Category: Help Net Security

In this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies…

Read more →

The oft-quoted Chinese military strategist Sun Tzu famously claimed: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Exchange “battles” for “cyberattacks”, and the maxim will hold. But too much information…

Read more →

Fabric is an open-source framework, created to enable users to granularly apply AI to everyday challenges. Key features “I created it to enable humans to easily augment themselves with AI. I believe it’s currently too difficult for people to use…

Read more →

While AI technology has the potential to streamline and automate processes for beneficial outcomes, it also comes with an equal number of risks to data protection, cybersecurity, and other ethical concerns, according to iProov. Digital ecosystems continue to grow and…

Read more →

Cybercriminals increasingly use open-source intelligence (OSINT) to craft convincing backstories, often by mining social media profiles for details on a target’s profession, interests, and routines. Armed with these personal insights, these malicious actors leverage chatbots to compose highly persuasive messages.…

Read more →

Initial access brokers (IABs) are increasingly targeting entities within NATO member states, indicating a persistent and geographically diverse cyberthreat landscape, according to Flare. IABs infiltrate systems and gain unauthorized access through various techniques, including spear-phishing, exploiting unpatched vulnerabilities, and leveraging…

Read more →

On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen…

Read more →

Sumsub has launched a Deepfake Detection feature integrated into its Video Identification solution. This comes as AI-powered fraud increasingly targets businesses, not just individual users. Sumsub’s 2023 Identity Fraud Report revealed a 10x increase in the number of deepfakes detected…

Read more →

With more voters than ever in history heading to the polls in 2024, Resecurity has identified a growing trend of malicious cyber-activity targeting sovereign elections globally. In an era of unprecedented geopolitical volatility, this trend is particularly concerning, as Time…

Read more →

Sigma Defense Systems launched Sigma Software Studio, a DevSecOps platform poised to revolutionize software development for the DoD and government agencies. Rooted in Sigma’s collaboration with PEO Digital and Black Pearl, Sigma Software Studio, is a DevSecOps platform designed for…

Read more →

Nucleus Security has announced it has secured $43 million in Series B funding led by Arthur Ventures and Lead Edge Capital. This milestone marks a significant leap forward in the company’s mission to redefine how enterprises manage risk exposure from…

Read more →

Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation Ivanti disclosed CVE-2024-21893 – a server-side request forgery (SSRF)…

Read more →

CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-43770 Roundcube…

Read more →

In this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats. He points out the changes in threat tactics, the…

Read more →

Generative AI based on large language models (LLMs) has become a valuable tool for individuals and businesses, but also cybercriminals. Its ability to process large amounts of data and quickly generate results has contributed to its widespread adoption. AI in…

Read more →

Basically, DLP systems are aimed at prevention of data leaks, and in real-life mode they monitor and block (if required) transmitting of confidential data. However, the traditional approach to DLP system isn’t sufficient. That’s why SearchInform offers the next-gen platform…

Read more →

In this Help Net Security video, Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, discusses how purple teaming allows security teams to break down barriers between teams and increase operational effectiveness. It’s no longer about team red…

Read more →

QR code attacks, or “quishing” attacks, have emerged as a popular tactic among cybercriminals, with no signs of slowing down, according to Abnormal Security. Although phishing emails have grown in sophistication over time, the end goal has stayed the same:…

Read more →

Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild. The exploitation-in-the-wild has been confirmed by CISA, by adding it to its Known Exploited Vulnerabilities (KEV) catalog, though…

Read more →

OneTrust announced its newest platform features that make it easier for customers to govern their use of AI and accelerate AI innovation, ensure the responsible use of data across the entire data lifecycle, and achieve compliance program efficiency through enhanced…

Read more →