Category: Help Net Security

While ChatGPT and Bard have proven to be valuable tools for developers, marketers, and consumers, they also carry the risk of unintentionally exposing sensitive and confidential data. From a security point of view, it always pays to think one step…

Read more →

As the April 15, 2024 tax filing deadline approaches in the US, some old and some new tax-related scams targeting both taxpayers and tax professionals. Tax-related scams targeting taxpayers With taxpayers rushing to file their personal federal income tax return,…

Read more →

With no sign of regulations slowing down, enterprises struggle to keep pace with the rapid changes. According to a recent NTT Data survey of business executives, 3 in 4 organizations can’t keep up with data regulations, holding them back from…

Read more →

While 70% of organizations feel their current security stacks are effective against image-based and QR code phishing attacks, 76% were still compromised in the last 12 months, according to IRONSCALES and Osterman Research. IT pros are highly aware of emerging…

Read more →

As data breaches continue to expose sensitive healthcare information, with over 118 million patients impacted in the United States in 2023, Cynerio has extended its commitment to enhancing cybersecurity in the healthcare sector. With a focus on addressing critical cybersecurity…

Read more →

Windstream Enterprise unveiled Secure Flex Premium, a comprehensive suite of advanced technology solutions powered by Fortinet that provides a fully customizable cybersecurity infrastructure aimed to address the current and future network security needs of each unique customer. Through a bespoke…

Read more →

Midnight Blizzard (aka APT29), a group of Russian hackers tied to the country’s Foreign Intelligence Service (SVR), has leveraged information stolen from Microsoft corporate email systems to burrow into the company’s source code repositories and internal systems. “It is apparent…

Read more →

This collection of free cybersecurity guides covers a broad range of topics, from resources for developing cybersecurity programs to specific guides for various sectors and organizations. Whether you work for a small business, a large corporation, or a specific industry,…

Read more →

In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. Memory safety…

Read more →

In this Help Net Security video, Mike Britton, CISO at Abnormal Security, discusses how energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. According to Abnormal Security data, from February 2023 to…

Read more →

CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security’s cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques,…

Read more →

97% of technology leaders find traditional AIOps models are unable to tackle the data overload, according to Dynatrace. Organizations are drowning in data The research reveals that organizations are continuing to embrace multi-cloud environments and cloud-native architectures to enable rapid…

Read more →

Insider threats encompass both intentional and unintentional actions. Some insiders may maliciously exploit their access for personal gain, espionage, or sabotage, while others may inadvertently compromise security protocols due to negligence, lack of awareness, or coercion. Consequently, the challenge for…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What organizations need to know about the Digital Operational Resilience Act (DORA) In this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader…

Read more →

Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML authentication token. “The attacker could then use…

Read more →

Identiv launched bitse.io 3.0, the latest iteration of its global IoT connecting cloud platform. The updated platform offers advanced features designed to transform applications in supply chain management, brand protection, and customer engagement. bitse.io simplifies the deployment of innovative IoT…

Read more →

We’re almost at our third Patch Tuesday and wrapping up the first quarter 2024. Time flies by! Microsoft is starting to push users to update their operating systems as their active version is approaching end-of-support. The February 2024 Patch Tuesday…

Read more →

Security leaders recognize that the pattern of buying new tech and the frantic state of find-fix vulnerability management is not working, according to Cymulate. Security leaders take proactive approach to cybersecurity Rather than waiting for the next big cyberattack and…

Read more →

“At the most basic level, AI has given malicious attackers superpowers,” Mackenzie Jackson, developer and security advocate at GitGuardian, told the audience last week at Bsides Zagreb. These superpowers are most evident in the growing impact of fishing, smishing and…

Read more →

In this Help Net Security video, Kory Daniels, CISO at Trustwave, shines a light on the impact the current threat environment can have for both universities and students. Key findings from a recent Trustwave report include: – 1.8 million devices…

Read more →

In this Help Net Security interview, Sanjay Macwan, CIO and CISO at Vonage, addresses emerging threats to cloud communications and the role of AI and automation in cybersecurity. What emerging threats to cloud communications are you most concerned about, and…

Read more →

MITRE now offers an open-source version of its Aviation Risk Identification and Assessment (ARIA) software suite, OpenARIA. This initiative is dedicated to enhancing aviation safety and efficiency through the active involvement of the aviation community. ARIA suite The first prototype…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Check Point, Delinea, Pentera, and Sentra. Delinea Privilege Control for Servers enforces least privilege principles on critical systems In Privilege Control for Servers, session recording…

Read more →

Bitdefender unveiled GravityZone CSPM+, a Cloud Security Posture Management (CSPM) solution for monitoring and managing configurations of cloud infrastructures including AWS, Google Cloud Platform, Microsoft Azure and others. In addition, GravityZone CSPM+ incorporates threat detection and response along with Cloud…

Read more →

Defense Unicorns has raised a $35 million Series A funding round led by Sapphire Ventures and Ansa Capital. Founded by early leaders of the Department of Defense’s software factories – a grassroots Air Force initiative turned mandate to accelerate secure,…

Read more →

FileCloud announced several new product advancements to help customers meet enterprise data protection requirements. “FileCloud makes it simple for enterprise organizations to meet their content governance, privacy and compliance requirements, specifically when there are complex objectives in hybrid environments,” said…

Read more →

VMware has fixed four vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine. About the vulnerabilities VMware ESXi is a…

Read more →

Skybox Security announced Skybox 13.2, introducing enhancements to its Vulnerability and Threat Management solution. These updates mark a significant milestone in vulnerability prioritization and attack surface management, empowering organizations with clarity and control over their cybersecurity posture. Traditional vulnerability scanners…

Read more →

Liveness detection, both for individuals and their IDs, has become a cornerstone for a secure customer onboarding process. It is especially crucial in remote scenarios where document submission and verification are done via the Internet. With 65% of organizations globally…

Read more →

Veeam Software announced an extended, five-year strategic partnership with Microsoft to innovate new solutions for protecting customers by integrating Veeam’s product family and Microsoft Copilot and AI services. In addition to joint innovation, the companies will bring to market data…

Read more →

A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced by major manufacturers. “Our Web-Based (WB) PLC malware resides in PLC memory, but ultimately gets executed…

Read more →

Paramount Defenses released Gold Finger version 8.0 for Microsoft Active Directory. From America to Israel, from the European Union to Saudi Arabia and from India to Australia, Active Directory is the foundation of cyber security at thousands of business and…

Read more →

98% of companies surveyed view some of their AI models as vital for business success, and 77% have experienced breaches in their AI systems over the past year, according to HiddenLayer. The report surveyed 150 IT security and data science…

Read more →

Tazama is an open-source platform focused on improving fraud management within digital payment systems. Tazama marks a substantial transformation in the approach to financial monitoring and compliance worldwide. Previously, the financial sector struggled with proprietary solutions that were both expensive…

Read more →

In this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and how these shifts…

Read more →

The darknet is home to many underground hacking forums in which cybercriminals convene, freely sharing stories, tactics, success stories and failures. Their unguarded discussions allow our team to peek into the politics and ethics behind recent adversary activities. The threat…

Read more →

Cybersecurity remained a top priority and an area of growth for MSPs, with 73% saying it’s a top revenue driver for their business, according to Kaseya. Ongoing cyberattack threats impact MSPs The threat of cyberattacks continues to weigh on MSPs…

Read more →

IONIX announced a significant extension to its Attack Surface Management (ASM) platform, Automated Exposure Validation. Customers of IONIX can now benefit from Exposure Validation capabilities for continuous exploitability testing on production environments without risk of disruption. IONIX leverages a toolbox…

Read more →

Check Point has introduced Harmony SaaS, which offers protection by seamlessly integrating into customers’ existing infrastructure and providing real-time threat prevention. “With the exponential rise in SaaS adoption, organizations face unprecedented challenges in maintaining robust security and regulatory compliance. Check…

Read more →

Lookout announced an edition of the Lookout Cloud Security Platform, the Company’s Security Service Edge (SSE) solution, that specifically addresses the unique challenges and demands faced by mid-sized enterprises. This includes an automated deployment process that empowers IT security teams…

Read more →

Cloudflare introduced Magic Cloud Networking, a simple, secure and scalable way for businesses to connect and secure their public cloud environments. To accelerate its entrance into the new market, Cloudflare acquired the technology of Nefeli Networks – a multicloud networking…

Read more →

Metomic announced Metomic for Slack Enterprise. By partnering with Slack, Metomic gives security teams full visibility and control of sensitive data sent across an organization’s entire Slack workspace. Metomic for Slack enables heightened levels of security within public, private and…

Read more →

Deepwatch introduced its open security data architecture, which provides customers with their choice of cloud and local data sources, including support for a broad range of Security Information and Event Management (SIEM) solutions as well as data lake, XDR, and…

Read more →

Six months after coming out of stealth, Sweet Security is announcing a $33 million Series A funding round. The round was led by Evolution Equity Partners, joined by Munich Re Ventures and Glilot Capital Partners. Capitalizing on its strong market…

Read more →

Pentera launched Pentera Cloud as part of its automated security validation platform to complement its renowned Pentera Core and Surface products. Pentera Cloud is the software product enabling on-demand security testing and resilience assessment of corporate cloud accounts against cloud-native…

Read more →

Appian released the latest version of the Appian Platform. The release introduces the new generative AI prompt builder AI skill, which lets users easily leverage generative AI in a secure and private AI architecture that accelerates their business processes. The…

Read more →

Pathlock intorduced its SAP application and data security product suite, Cybersecurity Application Controls (CAC). The release is part of Pathlock’s vision to help SAP customers establish a zero-risk approach to identity and application access by implementing strong controls and monitoring…

Read more →

Apple has fixed two iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) exploited by attackers in the wild. CVE-2024-23225 and CVE-2024-23296 On Tuesday, Apple released security updates for all three supported branches of iOS and iPadOS. iOS and iPadOS 17.4 carry fixes for…

Read more →

API integrations often handle sensitive data, such as employees’ personally identifiable information (PII), companies’ financial information, or even clients’ payment card data. Keeping this data safe from attackers—while ensuring that the integrations perform at the desired level—requires adopting several security…

Read more →

In this Help Net Security video, Chris Bowen, CISO at ClearDATA, emphasizes the importance of digital health companies being more transparent with their users. As more and more Americans flock to direct-to-consumer digital health apps and resources, most people don’t…

Read more →

RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques. How RiskInDroid works “A user should be able to quickly assess an application’s level of risk by simply glancing…

Read more →

Your success as an organization, especially in the cyber realm, depends on your security posture. To account for the ongoing evolution of digital threats, you need to implement robust governance control programs that address the current control environment and help…

Read more →

Data loss from insiders continues to pose a growing threat to security, with emerging technologies such as AI and generative AI (GenAI) only compounding the issue, indicating swift action is needed, according to Code42. Since 2021, there has been a…

Read more →

Sentra announced Sentra Jagger, a Large Language Model (LLM)-assistant for cloud data security. This new capability enhances the functionality of Sentra’s core Data Security Posture Management (DSPM) and Data Detection and Response (DDR) platform by enabling users to promptly address…

Read more →

Cloudflare announced the development of Firewall for AI, a new layer of protection that will identify abuse and attacks before they reach and tamper with Large Language Models (LLMs), a type of AI application that interprets human language and other…

Read more →

Axonius announced it has secured $200 million in a Series E extension funding round led by Accel and Lightspeed Venture Partners. Stripes also participated. This new round of funding is intended to accelerate innovation and scale across the globe as…

Read more →

Bitdefender launched GravityZone Cloud MSP Security Solutions, a new offering designed specifically for managed service providers (MSPs) and their business customers that delivers endpoint protection and managed detection and response (MDR) services to detect and eradicate cyberthreats as they occur…

Read more →

NetApp announced cyber-resiliency capabilities that will equip customers to better protect and recover their data in the face of ransomware threats. NetApp integrates artificial intelligence (AI) and machine learning (ML) directly into enterprise primary storage to fight ransomware in real-time.…

Read more →

Delinea announced the introduction of Privilege Control for Servers on the Delinea Platform, enforcing least privilege principles on critical systems consistently across identities to combat stolen credentials and restrict lateral movement. The Delinea Platform combines enterprise vaulting, VPN-less privileged remote…

Read more →

Okta announced Fine Grained Authorization (FGA) to address authorization complexities for developers. FGA allows developers to design authorization models in a way that’s centralized, flexible, scalable, and easy to use. With FGA, development teams can spend less time building and…

Read more →

A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM) hashes contain users’ (encoded) passwords.…

Read more →

Understanding risk is one thing, but how do you know if your organization has what it takes to withstand those risks being realized? Establishing cyber maturity can help determine resilience, where the strengths and weaknesses lie, and what needs to…

Read more →

In this Help Net Security video, Ryan Amparo, Field Application Engineer at Kingston Technology, discusses the benefits of encrypted external SSDs and USBs for hybrid workforces. He talks about the differences between software and hardware encryption, why it’s important, and…

Read more →

Increasingly, information about us, and even by us, is being processed. Even mundane or insignificant details can be combined and linked with other data in a manner that may intrude upon or pose a risk to our privacy. Data protection…

Read more →

92% of companies had experienced a breach in the prior year due to vulnerabilities of applications developed in-house, according to Checkmarx. AppSec managers and developers share application security duties In recent years the responsibility for application security has shifted away…

Read more →

In this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act (DORA) on organizations across the EU, particularly in ICT risk management and cybersecurity. With a focus…

Read more →

JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere strictly to its own vulnerability disclosure…

Read more →

Cloudflare announced Defensive AI, a personalized approach to securing organizations against the new wave of risks presented by emerging technology. Threat actors have begun to successfully test the limits of AI-enhanced attacks, using the power of AI to launch sophisticated…

Read more →

Cyolo launched Cyolo PRO (Privileged Remote Operations), a hybrid secure remote access solution for Operational Technology (OT). Developed specifically to enable safe operations of privileged users, Cyolo PRO is an advanced solution set to redefine Secure Remote Access (SRA) by…

Read more →

GitHub push protection – a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online – is being switched on by default for all public repositories. “This means that when a supported secret is…

Read more →

Darktrace and Xage Security announced a new partnership to help businesses prevent cyberattacks and insider threats in critical environments. This collaboration brings together Xage Security’s zero trust protection with Darktrace’s AI-powered anomaly-based threat detection. The integration between Darktrace/OT and Xage…

Read more →

Identiv introduces ScrambleFactor, an addition to its high-security physical access control system (PACS) portfolio. The ScrambleFactor reader reimagines secure entry for the federal market with fingerprint biometrics and a LCD touchscreen keypad, integrating multiple authentication methods to deliver unparalleled security,…

Read more →

Akamai announced significant additions to its flagship Akamai App & API Protector product, including advanced defenses against sophisticated application-layer distributed denial-of-service (DDoS) attacks. The enhanced Layer 7 DDoS protections now precisely detect and mitigate short DDoS attack bursts and use…

Read more →

Zyxel Networks has released its NWA130BE – BE11000 WiFi 7 Triple-Radio NebulaFlex Access Point (AP). With WiFi 7-supported devices ready to go mainstream in 2024, the NWA130BE enables small to medium-sized businesses (SMBs) to benefit from network speed, capacity and…

Read more →

A new phishing campaign is using fake Okta single sign-on (SSO) pages for the Federal Communications Commission (FCC) and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The phishing campaign By pretending to be customer…

Read more →

Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package…

Read more →

Silobreaker announced an integration with MITRE ATT&CK Matrix for Enterprise, Industrial Control Systems (ICS) and Mobile, to help organizations better understand threats associated with malware, threat actors and industries. This latest enhancement enables organizations using the Silobreaker platform to leverage…

Read more →

Python Risk Identification Tool (PyRIT) is Microsoft’s open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems. PyRIT has been battle-tested by Microsoft’s AI red team. It started as a collection of…

Read more →

NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines (SP 800-204D). In this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to integrate…

Read more →

More than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to LastPass. Recent AI advancements, particularly generative AI, have empowered cybercriminals to coordinate social engineering assaults with unprecedented…

Read more →

For several years, cybersecurity leaders have grappled with talent shortages in crucial cyber roles. In the face of escalating financial requirements and expanding responsibilities, these leaders are under heightened pressure to achieve more with fewer resources, creating roles encompassing multiple…

Read more →

BSidesZagreb is a complimentary, non-profit conference driven by community participation, designed for information security professionals and enthusiasts to gather, exchange ideas, and collaborate. Help Net Security sponsored the 2024 edition that took place on March 1, and here are photos…

Read more →

Despite its importance, patching can be challenging for organizations due to factors such as the sheer volume of patches released by software vendors, compatibility issues with existing systems, and the need to balance security with operational continuity. To ensure effective…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Overcoming the pressures of cybersecurity startup leadership In this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO’s…

Read more →

Collibra introduced Collibra AI Governance, a new product that enables organizations to deliver trusted AI safely and effectively. Built on top of the Collibra Data Intelligence Platform, Collibra AI Governance helps data, AI and legal teams collaborate to ensure compliance…

Read more →

The alliance between ransomware groups and initial access brokers (IABs) is still the powerful engine for cybercriminal industry, as evidenced by the 74% year-on-year increase in the number of companies that had their data uploaded on dedicated leak sites (DLS),…

Read more →

In this Help Net Security interview, Geoffrey Mattson, CEO of Xage Security, discusses the evolution of the Joint Cyber Defense Collaborative (JCDC) since its 2021 inception and tackles its 2024 strategic priorities in response to escalating cyber threats. He elaborates…

Read more →

Eficode research indicates that 96% of developers use AI tools, with most coders bypassing security policies to use them. With no standardized AI tool regulations, researchers advocate for stronger governance frameworks and AI security policies in organizations’ DevOps strategies to…

Read more →

According to the updated SEC regulations on cybersecurity incident disclosure, findings by SecurityScorecard reveal that 98% of companies are associated with a third party that has experienced a breach. It often takes months or longer for breaches to become public…

Read more →

While 98% of security professionals and executives have started working to comply with the new U.S. Securities and Exchange Commission (SEC) cybersecurity disclosure ruling, over one-third are still in the early phases of their efforts, according to AuditBoard. 81% of…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Legato Security, Exabeam, Spin.AI, and Viavi Solutions. Legato Security Ensemble helps organizations prevent breaches Ensemble addresses the challenges businesses face in securing their networks and…

Read more →

Scammers on Airbnb are faking technical issues and citing higher fees to get users to a spoofed Tripadvisor website and steal their money. The Airbnb scam Malwarebytes researchers came across the Airbnb scam when trying to book an apartment through…

Read more →

Veeam Software has unveiled the new Veeam Data Cloud, which is built on Microsoft Azure and delivers the confidence and reliability of the platform with the ease and accessibility of a cloud service. Veeam Data Cloud provides backup-as-a-service (BaaS) for…

Read more →

The ALPHV/BlackCat ransomware group has claimed responsibility for the cyberattack that targeted Optum, a subsidiary of UnitedHealth Group (UHG), causing disruption to the Change Healthcare platform and affecting pharmacy transactions across the US. ALPHV/BlackCat is back Last December, US law…

Read more →

OffSec has released Kali Linux 2024.1, the latest version of its popular penetration testing and digital forensics platform. The new version comes with new tools, a fresh look (themes, wallpapers and icons for Kali and Kali Purple), a new image…

Read more →

BobTheSmuggler is an open-source tool designed to easily compress, encrypt, and securely transport your payload. It basically enables you to hide a payload in plain sight. BobTheSmuggler is helpful in phishing campaign assessments, data exfiltration exercises, and assumed breach scenarios.…

Read more →

Managing IAM challenges in hybrid IT environments requires a holistic approach, integrating solutions and automating processes to ensure effective access controls and operational efficiency. In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks…

Read more →

As commercial adoption of cloud technologies continues, cloud-focused malware campaigns have increased in sophistication and number – a collective effort to safeguard both large and small enterprises is critical, according to Cado Security. Docker remains the most frequently targeted for…

Read more →

In 2004, Android was two people who wanted to build camera software but couldn’t get investors interested. Android is a large team at Google today, delivering an OS to over 3 billion devices worldwide. In this Help Net Security video,…

Read more →

76% of enterprises lack sufficient voice and messaging fraud protection as AI-powered vishing and smishing skyrocket following the launch of ChatGPT, according to Enea. Enterprises report significant losses from mobile fraud 61% of enterprises still suffer significant losses to mobile…

Read more →