Category: Help Net Security

You can’t fulfill your end of the shared responsibility model if you don’t emphasize secure configurations. Depending on the cloud services you’re using, you’re responsible for configuring different things. Once you figure out those responsibilities, you then need to perform…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The…

Read more →

Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor. “Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks,…

Read more →

October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The preview versions of this release have been in the news due to many innovations and one controversial feature. Windows 11 24H2 and Microsoft Recall…

Read more →

In this Help Net Security interview, Sanaz Yashar, CEO at Zafran, discusses the role of threat exposure management (TEM) in modern cybersecurity strategies. As traditional vulnerability management evolves, TEM addresses the overwhelming risks arising from expanded attack surfaces and fragmented…

Read more →

MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. At its core, the project features a custom-built C# LDAP parser designed for tokenization and syntax tree parsing. It also incorporates specialized properties to ensure precise obfuscation,…

Read more →

Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface, according to Elastic. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts. The…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Balbix, Halcyon, Metomic, Red Sift, SAFE Security, Veeam Software, and Legit Security. SAFE X equips CISOs with integrated data from all their existing cybersecurity products…

Read more →

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited Vulnerabilities catalog. Ivanti did the same by…

Read more →

Darktrace announced the expansion of Darktrace / CLOUD to support Microsoft Azure environments. The AI-driven Cloud Detection and Response (CDR) system leverages Microsoft’s virtual network flow logs for agentless deployment, slashing deployment times by 95%. The need for AI-driven cloud…

Read more →

Malwarebytes released new features for Browser Guard, its free browser extension for Chrome, Edge, Firefox, and Safari that blocks content identified as potentially unwanted and unsafe. Users will now receive a pop-up alert if a website was involved in a…

Read more →

While the Common UNIX Printing System (CUPS) vulnerabilities recently disclosed by researcher Simone “evilsocket” Margaritelli are not easily exploited for remote command execution on vulnerable systems, they could offer more opportunity to attackers who engage in DDoS attacks, Akamai threat…

Read more →

Legit Security launched its new “Legit Posture Score,” delivering a dynamic, comprehensive, and fully transparent ASPM rating system. Now security teams can proactively measure and manage their AppSec posture instantly with a holistic score that eliminates security scanning siloes and…

Read more →

Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly has been…

Read more →

AuthenticID released Velocity Checks, a new tool that integrates with its comprehensive identity verification and fraud prevention platform. The solution leverages biometric and document analysis to detect multiple identities for fraudulent activities in real-time. Fraudsters can use different names with…

Read more →

According to Gartner, the market for cloud computing services is expected to reach $675 billion in 2024. Companies are shifting from testing the waters of cloud computing to making substantive investments in cloud-native IT, and attackers are shifting with them.…

Read more →

In this Help Net Security interview, Andrius Popovas, Chief Risk Officer at Mano Bank, discusses the most prevalent AI-driven fraud schemes, such as phishing attacks and deepfakes. He explains how AI manipulates videos and audio to deceive victims and highlights…

Read more →

The latest Apple OS updates (iOS 18, iPadOS 18, macOS Sequoia) have introduced a standalone Passwords app, to make users’ passwords, passkeys, Wi-Fi passwords, and verification codes easily accessible. You can access the Passwords app on your iPhone, iPad, Mac,…

Read more →

Rigid security protocols — such as complex authentication processes and highly restrictive access controls — can frustrate employees, slow productivity and lead to unsafe workarounds, according to Ivanti. Understanding workplace behavior key to strengthening security In fact, one in two…

Read more →

Ransomware attacks have seen a significant resurgence, disrupting multiple sectors and affecting global supply chains. Despite efforts to disrupt major ransomware groups, incidents continue to rise, signaling an ongoing and growing threat into 2024. In this Help Net Security round-up,…

Read more →