Category: Help Net Security

Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Many organizations no longer feel it’s adequate to secure data…

Read more →

Security practitioners are under a tremendous amount of pressure to secure today’s applications, according to Cycode. The research found that AppSec chaos reigns, with 78% of CISOs responding that today’s AppSec attack surfaces are unmanageable and 90% of responders confirmed…

Read more →

Even as organizations accelerate AI adoption, the majority don’t understand the AI skills their employees possess, if any, or have an upskilling strategy to develop them, according to Pluralsight. “AI is transforming the way that business is done, but many…

Read more →

33% of Americans have used a sports-related term in a password, according to Bitwarden. Those who have are twice as likely to have used one inspired by a professional sports team (46%) versus a college sports team (22%). 49% of…

Read more →

Phylum announced the availability of the Phylum Threat Feed and its partnership with Sumo Logic. With the Phylum App for Sumo Logic, users can know if their organization has been impacted by software supply chain risks, including: Zero-day attacks Credential…

Read more →

HireRight launched its new global identity verification solution, Global ID. With identity theft and fraud on the rise—and many employees being onboarded and working remotely—it is arguably more important than ever to verify candidates’ identities. HireRight’s new digital Global ID…

Read more →

Netskope has unveiled the completion of the rollout of Localization Zones to its NewEdge security private cloud offering a localized experience for 220 countries and territories, including every non-embargoed UN member state. While a move to a cloud web proxy…

Read more →

Attackers usually gain access to an organization’s cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them in public code repositories. These are long-term access tokens associated with an AWS IAM or…

Read more →

Cybersixgill announced new features and capabilities that take security teams’ threat detection and mitigation efforts to new levels, helping them identify and mitigate vulnerabilities and detect and stop threats more quickly and effectively. Cybersixgill’s new Identity Intelligence module enables centralized…

Read more →

Malwarebytes announced its comprehensive vulnerability assessment module is now included in every ThreatDown bundle at no additional cost via its integrated console. Many IT organizations are struggling with rising cybersecurity costs associated with annual vendor price increases and the necessity…

Read more →

Daon announced the addition of xSentinel, an expansion of its AI.X technology. xSentinel provides adaptive synthetic voice protection to create a layer of defense within any voice communication channel and enhance the identity verification technologies suite on Daon IdentityX and…

Read more →

1Kosmos announced it has completed the integration of its 1Kosmos BlockID platform with Amazon Cognito. As an AWS Advanced Technology Partner, 1Kosmos enables Amazon customers to seamlessly add passwordless multi-factor authentication (MFA) to their customer-facing web and mobile application journeys.…

Read more →

AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an automated fashion. “The method, known as the Tree of Attacks with Pruning (TAP), can be…

Read more →

As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. This will put organizations at higher risk if they don’t adopt a more…

Read more →

Despite advanced security protocols, many cybersecurity incidents are still caused by employee actions. In this Help Net Security video, John Scott, Lead Cybersecurity Researcher at CultureAI, discusses how integrating AI and automation into your cybersecurity strategy can improve employee behaviors…

Read more →

90% of the world’s largest energy companies experienced a third-party breach in the past 12 months, according to SecurityScorecard. Powering the global economy and everyday activities, the energy sector’s significance makes it a key focus for cyber threats. The urgency…

Read more →

OpenTofu is an open-source alternative to Terraform’s widely used Infrastructure as Code provisioning tool. Previously named OpenTF, OpenTofu is an open and community-driven response to Terraform’s recently announced license change from a Mozilla Public License v2.0 (MPLv2) to a Business…

Read more →

Panther Labs launched its new Security Data Lake Search and Splunk Integration capabilities. These offerings mark a critical leap forward in managing security risks in today’s cloud-first landscape. As organizations race to implement machine learning capabilities, they’re increasingly reliant on…

Read more →

Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data vulnerability…

Read more →

Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that…

Read more →