Category: Help Net Security

Earlier this month, the FBI published a private industry notification about Storm-0539 (aka Atlas Lion), a Morocco-based cyber criminal group that specializes in compromising retailers and creating fraudulent gift cards. Microsoft then went more in-dept on the group’s tactics, techniques,…

Read more →

Huntress announced that its Managed Endpoint Detection and Response (EDR) product now includes Active Remediation and macOS coverage. Huntress EDR previously included proactive isolation to stop the spread of threats immediately, click-to-approve remediation, and guided recovery and cleanup. With the…

Read more →

Illumio and Netskope announced a Zero Trust partnership that brings together the power of Zero Trust Segmentation (ZTS) and Zero Trust Network Access (ZTNA) to protect against breaches and build cyber resilience. The new partnership combines Illumio ZTS with Netskope…

Read more →

For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit. About CVE-2024-5274 As per usual, Google keeps technical details of the vulnerability under wraps.…

Read more →

Picus Security announced security validation for Kubernetes. This new capability allows Security and DevOps teams to realize the benefits of containers securely by proactively measuring and optimizing the resilience of clusters. It is the latest innovative addition to the Picus…

Read more →

Code42 announced that it has partnered with Mimecast to release Mimecast for Incydr Flows. The integrated solution helps to protect organizations from data leaks and theft by giving users visibility into risky user activities across email, web, cloud, and more…

Read more →

Compared to the last quarter of 2023, data breaches rose from 81M to 435M in Q1 2024. That’s a 5-fold increase in just a few months. One of the most common ways data breaches happen is through apps like Facebook…

Read more →

Fail2Ban is an open-source tool that monitors log files, such as /var/log/auth.log, and blocks IP addresses that exhibit repeated failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses for a…

Read more →

The frequency and severity of cyberattacks are increasing—yet most businesses remain unprepared, according to VikingCloud. Between a growing talent shortage, alert fatigue, and new sophisticated attack methods, companies are more susceptible than ever. The research reveals that 40% of cyber…

Read more →

Only 40% of organizations feel fully prepared to meet the compliance demands of rising cybersecurity regulations, according to a new Swimlane report. Organizations still feel unprepared for new regulations despite 93% of organizations rethinking their strategies and 92% increasing budgets.…

Read more →

One in three organizations are not currently able to proactively identify, assess, and mitigate risk with their GRC program, nor are they able to ensure compliance with regulations and frameworks – both key aspects of a mature, holistic GRC program,…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from CyberArk, OneTrust, PlexTrac, and Strike Graph. CyberArk CORA AI accelerates identity threat detection CyberArk announced CyberArk CORA AI, a new set of AI-powered capabilities that…

Read more →

Courtroom recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher has warned last month. After analyzing a flagged installer detected in a customer’s…

Read more →

Legitimate recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher has warned last month. After analyzing a flagged installer detected in a customer’s…

Read more →

A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of potential victims: instances are vulnerable to attack…

Read more →

OneTrust announced the expansion of OneTrust solutions to help organizations drive operational resilience and risk management across their extended enterprise, as well as comply with regulations like the European Union’s (EU) Digital Operational Resilience Act (DORA). Through DORA, the EU…

Read more →

SOCRadar announced the successful completion of its Series B funding round, raising $25.2 million. The round was led by PeakSpan Capital, with participation from Oxx, reflecting investor confidence in SOCRadar’s innovative approach to cybersecurity. External cybersecurity has rapidly escalated in…

Read more →

As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability (CVE-2023-43208) in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for Health (ARPA-H) has announced…

Read more →

Over the past few years, traditional phishing messages — with their pervasive linguistic errors, thinly-veiled malicious payloads, and often outlandish pretexts — have been on the decline. Easily detected by most of today’s standard email security tools (and thoroughly unconvincing…

Read more →

In this Help Net Security, Prakash Mana, CEO at Cloudbrink, discusses the primary challenges companies face when transitioning to a SASE architecture and how to overcome them. What are companies’ primary challenges when transitioning to a SASE architecture, and how…

Read more →