Category: Help Net Security

BlackByte, the ransomware-as-a-service gang believed to be one of Conti’s splinter groups, has (once again) created a new iteration of its encryptor. “Talos observed some differences in the recent BlackByte attacks. Most notably, encrypted files across all victims were rewritten…

Read more →

Fortinet announced the addition of sovereign SASE and GenAI capabilities to its unified SASE solution. Fortinet Unified SASE provides complete integration between Fortinet’s Secure SD-WAN solution and cloud-delivered security service edge (SSE) under a single console for seamless management, visibility,…

Read more →

Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, the attacker can perform malicious operations in the…

Read more →

ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East Asian countries. When examining the root cause, ESET discovered another way to exploit the…

Read more →

HYCU announced significant updates to its HYCU R-Cloud data protection platform that offers customers additional protection for their Identity and Access Management (IAM) solutions with support for Microsoft Entra ID. With this announcement, customers gain enterprise-class, backup and item-level restore…

Read more →

Expel announced a new strategic partnership with Wiz, a cloud-native application protection platform (CNAPP). The partnership provides an integration offering MDR for Wiz toxic risk combinations (including vulnerabilities, secrets, malware, and threats), allowing customers to secure across their cloud environments…

Read more →

Cryptomator offers open-source, client-side encryption of your files in the cloud. It’s available for Windows, Linux, macOS and iOS. Cryptomator works with Dropbox, Google Drive, OneDrive, MEGA, pCloud, ownCloud, Nextcloud, and any other cloud storage service that synchronizes with a…

Read more →

Cybercriminals are capitalizing on the travel and hospitality industry’s peak season, using increased traffic as cover for their attacks, according to Cequence Security. Researchers investigated the top 10 travel and hospitality sites to identify externally visible edge, cloud infrastructure, application…

Read more →

Business Information Security Officer Toyota North America | USA | On-site – View job details Acting as an Information Security ambassador to the business, this role works with technology, data, risk, business, and the larger TFS Information Security team to…

Read more →

GenAI, deepfakes and cybercrime are critical threats putting intensifying pressures on businesses, according to Experian. Top online security concerns for consumers According to the FTC, consumers reported losing more than $10 billion to fraud in 2023 alone, representing a 14%…

Read more →

DigitalOcean announced updates to its role-based access control (RBAC), a method for managing user access to systems and resources within an organization by assigning permissions to roles rather than to individual users. This updates are highlighted by a new set…

Read more →

Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials enabling the attackers to access the providers’ downstream…

Read more →

Hillstone Networks has launched the latest version of its operating system, StoneOS 5.5R11. This update includes over 200 new functionalities and improvements designed to enhance threat protection and facilitate enterprise network operations in an increasingly complex and demanding environment. Key…

Read more →

RSA announced new passwordless, phishing-resistant capabilities that meet stringent technical standards and can help public sector agencies, contractors, and systems integrators fulfill Executive Order 14028 and National Security Memo 8 to improve the nation’s cybersecurity. The RSA Authenticator App is…

Read more →

Evolving global data privacy regulations are keeping marketers on their toes. In April 2024, the American Privacy Rights Act (APRA) was introduced in the Senate. The proposed bill would create a federal consumer privacy framework akin to the GDPR, which…

Read more →

Data breaches have become an increasingly severe threat, with recent reports highlighting a surge in their frequency and cost. Understanding the latest trends and statistics surrounding data breaches is essential for developing effective strategies to safeguard sensitive information. This article…

Read more →

In this Help Net Security interview, Jean-Philippe Aumasson, discusses the writing and research process for Serious Cryptography, his latest book. With a career steeped in research and practical cryptography, Aumasson offers a rare glimpse into the efforts required to distill…

Read more →

44% of unfolding ransomware attacks were spotted during lateral movement, according to Barracuda Networks. 25% of incidents were detected when the attackers started writing or editing files, and 14% were unmasked by behavior that didn’t fit with known activity patterns.…

Read more →

SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is an improper access control vulnerability in the “SonicWall…

Read more →

Hitachi Vantara and Broadcom announced a new private and hybrid cloud solution. The co-engineered solution brings together Hitachi Vantara’s integrated systems solution of Unified Compute Platform (UCP) RS with VMware Cloud Foundation to assist organizations in navigating the complexities brought…

Read more →