Category: Help Net Security

Scout Suite is an open-source, multi-cloud security auditing tool designed to assess the security posture of cloud environments. By leveraging the APIs provided by cloud vendors, Scout Suite collects and organizes configuration data, making it easier to identify potential risks.…

Read more →

Traditional cloud security issues often associated with cloud service providers (CSPs) are continuing to decrease in importance, according to the Top Threats to Cloud Computing 2024 report by the Cloud Security Alliance. Misconfigurations, IAM weaknesses, and API risks remain critical…

Read more →

Major tech outages have recently impacted customers and operations at McDonald’s, Greggs, Deliveroo, Tesco, and Barclays. In this Help Net Security video, Stephen Johnson, CEO of Roq, says it is now imperative for companies and organizations to invest significantly more…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: August 2024 Patch Tuesday forecast: Looking for a calm August release August 2024 July ended up being more ‘exciting’ than many of us wanted; we’re…

Read more →

Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has confirmed. Discovered by the Robinhood Red Team…

Read more →

July ended up being more ‘exciting’ than many of us wanted; we’re supposed to be in the height of summer vacation season. First, we had a large set of updates on Patch Tuesday, then we had to work through the…

Read more →

A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability stems from how those popular browsers handle…

Read more →

The Network and Information Security (NIS) 2 Directive is possibly one of the most significant pieces of cybersecurity regulation to ever hit Europe. The 27 EU Member States have until 17 October 2024 to adopt and publish the standards necessary…

Read more →

The sophistication of cyber threats has escalated dramatically, with malicious actors’ deploying advanced tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and evade detection, according to Darktrace. Subscription-based tools such as Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have also lowered the…

Read more →

76% of security leaders recognize the pressing need to move to shorter certificate lifespans to improve security, according to Venafi. However, many feel unprepared to take action, with 77% saying the shift to 90-day certificates will mean more outages are…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from: Rapid7, AppOmni, Contrast Security, Elastic, Cequence Security, Veza, ArmorCode, and EndorLabs. Rapid7 releases Command Platform, unified attack defense and response Rapid7 launched its Command Platform,…

Read more →

Over half of key stakeholders including audit committees, company boards, and chief financial officers are looking to internal audit teams to take on more risk-related work, according to AuditBoard. The study revealed that these expanding expectations are coming at a…

Read more →

Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited (and thus potential phishing) emails “disappear”. “When an Outlook user receives an e-mail from an address they don’t typically communicate with, Outlook shows an…

Read more →

Menlo Security has unveiled enhancements to Menlo Zero Trust Access, the company’s zero trust solution, which keeps enterprises steps ahead of adversaries. Simultaneously, the Menlo team released new findings as a follow up to the team’s recently released Global Cyber…

Read more →

Securonix and Cribl announced a strategic partnership focused on providing customers with enhanced threat detection, based on a broader range of enterprise data being analyzed for AI-powered attacks. Securonix recently announced Securonix EON with a Cybersecurity Mesh Architecture that seamlessly…

Read more →

A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of SafeBreach researcher Alon Leviev’s…

Read more →

Endor Labs unveiled two capabilities, Upgrade Impact Analysis and Endor Magic Patches, that fix an expensive and time-consuming problem in the Software Composition Analysis (SCA) market. Software version upgrades are often required to fix critical vulnerabilities in open source software…

Read more →

ArmorCode has launched AI Remediation in its ArmorCode ASPM Platform to help resolve security issues faster, put security expertise in the hands of developers, and reduce DevSecOps friction. ArmorCode AI Remediation is a new capability and the second pillar in…

Read more →

AppViewX and Utimaco have partnered to offer cloud-delivered secure certificate and key lifecycle management solutions. Together, the companies will provide comprehensive, robust, and scalable platforms for certificate lifecycle management automation and secure code signing. The integration of the AppViewX AVX…

Read more →

At the Black Hat USA 2024 Arsenal by ToolsWatch, researchers showcase their latest cybersecurity open-source tools. Must read: 20 free cybersecurity tools you might have missed 15 open-source cybersecurity tools you’ll wish you’d known earlier 20 essential open-source cybersecurity tools…

Read more →