Category: Help Net Security

Kyndryl announced an expanded partnership with Google Cloud to develop responsible generative AI solutions and to accelerate adoption among customers. Kyndryl and Google Cloud have worked together since 2021 to help global businesses transform with Google Cloud’s advanced AI capabilities…

Read more →

For more than 12 years, I’ve been organizing and running hackathons with the goal of finding security vulnerabilities and fixing them before a product hits the market. These events can play a pivotal role in the product development lifecycle, increasing…

Read more →

SOAPHound is an open-source data collection tool capable of enumerating Active Directory environments through the Active Directory Web Services (ADWS) protocol. How SOAPHound works SOAPHound is a substitute for various open-source security tools typically employed for extracting data from Active…

Read more →

In this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing cybersecurity services. She compares the cost-effectiveness of outsourcing to maintaining an in-house team, noting the challenges of…

Read more →

As-a-service attacks continue to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up the majority of malicious tools in use by attackers, according to Darktrace. Cybercriminals exploit as-a-Service tools As-a-Service tools can provide attackers with everything…

Read more →

OAuth apps have become prominent in several attack groups’ TTPs in recent years. OAuth apps are used for every part of the attack process. In this Help Net Security video, Tal Skverer, Research Team Lead at Astrix Security, shares insights…

Read more →

Securiti AI released AI Security & Governance offering, providing a solution to enable safe adoption of AI. It combines comprehensive AI discovery, AI risk ratings, Data+AI mapping and advanced Data+AI security & privacy controls, helping organizations adhere to global standards…

Read more →

Qualys unveiled TotalCloud 2.0. This significant upgrade to Qualys’ AI-powered cloud native application protection platform (CNAPP) delivers a single prioritized view of cloud risk and is the first to extend its protection to SaaS applications. The shift toward multi-cloud and…

Read more →

Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor. “The effects of the intrusion were limited because the victim network was segmented…

Read more →

SolarWinds announced enhancements to its SaaS-based and self-hosted, on-premises observability solutions built to monitor and observe complex, distributed environments from anywhere. The AI-powered enhancements enable teams to manage on-prem, hybrid, or cloud-native ecosystems with full-stack visibility across networks, infrastructure, databases,…

Read more →

Though there are organizations out there investigating how commercial spyware is misused to target journalists, human rights defenders and dissidents, the growing market related to the development and sale of this type of software and the exploits used to deploy…

Read more →

OneTrust introduced Data Privacy Maturity Model. The model provides privacy, security, marketing, and data teams with the resources to transform their privacy programs from tactical compliance initiatives that mitigate risk, to strategic customer trust imperatives that unlock the value of…

Read more →

DynaRisk launched Cyber Intelligence Data Lake. This major feature upgrade propels the company’s capabilities in preventing and predicting hacker activity. DynaRisk’s Cyber Intelligence Data Lake is a leap forward in the cyber risk management landscape, offering next-generation intelligence quickly and…

Read more →

Entrust has entered into exclusive discussions to acquire Onfido. With this contemplated acquisition, Entrust would add a compliant AI/ML-based biometric and document IDV tech stack to its portfolio of identity solutions. Additionally, Entrust would have the opportunity to advance the…

Read more →

CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted…

Read more →

JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About CVE-2024-23917 CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative…

Read more →

Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. It’s also equipped for incident response, continuous monitoring, hardening, and forensics preparation. Details The tool includes hundreds of controls that align…

Read more →

According to recent surveys, 98% of organizations keep their financial, business, customer and/or employee information in the cloud but, at the same time, 95% of cloud security professionals are not sure their security protections and their team would manage to…

Read more →

Threat actors aren’t looking for companies of specific sizes or industries, they are looking for opportunities. Given that many companies operate in the dark and overlook breaches until ransomware attacks occur, this makes the threat actors’ job easy. It also…

Read more →

In this Help Net Security interview, Jamieson O’Reilly, Founder of DVULN, discusses adversary simulations, shedding light on challenges rooted in human behavior, decision-making, and responses to evolving cyber threats. Unveiling the interplay between red and blue teams, O’Reilly talks about…

Read more →