Category: Help Net Security

Law enforcement from 19 countries severely disrupted one of the world’s largest phishing-as-a-service platform, known as LabHost. This year-long operation, coordinated at the international level by Europol, resulted in the compromise of LabHost’s infrastructure. International investigation disrupts phishing-as-a-service platform LabHost…

Read more →

Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants — cheap, independently produced, and crudely constructed — on the dark web. The developers of these junk gun variants are attempting to disrupt the traditional affiliate-based ransomware-as-a-service (RaaS)…

Read more →

When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team touches customer identity at some point, the teams that own it differ from organization to…

Read more →

A recent Enea survey highlights a worrying trend in enterprise security: Following ChatGPT’s launch, 76% of businesses are inadequately protected against rising AI-driven vishing and smishing threats. In this Help Net Security video, John Hughes, SVP, Head of Network Security…

Read more →

Most industries continue to run almost two or more months behind in patching software vulnerabilities, endpoints remain vulnerable to threats, and most enterprise PCs must be replaced to support AI-based technologies, according to the Absolute Security Cyber Resilience Risk Index…

Read more →

49.6% of all internet traffic came from bots in 2023, a 2% increase over the previous year, and the highest level Imperva has reported since it began monitoring automated traffic in 2013. For the fifth consecutive year, the proportion of…

Read more →

Armis has acquired Silk Security for a total of $15 million and will integrate the Silk Platform into the Armis Centrix AI-based Vulnerability Prioritization and Remediation solution to supercharge its capabilities and now be able to provide security teams with…

Read more →

While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be as easy a disabling the devices’ telemetry, it has now been comfirmed that this mitigation is ineffectual. “Device telemetry does not need to be…

Read more →

Keren Elazari is an internationally recognized security analyst, author, and researcher. Since 2000, Keren has worked with leading Israeli security firms, government organizations, innovative start-ups, and Fortune 500 companies. She is the founder of BSidesTLV and Leading Cyber Ladies and…

Read more →

Client Security Officer Unisys | USA | Remote – View job details The Client Security Officer (CSO) is part of Unisys account management team servicing its clients as cybersecurity representative alongside the Client Executive and the Client Delivery Executive. Cybersecurity…

Read more →

Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game. “I wanted to create a generic playground for ethical hackers, developers, and security engineers where…

Read more →

The concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a key workplace priority, according to Ivanti. Ivanti surveyed over 7,700 executive leaders, IT and cybersecurity…

Read more →

In this Help Net Security video, Trevor Hilligoss, VP of SpyCloud Labs, discusses the 2024 SpyCloud Identity Exposure Report, an annual report examining the latest trends in cybercrime and its impact. Researchers recaptured nearly 1.38 billion passwords circulating the darknet…

Read more →

A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To be more precise, the first…

Read more →

Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-factor authentication) SMS message logs of Duo customers. About the attack The unnamed provider – one of two that Duo…

Read more →

Alongside Tanium Guardian and its partnership with Microsoft Copilot for Security, Tanium Automate serves as another critical component in support of the autonomous endpoint management (AEM) capabilities within the Tanium XEM platform. The trusted automation built into the Tanium XEM…

Read more →

Vercara launched UltraEdge, a comprehensive edge platform that includes an innovative Content Delivery Network (CDN), integrated application security, and edge compute. Powered by Edgio and supported through Vercara’s Security Operations Center (SOC), UltraEdge speeds up time to market for new…

Read more →

The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious maintainer achieved that coveted…

Read more →

GuidePoint Security announced its IoT Security Assessment, a new cybersecurity service. GuidePoint Security’s team of IoT security and embedded systems experts have extensive experience identifying potential weaknesses in IoT devices and applications across a wide range of industries. Organizations that…

Read more →

Sectigo launched SCM Pro, a solution to bring the robustness of enterprise CLM to Small and midsize enterprises (SMEs), effectively leveling the playing field between large enterprises and the mid-market. Online identity proliferation, hybrid work, and device sprawl increase the…

Read more →