Category: Help Net Security

Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs. “As I started researching the QUIC protocol, I noticed that my…

Read more →

Beyond traditional AI models, generative AI (GenAI) can create new content, images, and even entire scenarios from scratch. While this technology holds immense promise across various sectors, it also introduces challenges and threats to cybersecurity. In this round-up from Help…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Transitioning to memory-safe languages: Challenges and considerations In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses…

Read more →

While the threat landscape continues to shift and evolve, attackers’ motivations do not, according to a Red Canary report. The classic tools and techniques adversaries deploy remain consistent–with some notable exceptions. The report tracked MITRE ATT&CK techniques that adversaries abuse…

Read more →

12.8 million new secrets occurrences were leaked publicly on GitHub in 2023, +28% compared to 2022, according to GitGuardian. Remarkably, the incidence of publicly exposed secrets has quadrupled since the company started reporting in 2021. Companies need to manage sensitive…

Read more →

Cyber threats are growing at an unprecedented pace, and the year ahead is fraught with cybercrime and incidents anticipated ahead of the busy election year where over 50 countries head to the polls, according to Mimecast. With new threats like…

Read more →

In this Help Net Security video, Tracy Reinhold, CSO at Everbridge, discusses why AI technology must be embraced while also exploring some guardrails that must be in place to protect organizations against threats using AI to penetrate facilities. The post…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from AuditBoard, Cynerio, DataDome, Regula, and Tenable. AuditBoard unveils AI, analytics, and annotation capabilities to deliver more timely insights AuditBoard revealed new AI, analytics, and annotation…

Read more →

Halo Security intoduced its new Dark Web Monitoring feature. This addition further enhances the company’s external security platform, allowing security teams to gain insights into potential threats originating from the dark web. With the new Dark Web Monitoring feature, security…

Read more →

A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a proof-of-concept exploit for it next week, and someone…

Read more →

Perception Point launched its latest innovation, GPThreat Hunter, an addition to the company’s comprehensive security stack. Leveraging the capabilities of OpenAI’s GPT-4 model, GPThreat Hunterre presents a significant leap forward in Perception Point’s ability to autonomously resolve complex security cases…

Read more →

Cado Security announced that the Cado platform now enables customers to acquire Microsoft 365 Unified Audit Log (UAL) to help investigate and respond to Microsoft 365 compromises such as business email compromise (BEC), account takeover (ATO), and insider threats. With…

Read more →

QuSecure unveiled QuProtect Core Security, a product designed to fortify existing Cisco router-to-router communications against emerging quantum threats. Leveraging advanced crypto-agile post-quantum cryptography, QuProtect Core Security offers a seamless and robust security layer, delivering protection for critical network infrastructures for…

Read more →

Concentric AI announced its new Copilot data risk module that delivers data security governance of Copilot data inputs and outputs to ensure that sensitive data – from financial information to IP to business data – remains protected within the organization.…

Read more →

Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC exploit script demonstrating the attack, as…

Read more →

63% of CISA-tracked Known Exploited Vulnerabilities (KEVs) can be found on healthcare networks, while 23% of medical devices—including imaging devices, clinical IoT devices, and surgery devices—have at least one known exploited vulnerability, according to Claroty. Traditionally, medical devices have replacement…

Read more →

The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation. The Static Analyzer is…

Read more →

With breach recovery costs skyrocketing, speeding time to recovery to minimize downtime and losses should be top of mind for security leaders. Yet, most focus on adding more prevention and detection tools. In this Help Net Security video, Nick Scozzaro,…

Read more →

IT leaders consider immutable storage as a must-have in the fight against cyberattacks, according to Scality. Ransomware threats are now understood by organizations to be inevitable. Reports show 1 in 4 organizations that pay a ransom never get their data…

Read more →

While the results of law enforcement action against ransomware-as-a-service operators Alphv/BlackCat and LockBit are yet to be fully realized, the August 2023 disruption of the Qakbot botnet has had one notable effect: ransomware affiliates have switched to vulnerability exploitation as…

Read more →