Category: Help Net Security

Identity-related data breaches are more severe and costly than run-of-the-mill incidents, according to RSA. 40% of respondents reported an identity-related security breach. Of those, 66% reported it as a severe event that affected their organization. 44% estimated that the total…

Read more →

Unknown attackers are trying to trick Windows users into spinning up a custom Linux virtual machine (VM) with a pre-configured backdoor, Securonix researchers have discovered. The campaign The attack began with a phishing email, they believe, but they weren’t able…

Read more →

Lumifi announces the acquisition of Critical Insight, marking its third acquisition in 13 months. This strategic move expands Lumifi’s service offerings and strengthens its presence in the healthcare and critical infrastructure cybersecurity sector. The acquisition adds to Lumifi’s existing offerings,…

Read more →

Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework. The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093) Qualcomm patched CVE-2024-43047…

Read more →

In this study, GitGuardian and CyberArk reveal the stark reality of secrets management across 1,000 organizations. With 79% experiencing secrets leaks and an average remediation time of 27 days, the findings expose critical gaps between security confidence and reality. Learn…

Read more →

BigID launched Data Security Posture Management (DSPM) Starter App, built natively in Snowflake and using the Snowflake Native App Framework. BigID’s DSPM Starter App will be available via Snowflake Marketplace and provide rapid data discovery and classification assessment natively in…

Read more →

The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized by…

Read more →

In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond basic visibility to understand device behavior and risk—is…

Read more →

The proliferation of non-human identities and the complexity of modern application architectures has created significant security challenges, particularly in managing sensitive credentials, according to GitGuardian. Based on a survey of 1,000 IT decision-makers in organizations with over 500 employees across…

Read more →

Application Security Engineer MassMutual | USA | Hybrid – View job details As an Application Security Engineer, you will conduct in-depth security assessments, including vulnerability scanning, and code reviews. Ensure secure coding practices are followed, and security controls are incorporated…

Read more →

Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-2024-10443 was discovered by Rick de Jager, a security researcher at Midnight…

Read more →

The IRISSCERT Cyber Crime Conference (IRISSCON) returns on November 6th at the Aviva Stadium, where global cybersecurity leaders will explore AI’s revolutionary role in defending against and contributing to cyber threats. As Ireland’s longest-standing cybersecurity conference, IRISSCON 2024 will dive…

Read more →

In this Help Net Security interview, Rachel Barouch, an Organizational Coach for VCs and startups and a former VP HR in both a VC and a Cybersecurity startup, discusses the dynamics of cybersecurity researchers and team-building strategies. She highlights that…

Read more →

In this Help Net Security video, James Edgar, CISO at Corpay, reveals insights into cybersecurity health, concerns, challenges, and other considerations for building a solid defense program. Key insights revealed in Corpay’s 2024 State of Business Cybersecurity Report: 67% of…

Read more →

Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information. Whispr…

Read more →

53% of consumers report being aware of their national privacy laws, a 17-percentage point increase compared to 2019, according to Cisco. Informed consumers are also much more likely to feel their data is protected (81%) compared to those who are…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patching problems: The “return” of a Windows Themes spoofing vulnerability Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s…

Read more →

Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt, according to Veracode. Financial sector apps…

Read more →

In this Help Net Security interview, Mike McNeil, CEO at Fleet, talks about the security risks posed by unmanaged mobile devices and how mobile device management (MDM) solutions help address them. He also discusses employee resistance to MDM and how…

Read more →

OpenPaX is an open-source kernel patch that mitigates common memory safety errors, re-hardening systems against application-level memory safety attacks using a simple Linux kernel patch. It’s available under the same GPLv2 license terms as the Linux kernel. “We are pleased…

Read more →