Category: Help Net Security

Here’s a look at the most interesting products from the past week, featuring releases from Adaptive Shield, Dashlane, Detectify, and Truecaller. Adaptive Shield unveils platform enhancements to improve SaaS security Adaptive Shield has extended the capabilities of its SaaS Security…

Read more →

The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and Exposures (CVEs) for inclusion in the National Vulnerability Database (NVD), the agency has announced on Wednesday.…

Read more →

Applications developed by public sector organizations have more security debt than those created by the private sector, according to Veracode. Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 59% of…

Read more →

With the rise of identity sprawl and system complexity, more businesses are suffering identity-related incidents than ever before, according to IDSA. Identity-related incidents in headlines Identity-related incidents continue to dominate today’s headlines. Clorox, MGM, and Caesars fell prey to social…

Read more →

The National Institute of Standards and Technology (NIST) is launching a new testing, evaluation, validation and verification (TEVV) program intended to help improve understanding of artificial intelligence’s capabilities and impacts. Assessing Risks and Impacts of AI (ARIA) aims to help…

Read more →

Three seconds! That’s how much of your voice an AI voice synthesizer needs to generate a complete clone of your voice. Illegitimate voice cloning and speech synthesis technologies are improving at an incalculable rate of change and are, unfortunately, already…

Read more →

Microsoft has named yet another state-aligned threat actor: Moonstone Sleet (formerly Storm-1789), which engages in cyberespionage and ransomware attacks to further goals of the North Korean regime. “Moonstone Sleet uses tactics, techniques, and procedures (TTPs) also used by other North…

Read more →

GMO GlobalSign announced the rebranding of the company’s certificate automation product, Automated Enrollment Gateway (AEG), to Certificate Automation Manager. The renamed solution reflects the greatly increased capabilities introduced over the years to meet the shifts taking place across the digital…

Read more →

A convincing phishing page and some over-the-phone social engineering allowed a group of crooks to steal over $37 million from unlucky Coinbase Pro users. One of them – Chirag Tomar, a 30-year-old citizen of the Republic of India – has…

Read more →

Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it aggregates logs…

Read more →

Dashlane unveiled Dashlane Nudges, a new automated tool to empower admins to proactively create a more security-conscious workforce and drive better credential security behavior across their organization, reducing the risk of credential theft. Compromised credentials continue to be at the…

Read more →

Transcend raised $40 million in Series B funding led by new investor StepStone Group, with participation from HighlandX and existing investors Accel, Index Ventures, 01 Advisors (01A), Script Capital, and South Park Commons. This brings the total raised to nearly…

Read more →

Cyber risk management has many components. Those who do it well will conduct comprehensive risk assessments, enact well-documented and well-communicated processes and controls, and fully implemented monitoring and review requirements. Processes and controls typically comprise policies, which will include detailed…

Read more →

RansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption. “I created RansomLord to demonstrate ransomware is not invincible, has vulnerabilities and its developers make mistakes and can write bad code…

Read more →

Cloud Security Engineer – Secret Clearance Required Constellation West | USA | Remote – View job details As a Cloud Security Engineer, you will establish, execute, and sustain an ISSP A&A capability that ensures the security of all information technology…

Read more →

This article includes excerpts from various reports that provide statistics and insights on GenAI and its impact on businesses. CEOs accelerate GenAI adoption despite workforce resistance IBM | IBM study | May 2024 63% of CEOs say their teams have…

Read more →

Tonic.ai launched secure data lakehouse for LLMs, Tonic Textual, to enable AI developers to seamlessly and securely leverage unstructured data for retrieval-augmented generation (RAG) systems and large language model (LLM) fine-tuning. Tonic Textual is an all-in-one data platform designed to…

Read more →

To secure emerging SaaS attack surfaces, Adaptive Shield has extended the capabilities of its SaaS Security Posture Management (SSPM) unified platform to cover complex Permissions and Shared Data. “SaaS security impacts the entire organization, affecting security teams, auditors and app…

Read more →

Attackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday. Their ultimate goal is to use that access to discover and pivot to other enterprise assets…

Read more →

In this Help Net Security interview, Ken Gramley, CEO at Stamus Networks, discusses the primary causes of alert fatigue in cybersecurity and DevOps environments. Alert fatigue results from the overwhelming volume of event data generated by security tools, the prevalence…

Read more →