Category: Help Net Security

In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) and opportunities for overcoming these challenges. The OpenSSF community has developed open-source security tools and projects,…

Read more →

In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch management has been the…

Read more →

The increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, according to Trellix. GenAI’s impact on CISO responsibility GenAI has rolled out at an immense speed,…

Read more →

Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA’s deadlines, according to Bitsight. Organizations struggle to remediate critical…

Read more →

In this Help Net Security round-up, we present excerpts from previously recorded videos in which security experts talk about the cybersecurity talent shortage and the role STEM education can play in solving that problem. They also discuss actions needed to…

Read more →

The Ultimate Guide to the CISSP covers everything you need about the world’s premier cybersecurity leadership certification. Learn how CISSP and ISC2 will help you navigate your training path, succeed in certification, and advance your career so you’re ready to…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging…

Read more →

Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigger an exploitable…

Read more →

The thunderstorms of April patches have passed, and it has been pretty calm leading up to May 2024 Patch Tuesday. April 2024 Patch Tuesday turned out to be a busy one with 150 new CVEs addressed by Microsoft. There were…

Read more →

People in certain professions, such as healthcare, law, and corporations, often rely on password protection when sending files via email, believing it provides adequate security against prying eyes. However, simple password protection on a PDF or Excel file is not…

Read more →

Cybercriminals are targeting the ever-increasing number of new vulnerabilities resulting from the exponential growth in the number and variety of connected devices and an explosion in new applications and online services, according to Fortinet. It’s only natural that attacks looking…

Read more →

Nmap is a free, open-source tool for network discovery and security auditing. It’s valued by systems and network administrators for network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap identifies available hosts on a network, the…

Read more →

Document image-of-image was the most prevalent identity (ID) document fraud technique in 2023, occurring in 63% of all IDs that were rejected, according to Socure. Selfie spoofing and impersonations dominate document-related identity fraud Document image-of-image occurs when the user takes…

Read more →

93% of security leaders said public GenAI was in use across their respective organizations, and 91% reported using GenAI specifically for cybersecurity operations, according to Splunk. A total of 1,650 security leaders participated in the global survey, with many reporting…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, AuditBoard, Cranium, Datadog, Eclypsium, ExtraHop, Forcepoint, SentinelOne, Splunk, Sumo Logic, and Trellix. AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the organization…

Read more →

Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) affecting F5’s BIG-IP Next Central Manager. About the vulnerabilities BIG-IP Next is “a completely new incarnation” of F5’s BIG-IP devices/modules, which are used for…

Read more →

On Wednesday, a threat actor named “InteIBroker” put up for sale “access to one of the largest cyber security companies” and immediately ignited speculation about which company it might be. InteIBroker claims to have access to “logs packed with credentials”,…

Read more →

AuditBoard announced powerful enhancements for its InfoSec Solutions to help organizations meet their IT compliance, cyber risk, and vendor risk management needs in the face of rising risks and increased regulatory requirements. With these new capabilities, including enhanced AI automation,…

Read more →

The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is failing Since 1999, NVD analysts have…

Read more →

BigID announced the introduction of AI-guided data security and risk remediation recommendations. These new capabilities empower security teams to eliminate guesswork and more proactively address security risks to improve their overall security posture across their data environment. BigID’s AI-guided data…

Read more →