Category: Help Net Security

When it comes to ransomware attacks, the impact on OT environments is catching up to the impact on IT environments, according to Claroty. In Claroty’s previous survey conducted in 2021, 32% of ransomware attacks impacted IT only, while 27% impacted…

Read more →

Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day vulnerabilities, marking only the second time in 2023 that no zero-days were fixed (June…

Read more →

DataDome announced it is taking its bot protection offerings to a whole new level by enabling a new challenge response for customers, called Device Check. This invisible challenge works behind the scenes, validating device-specific signals with proofs of work –…

Read more →

Censys announced two new product tiers of its search tool, Censys Search Solo and Censys Search Teams. These additions are part of a series of strategic initiatives to enhance the security community, including the introduction of Threat Hunting Boot Camps,…

Read more →

North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D programming language). “This campaign consists of continued opportunistic targeting of enterprises globally that publicly host and expose their…

Read more →

Recruiters are being targeted via spear-phishing emails sent by cybercrooks impersonating job applicants, Proofpoint researchers are warning. “The tone and content of the emails suggest to the recipient the actor is a legitimate candidate, and because the actor specifically targets…

Read more →

Calamu announced expanded support for enterprise applications through interoperability of a Calamu Data Harbor with the industry recognized S3-API protocol in the latest release of their flagship product, Calamu Protect Version 2.0. This data security technology integrates seamlessly into existing…

Read more →

SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool Party” because they (ab)use Windows thread pools, these process injection techniques work across all processes and, according…

Read more →

BT and Netskope announced a partnership to bring Netskope’s Security Service Edge (SSE) capabilities to BT’s global customers. The partnership follows a number of large customer implementations where the two companies have already collaborated to successfully meet the security and…

Read more →

A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. Websites’ lax creation policies for passwords The researchers used an automated account creation method to assess…

Read more →

Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data (i.e., data collected during penetration tests and red team engagements).​​ Nemesis was created by Lee Chagolla-Christensen and Will Schroeder, both security researchers…

Read more →

In this Help Net Security interview, Matt Holland, CEO of Field Effect, discusses achieving a balance for businesses between the advantages of using AI in their cybersecurity strategies and the risks posed by AI-enhanced cyber threats. Holland also explores how…

Read more →

The European Union’s attempt to reform its electronic identification and trust services – a package of laws better known as eIDAS 2.0 – contains legislation that poses a grave threat to online privacy and security. An article buried deep in…

Read more →

42% of businesses report employees with BYOD devices in business settings that use tools like WhatsApp have led to new security incidents, according to SafeGuard Cyber. Messaging platforms like WhatsApp, Telegram, Slack, and Teams face constant threats, emphasizing the need…

Read more →

DataVisor announced the expansion of its end-to-end platform capabilities with the integration of SMS customer verification for fraudulent transactions. This new offering, powered by Twilio technology, provides customers with enhanced fraud protection via additional end-user authentication and verification capabilities. Additionally,…

Read more →

Stellar Cyber has incorporated Generative AI (GenAI) into its Open XDR Platform. With GenAI functionality tied to its knowledge base, Stellar Cyber can significantly improve security analysts’ productivity by enabling them to get answers to their investigation-related questions by simply…

Read more →

ShardSecure has forged a new partnership with Wasabi Technologies. Through this collaboration, the companies aim to deliver highly secure, resilient, and cost-effective data storage solutions to enterprise organizations. ShardSecure’s comprehensive platform offers advanced data privacy, agentless file-level protection, cloud ransomware…

Read more →

The use of automated security technology is growing rapidly, which in turn is propagating the “shift everywhere” philosophy – performing security tests throughout the entire software development life cycle – across more organizations, according to Synopsys. This year’s findings revealed…

Read more →

Cybercriminals still prefer targeting open remote access products, or like to leverage legitimate remote access tools to hide their malicious actions, according to WatchGuard. “Threat actors continue using different tools and methods in their attack campaigns, making it critical for…

Read more →

In this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in operationalizing the NIST and other government guidelines and frameworks. Enhancing its predecessor, the…

Read more →