Category: Help Net Security

Cozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday,…

Read more →

Protect AI announced Guardian which enables organizations to enforce security policies on ML Models to prevent malicious code from entering their environment. Guardian is based on ModelScan, an open-source tool from Protect AI that scans machine learning models to determine…

Read more →

1Kosmos announced BlockID 1Key, a biometric security key to provide a phishing-resistant passwordless multi-factor authentication option for Sensitive Compartmented Information Facilities (SCIF), manufacturing clean rooms, customer help desks, higher education labs, retail bank branches, healthcare providers and other restricted environments…

Read more →

Cequence Security announced a new partnership with Vercara, a provider of cloud-based services that secure the online experience. This collaboration aims to fortify the cybersecurity landscape by pairing Vercara’s network and application protections with Cequence Security’s innovative Unified API Protection…

Read more →

ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group, which they dubbed Blackwood. Blackwood has carried out cyberespionage operations against individuals and companies from China, Japan, and the United Kingdom. It leverages adversary-in-the-middle techniques…

Read more →

All types of cyber threat actor are already using artificial intelligence (AI) to varying degrees, UK National Cyber Security Centre’s analysts say, and predict that AI “will almost certainly increase the volume and heighten the impact of cyberattacks over the…

Read more →

Business executives are worried about accidental internal staff error (71%) almost as much as they are worried about external threats (75%). But which of the two is a bigger threat to a company? External vs insider threats External threats can…

Read more →

In this Help Net Security interview, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, outlines the crucial tasks for CISOs in protecting supply chains and achieving comprehensive visibility. Warfield also discusses the vital collaboration between security and development…

Read more →

Automated Emulation is an open-source Terraform template designed to create a customizable, automated breach and attack simulation lab. The solution automatically constructs the following resources hosted on AWS: One Linux server deploying Caldera, Prelude Operator Headless, and VECTR One Windows…

Read more →

Global attack attempts more than doubled in 2023, increasing 104%, according to Armis. Blind spots and critical vulnerabilities are worsening, with 45% of critical CVEs remaining unpatched. Utilities (over 200% increase) and manufacturing (165% increase) were the most at risk…

Read more →

AI and ML deserve the hype they get, but the focus can’t always be on the glitz. As these advances to deliver real benefits, there’s a slew of more mundane actions that have to be taken—and in 2024, this is…

Read more →

Stack Identity has unveiled the expansion of the Identity Access Risk Management Platform with identity threat detection and response (ITDR) to tackle shadow access and shadow identities. Identity-centric attacks have exploded as the primary vector among cyberattacks, showcasing extreme gaps…

Read more →

Venafi introduced its new Stop Unauthorized Code Solution, designed to help security teams proactively prevent unauthorized code across any operating environment. By leveraging the combined power of Venafi’s CodeSign Protect product, trusted team of security experts and expansive technology ecosystem,…

Read more →

Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based managed file transfer solution widely used…

Read more →

Enzoic announced a partnership with ThreatQuotient, an innovative security operations platform provider. Through the agreement, the latter is integrating Enzoic’s Dark Web monitoring capabilities to scan for exposure and help customers act at the first sign of compromise. The ThreatQ…

Read more →

Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based managed file transfer solution widely used…

Read more →

VIVOTEK introduces its cloud-based security service VORTEX, emphasizing a smarter and easier approach. Now featuring the latest addition – VORTEX Connect, this new feature is integrated into VIVOTEK’s latest generation Network Video Recorders (NVRs), allowing users to seamlessly connect to…

Read more →

Securiti and Lacework announced a strategic partnership that allows customers to be smarter than ever when protecting cloud data. This collaboration unites Lacework, a Cloud Native Application Protection Platform (CNAPP), and Securiti’s Data Command Center with built-in Data Security Posture…

Read more →

Stellar Cyber announced a new partnership with Proofpoint, a cybersecurity and compliance company. Through this alliance, Proofpoint and Stellar Cyber customers benefit from an out-of-the-box integration enabling swift email investigations and real-time response actions to email-driven attacks. Proofpoint Targeted Attack…

Read more →

Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnerability management.…

Read more →