Category: Help Net Security

Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool. Find vulnerabilities for major operating system packages Alpine Amazon Linux BusyBox CentOS CBL-Mariner Debian Distroless…

Read more →

It’s becoming evident that the legacy practice of signature-based threat detection needs to be improved for cloud security challenges. In this Help Net Security video, Jimmy Mesta, CTO at RAD Security, discusses a new proposed standard for creating behavioral fingerprints…

Read more →

Appgate has unveiled its new Malware Analysis Service that mitigates cyberthreats for enterprises and government agencies by identifying and neutralizing malicious software. Appgate’s Malware Analysis and Research Team now offers two new services that allow resource-constrained security teams to submit…

Read more →

Invicti announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution. The growth of service-based architectures has driven an explosion in APIs, creating yet another expanding attack surface for security teams to address. As…

Read more →

OpenText announced its latest product innovations with Cloud Editions (CE) 24.3. This release represents a significant leap forward in integrating advanced information management capabilities, trusted cloud solutions, robust security measures, and AI to optimize data performance for simpler, but superior,…

Read more →

Red Hat introduced new capabilities and enhancements for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes, as well as the general availability of Red Hat Advanced Cluster Security Cloud Service. The new features, delivered with the general…

Read more →

In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta recommends role-based access…

Read more →

SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain takeover tools. “SubSnipe does some additional verification after the fingerprinting to find candidates more likely…

Read more →

Adversary Emulation Team Member Australian Federal Police | Australia | On-site – View job details As an Adversary Emulation Team Member you will participate in testing and assessment activities in both domestic and international settings. You will gain exposure to…

Read more →

Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose major risks The report found the GitHub Actions marketplace’s security posture to be especially concerning, with…

Read more →

Secureworks launched Taegis ManagedXDR Plus, a new Managed Detection and Response (MDR) offering that liberates the mid-market from indistinct, cookie cutter security solutions that don’t meet their unique security requirements. This announcement means that this market sector will no longer…

Read more →

The Cloud Security Alliance (CSA) demonstrated its commitment to improving its vendor-neutral cloud security training with the release of the Certificate of Cloud Security Knowledge (CCSK) v5, furnishing cloud stakeholders with the skills they need to optimize the protection of…

Read more →

Druva announced new capabilities to help its customers accelerate the investigation and remediation of cyber threats. The new Threat Hunting capability empowers IT and security teams to search their global data footprint for indicators of compromise (IOCs). Druva is also…

Read more →

The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Trend Micro’s Zero…

Read more →

Harmonic Security launched Harmonic Protect which empowers security teams with the tools to protect sensitive data without the headaches of labeling and complex rules. CISOs using Harmonic have coined it “zero-touch data protection” for its unique ability to protect vast…

Read more →

Rezonate unveiled unified coverage from human to non-human identity security (NHI) with comprehensive capabilities: identity inventory and visibility, security posture, compliance, and identity threat detection and response (ITDR). The platform is taking a unified approach to managing both human and…

Read more →

GMO GlobalSign announced updates to its Automated Certificate Management Environment (ACME) service for internal domain certificates, enabling customers to issue GlobalSign IntranetSSL certificates through its ACME service. ACME is an internet protocol designed to enable enterprises to communicate with a…

Read more →

Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: an enduring campaign that aims to infect Facebook users with the SYS01…

Read more →

McAfee announced the appointment of Craig Boundy as President and CEO, effective August 21, 2024. Boundy, a seasoned executive with over 25 years of leadership experience, joins McAfee from Experian where he served as the global Chief Operating Officer, and…

Read more →

In this Help Net Security interview, Seth Hodgson, SVP of Engineering at Udemy, discusses effective study techniques for cybersecurity certification exams. Hodgson discusses the role of study groups, online forums, and professional networks in certification preparation and shares strategies for…

Read more →