Category: Help Net Security

Eclypsium launches Automata, a new AI-assisted feature for its digital supply chain security platform. Available now, Automata is an automated binary analysis system that replicates the knowledge and tooling of expert security researchers to discover previously unknown threats, vulnerabilities, and…

Read more →

Index Engines announced the latest release of its CyberSense software, with version 8.6 delivering a revamped user interface to support smarter recovery from ransomware attacks, new custom Advanced Threshold Alerts to proactively detect unusual activity, and AI-powered detection of ransomware-based…

Read more →

Concentric AI announced its new employee offboarding risk monitoring and reporting module that delivers critical data detection and response capabilities to identify true risk to data and secure sensitive information when employees leave a company. Concentric AI’s new release also…

Read more →

An ongoing malvertising campaign is targeting IT administrators looking to download system utilities such as PuTTY (a free SSH and Telnet client) and FileZilla (a free cross-platform FTP application). “We have reported this campaign to Google but no action has…

Read more →

Cohesity has announced it is collaborating with Intel to bring Intel’s confidential computing capabilities to the Cohesity Data Cloud. Leveraged with Fort Knox, Cohesity’s cyber vault service, this data-in-use encryption innovation will be the first of its kind in the…

Read more →

NICE Actimize announced IFM 11 (Integrated Fraud Management), a new release of its AI-driven fraud management and detection platform. The new release leverages recent advancements in artificial intelligence together with NICE Actimize’s collective intelligence capabilities to introduce fraud detection accuracy,…

Read more →

Alethea announced the close of a $20 million Series B funding round led by GV, with participation from Ballistic Ventures, who led Alethea’s Series A funding in 2022. Also participating in the round is Hakluyt Capital, which invests alongside leading…

Read more →

Next week, Diverto is set to release a comprehensive report on Croatia’s cybersecurity landscape. This report will provide a detailed summary of the key events from 2023, offer targeted recommendations for managerial strategies, and highlight crucial regulations like NIS2 and…

Read more →

In 2023, 71% of organizations across various industries reported that their business feels the impact of the ongoing cybersecurity skills shortage. Many companies have been forced to scale back their cybersecurity programs as they struggle to find experienced candidates to…

Read more →

In early 2023, the World Economic Forum (WEF) launched Cybercrime Atlas, with the intent to map the cybercriminal ecosystem by facilitating collaboration between private and public organizations. What does this collaboration look like in practice? We’ve asked Sean Doyle, the…

Read more →

According to a recent Gartner survey, widespread GenAI adoption has resulted in a scramble to provide audit coverage for potential risks arising from the technology’s use. In this Help Net Security video, Thomas Teravainen, a Research Specialist at Gartner, discusses…

Read more →

GSM Association’s Fraud and Security Group (FASG) has published the first version of a framework for describing, in a structured way, how adversaries attack and use mobile networks, based on the tactics, techniques and procedures (TTPs) that they use. The…

Read more →

Application Security Engineer HCLTech | Mexico | Remote – View job details As an Application Security Engineer, you will work on the security engineering team and collaborate with other IT professionals to ensure that user data is protected. Cybersecurity Incident…

Read more →

On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being…

Read more →

Trellix announced the Trellix Zero Trust Strategy (ZTS) Solution, available immediately worldwide. Trellix ZTS is leveraging Trellix’s AI-powered XDR Platform to provide native monitoring, protection, and threat detection. The solution enables organizations to establish security hygiene and strengthen cyber resilience…

Read more →

55% of organizations plan to adopt GenAI solutions within this year, signaling a substantial surge in GenAI integration, according to a Cloud Security Alliance and Google Cloud survey. The survey received 2,486 responses from IT and security professionals. The report…

Read more →

Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting has been used by legitimate organizations to uniquely identify web browsers for nearly 15 years,…

Read more →

Disruptive technologies like AI are heightening the longstanding tension between organizational security and employee productivity, according to 1Password. Employees are under increasing pressure to perform; to boost efficiency they’re embracing generative AI, hybrid and remote work, and unapproved applications and…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Fastly, LogRhythm, Owl Cyber Defense Solutions, and TrueMedia.org. Owl Talon 3 provides hardware-enforced, one-way data transfers Owl Cyber Defense Solutions launched next generation of their…

Read more →

As businesses evolve, they often experience changes in roles, partnerships, and staff turnover. This dynamic can result in improper access to data and resources. Such mismanagement leads to superfluous expenses from excessive software licensing fees and heightens the risk of…

Read more →

Texas-based Omni Hotels & Resorts has been responding to a cyberattack that started last Friday, which resulted in the unavailability of many of its IT systems. According to people staying at some of the 50 properties the company operates across…

Read more →

The US Department of Commerce’s National Institute of Standards and Technology (NIST) has awarded cooperative agreements totaling nearly $3.6 million aimed at building the workforce needed to safeguard enterprises from cybersecurity risks. The grants of roughly $200,000 each will go…

Read more →

Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three months since attackers…

Read more →

Avast released a new product tier to the Avast One suite: Avast One Silver. The new offering takes a modular approach to cyber security, allowing people to tailor their coverage based upon their needs, personal preferences, or risk profiles. The…

Read more →

AI is quickly transforming how individuals create their own apps, copilots, and automations. This is enabling organizations to improve output and increase efficiency—all without adding to the burden of IT and the help desk. But while this transformation makes software…

Read more →

Mantis is an open-source command-line framework that automates asset discovery, reconnaissance, and scanning. You input a top-level domain, and it identifies associated assets, such as subdomains and certificates. Mantis features The framework conducts reconnaissance on active assets and completes its…

Read more →

There is an urgent need to secure tactical, operational, and strategic critical assets from the edge to the core. In this Help Net Security video, Geoffrey Mattson, CEO of Xage Security, discusses the steps enterprises and critical infrastructure must take…

Read more →

In this Help Net Security interview, Eric Demers, CEO of Madaket Health, discusses prevalent cyber threats targeting healthcare organizations. He highlights challenges in protecting patient data due to infrastructure limitations and the role of employee awareness in preventing insider threats.…

Read more →

67% of consumers across the globe are concerned about the security and privacy of AI, according to Bitdefender survey. AI uses personal data to feed its machine learning algorithms, and the rising amount has raised serious concerns about data storage,…

Read more →

Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The stolen 2016 MSA key in combination with…

Read more →

Picus Security announced Picus Numi AI. As the latest innovation of the Picus Security Validation Platform, this generative AI security analyst empowers any member of a security team to access critical, up-to-date information about their security posture to make purposeful…

Read more →

Bitwarden strengthened Bitwarden Passwordless.dev with the release of a magic links API. This offering empowers developers to incorporate passwordless authentication into their applications, providing a more secure and user-friendly experience for users. The magic links API enables developers to send…

Read more →

The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support,” says the U.S. National Institute of Standards…

Read more →

Owl Cyber Defense Solutions launched next generation of their flagship data diode software platform, Owl Talon 3. This new release represents the first in a planned series of leaps forward for Owl’s hardware-enforced one-way data transfer technology. With an all-new…

Read more →

TrueMedia.org launched its deepfake detection technology for reporters, and other key audiences to use ahead of the 2024 U.S. elections. The free tool is currently available to government officials, fact checkers, campaign staff, universities, non-profits, and reporters of accredited news…

Read more →

While some online privacy issues can be subtle and difficult to understand, location tracking is very simple – and very scary. Perhaps nothing reveals more about who we are and what we do than a detailed map of all the…

Read more →

Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain access user accounts. Session (i.e., authentication) cookies are stored by browsers when a…

Read more →

Cyber Security Manager Charterhouse Middle East | UAE | On-site – View job details The Cyber Security Manager will identify and address potential security issues, define access privileges, implement control structures, and conduct periodic audits. In addition, you’ll also contribute…

Read more →

After another year rife with cybercrime, IT and cyber leaders are confronted with a new reality. AI and deepfakes can trick even the most well-trained employee, and executing a strong cyber defense is more important than ever. In this Help…

Read more →

In this Help Net Security interview, Marty Edwards, Deputy CTO OT/IoT at Tenable, discusses the impact of geopolitical tensions on cyber attacks targeting critical infrastructure. Edwards highlights the need for collaborative efforts between policymakers, government agencies, and the private sector…

Read more →

Fortinet announced the latest version of its FortiOS operating system and other major enhancements to the company’s cybersecurity platform, the Fortinet Security Fabric. FortiOS 7.6 empowers customers to better mitigate risk, reduce complexity, and realize a superior user experience across…

Read more →

Fastly introduced Fastly Bot Management to help organizations combat automated “bot” attacks at the edge and significantly reduce the risk of fraud, DDoS attacks, account takeovers, and other online abuse. Fastly Bot Management represents an important cybersecurity milestone for the…

Read more →

AT&T has confirmed that the data set leaked on the dark web some two weeks ago does, indeed, contain “AT&T data-specific fields”. The company is reaching out to affected customers and offering credit monitoring services. What type of data has…

Read more →

Recent global research reveals 61% of organizations still rely on manual and time-intensive methods for sharing security status updates. In response, LogRhythm announced its 8th consecutive quarterly release. The latest innovations to LogRhythm Axon facilitate seamless dashboard and search import/export…

Read more →

Veracode announced the acquisition of Longbow Security, a pioneer in security risk management for cloud-native environments. The acquisition marks the next exciting phase of Veracode, underscoring the company’s commitment to help organizations manage and reduce application risk across the growing…

Read more →

Few joys remain untouched by the necessity of identity verification. With its ubiquitous presence, the call for heightened security, improved accessibility, and seamless authentication resonates loudly for businesses and individuals alike. In response, a tool, or perhaps a reinvented vision…

Read more →

Cloud Active Defense is an open-source solution that integrates decoys into cloud infrastructure. It creates a dilemma for attackers: risk attacking and being detected immediately, or avoid the traps and reduce their effectiveness. Anyone, including small companies, can use it…

Read more →

In this Help Net Security video, Sylvia Acevedo, who serves on the Boards of Qualcomm and Credo, discusses why companies should invest in forensic capabilities and why forensics will be such an important topic as AI continues to be integrated…

Read more →

Only 3% of organizations across the globe have the ‘mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to Cisco. The 2024 Cisco Cybersecurity Readiness Index highlights that readiness is down significantly from one year ago,…

Read more →

There will always be a natural tension between cybersecurity teams and developers. After all, it’s the developer’s role to “develop.” They want and are paid to create and ship new applications and features that help move the organization forward. It’s…

Read more →

Armed forces have always utilized war-gaming exercises for battlefield training to prepare for times of conflict. With today’s digital transformation, the same concept is being applied in the form of cybersecurity exercises – tests and simulations based on plausible cyber-attack…

Read more →

Evasive, basic, and encrypted malware all increased in Q4 2023, fueling a rise in total malware, according to WatchGuard. Threat actors employ diverse tactics The average malware detections rose 80% from the previous quarter, illustrating a substantial volume of malware…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, AuditBoard, Bedrock Security, Cado Security, Check Point, CyberArk, Cynerio, DataDome, Delinea, Drata, Exabeam, GitGuardian, GitHub, GlobalSign, Legato Security, Legit Security, Malwarebytes, Ordr, Pentera, Portnox,…

Read more →

One of the primary concerns regarding data privacy is the potential for breaches and unauthorized access. Whether it’s financial records, medical histories, or personal communications, individuals have a right to control who can access their data and for what purposes.…

Read more →

The news that XZ Utils, a compression utility present in most Linux distributions, has been backdoored by a supposedly trusted maintainer has rattled the open-source software community on Friday, mere hours until the beginning of a long weekend for many.…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in…

Read more →

A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns. The cause of…

Read more →

Stream.Security announced new threat investigation and AI-powered remediation capabilities. The new real-time attack path detection and generative AI-powered remediation tools are part of the real-time exposure management features that the cloud security company is rolling out. With these capabilities, customers…

Read more →

Though generative AI offers financial firms remarkable business and cybersecurity utility, cyberthreats relating to GenAI in financial services are a consistent concern, according to FS-ISAC. Cybercriminals exploit AI for data exfiltration The cybersecurity community’s current consensus is that adversarial usage…

Read more →

We all know using a cloud-based identity provider (IdP) expands your attack surface, but just how big does that attack surface get? And can we even know for sure? As Michael Jordan once said, “Get the fundamentals down, and the…

Read more →

Companies demonstrating advanced cybersecurity performance generate a shareholder return that is 372% higher than their peers with basic cybersecurity performance, according to a new report from Diligent and Bitsight. Boards under pressure to fortify cyber oversight The escalation in the…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Security, CyberArk, GitGuardian, Legit Security, and Malwarebytes. GitGuardian SCA automates vulnerability detection and prioritization for enhanced code health GitGuardian SCA is specifically designed for…

Read more →

2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting…

Read more →

Snowflake introduced Snowflake Data Clean Rooms to customers in AWS East, AWS West, and Azure West, revolutionizing how enterprises of all sizes can securely share data and collaborate in a privacy-preserving manner to achieve high value business outcomes in the…

Read more →

AppViewX and Fortanix announced a partnership to offer cloud-delivered secure digital identity management and code signing. Together the companies make it easy to address critical enterprise security challenges with comprehensive, robust and scalable platforms for certificate lifecycle management automation and…

Read more →

NHS Dumfries and Galloway (part of NHS Scotland) has confirmed that a “recognised ransomware group” was able to “access a significant amount of data including patient and staff-identifiable information,” and has published “clinical data relating to a small number of…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that US federal…

Read more →

Enterprises must secure a transformation driven by generative AI (GenAI) bidirectionally: by securely adopting GenAI tools in the enterprise with zero trust while leveraging it to defend against the new AI-driven threat landscape, according to Zscaler. AI has already become…

Read more →

Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing reliance on…

Read more →

In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise (BEC), cyber attackers’ use of AI, and securing the supply chain.…

Read more →

The majority of cyberattacks against organizations are perpetrated via social engineering of employees, and criminals are using new methods including AI to supercharge their techniques, according to ReliaQuest. Some 71% of all attacks trick employees via the use of phishing,…

Read more →