Category: Help Net Security

Here’s a look at the most interesting products from the past week, featuring releases from BackBox, ProcessUnity, SentinelOne, and Vade. ProcessUnity unveils all-in-one platform for third-party risk management With a single, configurable platform, ProcessUnity helps organizations manage the increasing complexity…

Read more →

In this Help Net Security interview, Roland Palmer, VP Global Operations Center at Sumo Logic, discusses key challenges and innovations of the NIS2 Directive, aiming to standardize cybersecurity practices across sectors. NIS2 mandates minimal cybersecurity requirements for member companies, encompassing…

Read more →

The European Commission adopted the implementing regulation concerning the EU cybersecurity certification scheme on Common Criteria (EUCC). The outcome aligns with the candidate cybersecurity certification scheme on EUCC that ENISA drafted in response to a request issued by the European…

Read more →

There is a misconception that only software and technology companies leverage crowdsourced security. However, data contradicts this belief. Companies across various sectors are increasingly adopting crowdsourced security, as reported by Bugcrowd. The government industry sector saw the fastest growth for…

Read more →

69% of identity-based incidents involved malicious logins from suspicious infrastructure, which are hosting providers or proxies that aren’t expected for a user or organization, according to Expel. Identity-based incidents accounted for 64% of all incidents investigated by the Expel SOC,…

Read more →

The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell (CVE-2021-44228) and PwnKit (CVE-2021-4034) vulnerabilities for lateral movement and privilege escalation. The FritzFrog botnet The FritzFrog botnet, initially identified in…

Read more →

Qualys is expanding Qualys CyberSecurity Asset Management (CSAM) to identify unmanaged and untrusted devices in real-time. Leveraging the Qualys Cloud Agent to continuously monitor the network, this passive discovery method complements scans, agents, and API-based discovery to build a comprehensive…

Read more →

Graylog released a free version of Graylog API Security. This API discovery and monitoring tool makes API security accessible to enterprises of all sizes at a time when API-related attacks are on the rise. Uniquely, Graylog API Security enables organizations…

Read more →

The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations. A botnet for probing critical infrastructure organizations The threat actors used the KV botnet malware…

Read more →

Secureworks launched AI-powered Threat Score to silence alert noise and reduce security analyst workload by over 50%. With ransomware dwell times falling, security analysts are under more pressure than ever to make the right decisions about which alerts they investigate.…

Read more →

Dynatrace announced it has extended its analytics and automation platform to provide holistic observability and security for LLMs and generative AI-powered applications. This enhancement to the Dynatrace platform enables organizations worldwide to embrace generative AI confidently and cost-effectively as part…

Read more →

In a significant stride towards enhancing network security, BackBox introduces Zero Trust Network Operations (ZTNO). This offering is a best practice framework with six actionable pillars to automate cybersecurity considerations at the network layer for NetOps teams. To simplify ZTNO…

Read more →

A financially motivated threat actor tracked as UNC4990 is using booby-trapped USB storage devices and malicious payloads hosted on popular websites such as Ars Technica, Vimeo, GitHub and GitLab to surreptitiously deliver malware. Another interesting detail about UNC4990 it’s mostly…

Read more →

Protect AI announced it has acquired Laiyer AI. With the acquisition, Protect AI will be offering a commercial version of Laiyer AI’s open source LLM Guard with expanded features, capabilities, and integrations within the Protect AI platform. LLM Guard is…

Read more →

82% of cybersecurity professionals have been working on implementing zero trust last year, and 16% should be on it by the end of this year. The challenges of zero trust implementation You’ve probably heard it before: zero trust is not…

Read more →

In this Help Net interview, Isaac Evans, CEO at Semgrep, discusses the balance between speed and thoroughness in CI/CD pipeline security scanning. Stressing the need to avoid slowing down the process, he recommends a nuanced approach, utilizing custom rules to…

Read more →

CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined and user-friendly interface for navigating vulnerability databases. Although CVEs are crucial for pinpointing and discussing security…

Read more →

96% of US companies were targeted with at least one fraud attempt in the past year, according to Trustpair. 83% of US companies saw an increase in cyber fraud attempts on their organization in the past year. Fraudsters primarily used…

Read more →

As organizations handle increasing amounts of data daily, AI offers advanced capabilities that would be harder to achieve with traditional methods. In this Help Net Security video, Tyler Young, CISO at BigID, explores AI’s challenges, triumphs, and future in cybersecurity.…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: 1Kosmos, Atakama, Critical Start, Dasera, ID R&D, Living Security, Onfido, Regula, Searchlight Cyber, Seceon, Skopenow, Skyhigh Security, SpecterOps, Veriti, and Wing Security. SpecterOps adds new…

Read more →