help Net Security interview, Rachel Barouch, an Organizational Coach for VCs and startups and a former VP HR in both a VC and a Cybersecurity startup, discusses the dynamics of cybersecurity researchers and team-building strategies. She highlights that…

Read more →

In this Help Net Security video, James Edgar, CISO at Corpay, reveals insights into cybersecurity health, concerns, challenges, and other considerations for building a solid defense program. Key insights revealed in Corpay’s 2024 State of Business Cybersecurity Report: 67% of…

Read more →

Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information. Whispr…

Read more →

53% of consumers report being aware of their national privacy laws, a 17-percentage point increase compared to 2019, according to Cisco. Informed consumers are also much more likely to feel their data is protected (81%) compared to those who are…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patching problems: The “return” of a Windows Themes spoofing vulnerability Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s…

Read more →

Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt, according to Veracode. Financial sector apps…

Read more →

In this Help Net Security interview, Mike McNeil, CEO at Fleet, talks about the security risks posed by unmanaged mobile devices and how mobile device management (MDM) solutions help address them. He also discusses employee resistance to MDM and how…

Read more →

OpenPaX is an open-source kernel patch that mitigates common memory safety errors, re-hardening systems against application-level memory safety attacks using a simple Linux kernel patch. It’s available under the same GPLv2 license terms as the Linux kernel. “We are pleased…

Read more →

Although most organizations use emails with built-in security features that filter out suspicious messages, criminals always find a way to bypass these systems. With the development of AI technology, phishing is becoming increasingly difficult to recognize, allowing them to circumvent…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Balbix, BreachLock, Commvault, Dashlane, Data Theorem, Edgio, ExtraHop, Fastly, Frontegg, GitGuardian, IBM, Ivanti, Jumio, Kusari, Legit Security, Metomic, Nametag, Neon, Nucleus Security, Okta, Qualys,…

Read more →

Sophos conducted defensive and counter-offensive operation over the last five years with multiple interlinked nation-state adversaries based in China targeting perimeter devices, including Sophos Firewalls. Espionage campaigns tied to Chinese hacking groups The attackers used a series of campaigns with…

Read more →

A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect their wallets, TradingView has reported. The pop-up (Source: Lottie Player…

Read more →

In this Help Net Security interview, Miguel Guevara, Product Manager, Privacy Safety and Security at Google, discusses the complexities involved in scaling differential privacy technology across large systems. He emphasizes the need to develop secure, private, and user-controlled products while…

Read more →

Cost savings and business benefits were quantified in “The Total Economic Impact of Cynet All-in-One Security,” a commissioned study conducted by Forrester Consulting on behalf of Cynet in October 2024. The Total Economic Impact Study framework helps organizations understand the…

Read more →

North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo Alto Networks) The attack…

Read more →