Category: Help Net Security

Entrust has entered into exclusive discussions to acquire Onfido. With this contemplated acquisition, Entrust would add a compliant AI/ML-based biometric and document IDV tech stack to its portfolio of identity solutions. Additionally, Entrust would have the opportunity to advance the…

Read more →

CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted…

Read more →

JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About CVE-2024-23917 CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative…

Read more →

Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. It’s also equipped for incident response, continuous monitoring, hardening, and forensics preparation. Details The tool includes hundreds of controls that align…

Read more →

According to recent surveys, 98% of organizations keep their financial, business, customer and/or employee information in the cloud but, at the same time, 95% of cloud security professionals are not sure their security protections and their team would manage to…

Read more →

Threat actors aren’t looking for companies of specific sizes or industries, they are looking for opportunities. Given that many companies operate in the dark and overlook breaches until ransomware attacks occur, this makes the threat actors’ job easy. It also…

Read more →

In this Help Net Security interview, Jamieson O’Reilly, Founder of DVULN, discusses adversary simulations, shedding light on challenges rooted in human behavior, decision-making, and responses to evolving cyber threats. Unveiling the interplay between red and blue teams, O’Reilly talks about…

Read more →

Microsoft’s Azure AD Password Protection, now rebranded as Microsoft Entra ID helps users create a password policy they hope will protect their systems from account takeover and other identity and access management issues. However, Entra ID has significant security gaps.…

Read more →

Despite reported threat detection, investigation, and response (TDIR) improvements in security operations, more than half of organizations still experienced significant security incidents in the last year, according to Exabeam. North America experienced the highest rate of security incidents (66%), closely…

Read more →

Adaptiva announced the deployment of its new risk-based prioritization capability for OneSite Patch. The automated risk-based prioritization feature enables IT professionals to prioritize and patch vulnerabilities based on criticality and risk severity — and can do so with unmatched speed,…

Read more →

Bitdefender launched Email Protection, a new feature that scans and identifies potentially dangerous content such as phishing attempts and online scams, in webmail accessed from any device. Email Protection allows users to extend one of the world’s best endpoint protection…

Read more →

SailPoint unveiled two sets of new offerings designed to give customers options as they build their identity program, while driving customer success throughout their identity journey. First, the company is extending the family of SailPoint Identity Security Cloud offerings with…

Read more →

Cisco announced Motific, Cisco’s SaaS product that allows for trustworthy GenAI deployments in organizations. Born from Outshift, Cisco’s incubation business, Motific provides a central view across the entire GenAI journey, empowering central IT and security teams to rapidly deliver trustworthy…

Read more →

A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the Spoutible API Security consultant Troy Hunt has been tipped off about…

Read more →

Delinea announced that Kate Reed has joined the company as Chief Marketing Officer (CMO). With more than two decades of experience in technology and cybersecurity, Reed assumes leadership of all marketing functions and initiatives and will play a pivotal role…

Read more →

OpenText announced the second generation of its advanced cybersecurity auditing technology. Today’s developers are dealing with more complexity and threats in multi-cloud environments. Security teams feel increasing pressure to tackle application security with more sophisticated tools and practices. Fortify Audit…

Read more →

Akamai announced Content Protector, a product that stops scraping attacks without blocking the good traffic that companies need to enhance their business. Scraper bots are a critical and often productive part of the commerce ecosystem. These bots search for new…

Read more →

NinjaOne announced it raised a $231.5 million Series C funding round led by ICONIQ Growth. Frank Slootman, Chairman and CEO of Snowflake; and Amit Agarwal, President of Datadog; among others also invested in the round. With this financing, ICONIQ Growth…

Read more →

Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed ResumeLooters, successfully infected at least 65 websites between November and December 2023 through SQL injection and XSS attacks.…

Read more →

IBM announced IBM LinuxONE 4 Express, extending the latest performance, security and AI capabilities of LinuxONE to small and medium sized businesses and within new data center environments. The pre-configured rack mount system is designed to offer cost savings and…

Read more →