Category: Help Net Security

VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven’t been and won’t be fixed. Instead, VMware is…

Read more →

Hummingbird launched Automations, a new product for boosting compliance productivity, reducing risk, and lowering costs. Automations provides compliance teams at financial institutions with an easy-to-use, visual automation builder, allowing them to automate away manual, repetitive tasks, saving time and effort…

Read more →

CampusGuard announced latest online Security Awareness and Compliance Training packages, offering expanded choices for our valued customers. The Information Security Awareness package includes access to over 20 security awareness modules, providing users with best practices on email security, internet security,…

Read more →

TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. “TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning Git revision history for secrets.…

Read more →

At Help Net Security, we’ve been following the cybersecurity business landscape closely for the past 25 years. Through our Industry News section, we’ve been tracking the pulse of the cybersecurity world, bringing you product news from companies worldwide. Certain vendors…

Read more →

Last year was challenging for the global market, and the market downturn greatly affected even the historically resilient cybersecurity ecosystem. In this Help Net Security video, Merav Ben Avi, Content Manager at YL Ventures, talks about how the Israeli cybersecurity…

Read more →

In 2024, API requests accounted for 57% of dynamic internet traffic around the globe, according to the Cloudflare 2024 API Security & Management Report, confirming that APIs are a crucial component of modern software development. But with their increased adoption…

Read more →

A Ukrainian national was extradited to the United States from the Netherlands after being indicted for crimes related to fraud, money laundering, and aggravated identity theft. According to court documents, Mark Sokolovsky conspired to operate the Raccoon Infostealer as a…

Read more →

Nearly every organization has core systems services tied to Active Directory that will go down during an outage, according to Cayosoft. Consequences of system downtime for business operations The impact of just one system being down can devastate business operations…

Read more →

ManageEngine released an ML-powered exploit triad analytics feature in its SIEM solution, Log360. Now, enterprises can knowledgeably trace the path of adversaries and mitigate breaches by providing complete contextual visibility into the exploit triad: users, entities and processes. Addressing the…

Read more →

Pindrop launched Pindrop Pulse, an audio liveness detection capabilities for real-time identification, monitoring, and analysis of audio deepfakes. Notably, Pulse was instrumental in identifying the TTS engine used in the recent President Biden robocall attack, By leveraging advanced deep learning…

Read more →

1Password announced the acquisition of Kolide, enabling businesses to meet the rising security challenges of the modern workforce that now works from anywhere and on any device. “We’ve witnessed a historic transformation of the workplace that demands transformative and intuitive…

Read more →

Pentera announced an integration with SpyCloud to automate the discovery and validation of compromised identities. Pentera uses exposure intelligence data to identify exploitable identities and facilitates targeted remediation to proactively reduce risk. Compromised credentials remain one of the most pervasive…

Read more →

Metomic announced that it’s rolling out its new suite of human firewall features for SaaS apps like Google, Slack and MS Teams. The new features will enable Security and Compliance teams to scale their data security workflows by involving employees…

Read more →

In the wake of yesterday’s surprise law enforcement takeover of LockBit’s leak site, the UK National Crime Agency (NCA) and Europol have shared more information about the extent of the takedown. “Today, after infiltrating the group’s network, the NCA has…

Read more →

On Monday afternoon, LockBit’s leak site has been taken over by a coalition of law enforcement agencies and is showing a seizure notice that promises more details today, at 11:30 GMT. “This site is now under the control of The…

Read more →

ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. “There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must…

Read more →

SEC’s new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023. For businesses that already harbor concerns over their cybersecurity protections, visibility, and incident response…

Read more →

92% of respondents to a recent report shared that their organization had been a victim of identity fraud, costing an average of $4.3 million over the last 12 months. Even so, only 40% stated identity verification as a top identity…

Read more →

In this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the promises and implications of decentralized identity (DCI) in cybersecurity. By redistributing identity management responsibilities among issuers, holders, and verifiers, DCI empowers individuals to selectively disclose…

Read more →