Category: Help Net Security

American Water, the largest water and wastewater utility company in the US, has shut down some of its systems following a cyberattack. While the company confirmed that none of its water or wastewater facilities or operations have been negatively affected…

Read more →

BreachLock strengthens continuous threat exposure management (CTEM) capabilities for enterprise customers with its new Attack Surface Analytics feature. Time is of the essence when Fortune 500 security teams find themselves waking up to a Code Red vulnerability being actively exploited.…

Read more →

SimSpace announced its enhanced OT (Operational Technology) content, now offering more realistic and high-fidelity training and emulation. As OT cybersecurity becomes increasingly critical for industries relying on operational systems, SimSpace has invested in this content to ensure that organizations are…

Read more →

As personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent. Meanwhile, traditional identity systems used by enterprises often expose sensitive information to unnecessary risk, leaving both users…

Read more →

In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometrics, to enhance security while…

Read more →

The discovery that 95% of advanced bot attacks go undetected points to a weakness in current detection and mitigation strategies. This suggests that while some organizations may have basic defenses, they are ill-equipped to handle more sophisticated attacks, such as…

Read more →

Discover how ManageEngine Log360, a comprehensive SIEM solution empowers you to prevent internal security breaches, safeguard your network from external threats, protect sensitive data, and ensure compliance with stringent regulatory mandates. Schedule a personalized demo Be a part of this…

Read more →

Action1 announced its latest product release. As part of its platform enhancements, Action1 has introduced a new agent for macOS, enabling organizations with diverse IT environments to ensure unified, cross-platform patching automation and integrated software vulnerability management. As the world’s…

Read more →

Thousands of Linux systems are likely infected with the highly elusive and persistent “perfctl” (or “perfcc“) cryptomining malware and many others still could be at risk of getting compromised, Aqua Security researchers revealed last week. “In all the attacks observed,…

Read more →

In this Help Net Security interview, Amiram Shachar, CEO at Upwind, discusses the complexities of cloud security in hybrid and multi-cloud environments. He outlines the need for deep visibility into configurations and real-time insights to achieve a balance between agility…

Read more →

For several years, external attack surface management (EASM) has been an important focus for many security organizations and the vendors that serve them. EASM, attempting to discover the full extent of an organization’s external attack surface and remediate issues, had…

Read more →

Security operations center (SOC) practitioners believe they are losing the battle detecting and prioritizing real threats – due to too many siloed tools and a lack of accurate attack signal, according to Vectra AI. They cite a growing distrust in…

Read more →

Rspamd is an open-source spam filtering and email processing framework designed to evaluate messages based on a wide range of rules, including regular expressions, statistical analysis, and integrations with custom services like URL blacklists. The system analyzes each message and…

Read more →

You can’t fulfill your end of the shared responsibility model if you don’t emphasize secure configurations. Depending on the cloud services you’re using, you’re responsible for configuring different things. Once you figure out those responsibilities, you then need to perform…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The…

Read more →

Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor. “Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks,…

Read more →

October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The preview versions of this release have been in the news due to many innovations and one controversial feature. Windows 11 24H2 and Microsoft Recall…

Read more →

In this Help Net Security interview, Sanaz Yashar, CEO at Zafran, discusses the role of threat exposure management (TEM) in modern cybersecurity strategies. As traditional vulnerability management evolves, TEM addresses the overwhelming risks arising from expanded attack surfaces and fragmented…

Read more →

MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. At its core, the project features a custom-built C# LDAP parser designed for tokenization and syntax tree parsing. It also incorporates specialized properties to ensure precise obfuscation,…

Read more →

Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface, according to Elastic. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts. The…

Read more →