Concentric AI unveiled that its Semantic Intelligence DSPM solution now offers sensitive data discovery, identification, risk monitoring, and remediation protection for audio and video files, furthering the data protection capabilities of its DSPM solution. As a result of update to…
Category: Help Net Security
Russian hackers target unpatched JetBrains TeamCity servers
Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. The targets APT 29 (aka CozyBear, aka Midnight Blizzard), believed to be…
Confirm strenghtens trust and security in online marketplaces
Confirm launched a portable digital identity solution designed to bolster trust and security in online marketplaces. Using identity protocols paired with intuitive user experiences, Confirm allows people to create a secure, verified digital ID — a ConfirmID — which they…
Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)
Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. “Attackers aim to deploy webshells, with some cases targeting the parameter ‘fileFileName’ – a deviation from the original…
Cybercrime operation that sold millions of fraudulent Microsoft accounts disrupted
Microsoft disrupted an alleged threat actor group that built viable cybercrime-as-a-service (CaaS) businesses. Dubbed Storm-1152 by Microsoft, the group bilked enterprises and consumers globally out of millions of dollars. Images of Storm-1152’s illicit websites. Source: Microsoft Cybercrime-as-a-service is a model…
EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure
Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems. However, these devices often lack proper security controls and are insufficiently tested for vulnerabilities.…
GuardRail: Open-source tool for data analysis, AI content generation using OpenAI GPT models
GuardRail OSS is an open-source project delivering practical guardrails to ensure responsible AI development and deployment. GuardRail: Tailored to an organization’s AI needs GuardRail OSS offers an API-driven framework for advanced data analysis, bias mitigation, sentiment analysis, content classification, and…
Digital ops and ops management security predictions for 2024
CISOs don’t need a crystal ball – they already know that 2024 will be another tough year, especially with AI at everyone’s mind. Instead of playing catch-up regarding the security of emerging tech like generative AI, organizations will prioritize investment…
Staying ahead in 2024 with top cybersecurity predictions
What will 2024 hold for the cybersecurity landscape? In this Help Net Security video, Steve Cobb, CISO at SecurityScorecard, offers his take on what professionals can expect next year. The post Staying ahead in 2024 with top cybersecurity predictions appeared…
Microsoft ICSpector: A leap forward in industrial PLC metadata analysis
Microsoft ICSpector is an open-source forensics framework that enables the analysis of industrial PLC metadata and project files. Architecture The framework provides investigators with a convenient way to scan for PLCs and identify any suspicious artifacts within ICS environments, which…
Organizations prefer a combination of AI and human analysts to monitor their digital supply chain
The number of cyber breaches targeting organizations’ supply chains continues to rise, with an average 4.16 breaches reported to be negatively impacting operations this year — a 26% increase from the mean number of 3.29 breaches in 2022, according to…
Visa Provisioning Intelligence predicts probability of token fraud
Visa launched Visa Provisioning Intelligence (VPI), an AI-based product designed to combat token fraud at its source. Available as a value-added service for clients, VPI uses machine learning to rate the likelihood of fraud for token provisioning requests, helping financial…
DNSFilter introduces new capability to filter generative AI
DNSFilter announced the expansion of its protective DNS software with a new Generative AI category. DNSFilter’s defense provides organizations of all sizes the ability to secure their network against harmful threats such as malware, botnet, and phishing in order to…
Zscaler launches Business Insights for smarter SaaS management and office optimization
Zscaler has unveiled Business Insights, a new addition to its Business Analytics portfolio, which enables organizations to curtail SaaS sprawl and optimize office usage to improve workplace experience while saving money. Additionally, Zscaler unveiled several enhancements to its wider Business…
Common Sense Privacy protects consumer privacy with AI-powered software platform
Common Sense Privacy debuts software to help companies better assess and manage privacy regulatory risks. Building on foundational IP from Common Sense Media, the nation’s leading child advocacy nonprofit organization, the platform boasts the most extensive repository of privacy evaluations…
Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365
Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service (BaaS) for Microsoft 365. Utilizing the power and reliability…
SAFE Materiality Assessment Module identifies top cyber risk scenarios
Safe Security announced its new SAFE Materiality Assessment Module, enabling security and risk leaders to achieve SEC compliance by estimating and tracking materiality of cyber incidents. Safe Security’s materiality module is based on the fully tunable Factor Analysis of Information…
Drata unveils Third-Party Risk Management offering to help security teams identify risks
Drata announced its Third-Party Risk Management (TPRM) offering, empowering customers to identify, evaluate, and monitor third-party risks in one centralized and integrated platform. Third-party risk has become a critical element of a strong governance, risk, and compliance (GRC) program, especially…
Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns
Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications OAuth is an open standard authentication protocol that uses tokens to grant applications access to server resources without having to…
EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)
Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In December 2023, we delivered…