Category: Help Net Security

In this Help Net Security video, Andrey Slastenov, Head of Security Department at Gcore, discusses the findings of their latest report that provide insights into the current state of the DDoS protection market and cybersecurity trends. Key highlights from Q3–Q4…

Read more →

Despite the importance of security, it was, until recently, an afterthought in building design, according to Brivo. Rather than considering security from the very beginning, it was addressed later. This meant costly retrofit efforts such as installing cameras to cover…

Read more →

Considering that 2024 is a historic year for elections – with an estimated half of the world’s population taking part in democratic votes – this high threat of cyber interference has significant implications for global free society, threatening to undermine…

Read more →

BigID announced new access governance controls that enable organizations to easily improve security posture, mitigate insider risk, achieve zero trust security, and accelerate AI compliance. BigID is pioneering access governance and controls for analytics and AI data, across the cloud…

Read more →

Mitek introduced MiControl, a comprehensive fraud management console that works with Mitek’s Check Fraud Defender. MiControl detects check fraud, reduces losses and further increases consumers’ online security. With its advanced visualizations and overlays, paired with business rules configured by the…

Read more →

NICE Actimize announces three advanced generative AI-based solutions designed to fight financial crime and allow organizations to significantly reduce the manual and labor-intensive tasks currently employed in financial crime investigations and reporting. Offering up to a 50% reduction in investigation…

Read more →

Infoblox announced an AI-driven security operations solution, SOC Insights, that boosts its DNS Detection and Response solution, BloxOne Threat Defense. SOC Insights empowers security analysts to jump-start investigations that truly matter and dramatically reduce response time by turning vast amounts…

Read more →

Bitwarden strengthened its Passwordless.dev enterprise plan with event logs and self-hosting options. These features empower organizations with greater transparency when moving to passwordless authentication and enable developers to build workforce passkey authentication with ease. High demand for enterprise passkey authentication…

Read more →

German battery manufacturer Varta was forced to shut down its IT systems and stop production as a result of a cyberattack. The Varta cyberattack The cyberattack occurred on Monday night and affected five of the company’s production plants and the…

Read more →

CompliancePro Solutions launched their new analytics product, CPS Insights. As a new add-on module to the CompliancePro Privacy Program Management platform, CPS Insights is a vital analytics and visualization tool for operational reporting needs. CPS Insights helps organizations efficiently analyze…

Read more →

Group-IB uncovered a new iOS trojan designed to steal users’ facial recognition data, identity documents, and intercept SMS. The trojan, dubbed GoldPickaxe.iOS by Group-IB’s Threat Intelligence unit, has been attributed to a Chinese-speaking threat actor codenamed GoldFactory, responsible for developing…

Read more →

In an era of artificial intelligence (AI) revolutionizing business practices, many companies are turning to third-party AI services for a competitive edge. However, this approach comes with its own set of risks. From data security concerns to operational disruptions, understanding…

Read more →

In this Help Net Security video, Krista Macomber, Research Director at The Futurum Group, discusses how IT and security teams increasingly unite against cyber threats. Organizations are still struggling with the issue of disjointed data protection solutions, leading to not…

Read more →

Digital forensics plays a crucial role in analyzing and addressing cyberattacks, and it’s a key component of incident response. Additionally, digital forensics provides vital information for auditors, legal teams, and law enforcement agencies in the aftermath of an attack. Many…

Read more →

Picus Security has revealed a rise in hunter-killer malware, highlighting a significant shift in adversaries’ capability to pinpoint and thwart advanced enterprise defenses, including next-gen firewalls, antivirus programs, and EDR systems. There was a 333% increase in malware that can…

Read more →

Shipments of AI PCs – personal computers with specific system-on-a-chip (SoC) capabilities designed to run generative AI tasks locally – are expected to grow from nearly 50 million units in 2024 to more than 167 million in 2027, according to…

Read more →

Microsoft and OpenAI have identified attempts by various state-affiliated threat actors to use large language models (LLMs) to enhance their cyber operations. Threat actors use LLMs for various tasks Just as defenders do, threat actors are leveraging AI (more specifically:…

Read more →

Appdome unveiled its new Geo Compliance feature set, allowing mobile brands to trust the user’s location and detect location spoofing, fake GPS apps, VPN use, SIM swaps and other methods used to circumvent geo restrictions in mobile applications. Mobile brands…

Read more →

LOKKER introduces a new feature included in its Privacy Edge software suite. LOKKER now gives companies a solution to monitor and remediate potential web privacy and compliance violations such as HIPAA, the Video Privacy Protection Act (VPPA) and state wiretapping…

Read more →

Armis announced it has agreed to acquire CTCI (Cyber Threat Cognitive Intelligence), a privately held company specializing in AI-powered pre-attack threat hunting technology. In a private deal which closed this week, Armis has acquired all of CTCI technology and employees,…

Read more →

VicOne announced the xNexus next-generation vehicle security operations center (VSOC) platform. The new solution integrates with VicOne’s in-vehicle VSOC sensor, leveraging a unique LLM approach to provide customized reporting to support VSOC teams. xNexus can provide product security incident response…

Read more →

Cyberhaven launched Linea AI, an AI platform designed to combat the most critical insider risks threatening vital corporate data. Built to match the collective intelligence of the smartest security analysts, Linea AI applies human-like insight across billions of workflows to…

Read more →

About 77% of organizations have adopted or are exploring AI in some capacity, pushing for a more efficient and automated workflow. With the increasing reliance on GenAI models and LLMs like ChatGPT, the need for robust security measures has become…

Read more →

Resecurity and CyberPeace Foundation have joined forces through a Memorandum of Understanding (MoU) to enhance cybersecurity measures worldwide. The collaboration between Resecurity and CyberPeace Foundation marks a significant milestone in the ongoing efforts to combat cyber threats and promote a…

Read more →

QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the vulnerabilities (CVE-2023-47218, CVE-2023-50358) Both vulnerabilities are in the…

Read more →

Seal Security announced it has emerged from stealth with a $7.4 million seed funding round led by Vertex Ventures Israel, with participation from Crew Capital, PayPal Alumni Fund, and Cyber Club London. Software supply chain attacks are on the rise,…

Read more →

Hackers are leveraging the AnyDesk remote desktop application in a phishing campaign targeting employees, Malwarebytes warns. The AnyDesk phishing campaign In a phishing campaign recently discovered by Malwarebytes researchers, attackers targeted potential victims via email or SMS, personalized to match…

Read more →

In this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies…

Read more →

The oft-quoted Chinese military strategist Sun Tzu famously claimed: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Exchange “battles” for “cyberattacks”, and the maxim will hold. But too much information…

Read more →

Fabric is an open-source framework, created to enable users to granularly apply AI to everyday challenges. Key features “I created it to enable humans to easily augment themselves with AI. I believe it’s currently too difficult for people to use…

Read more →

While AI technology has the potential to streamline and automate processes for beneficial outcomes, it also comes with an equal number of risks to data protection, cybersecurity, and other ethical concerns, according to iProov. Digital ecosystems continue to grow and…

Read more →

Cybercriminals increasingly use open-source intelligence (OSINT) to craft convincing backstories, often by mining social media profiles for details on a target’s profession, interests, and routines. Armed with these personal insights, these malicious actors leverage chatbots to compose highly persuasive messages.…

Read more →

Initial access brokers (IABs) are increasingly targeting entities within NATO member states, indicating a persistent and geographically diverse cyberthreat landscape, according to Flare. IABs infiltrate systems and gain unauthorized access through various techniques, including spear-phishing, exploiting unpatched vulnerabilities, and leveraging…

Read more →

On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen…

Read more →

Sumsub has launched a Deepfake Detection feature integrated into its Video Identification solution. This comes as AI-powered fraud increasingly targets businesses, not just individual users. Sumsub’s 2023 Identity Fraud Report revealed a 10x increase in the number of deepfakes detected…

Read more →

With more voters than ever in history heading to the polls in 2024, Resecurity has identified a growing trend of malicious cyber-activity targeting sovereign elections globally. In an era of unprecedented geopolitical volatility, this trend is particularly concerning, as Time…

Read more →

Sigma Defense Systems launched Sigma Software Studio, a DevSecOps platform poised to revolutionize software development for the DoD and government agencies. Rooted in Sigma’s collaboration with PEO Digital and Black Pearl, Sigma Software Studio, is a DevSecOps platform designed for…

Read more →

Nucleus Security has announced it has secured $43 million in Series B funding led by Arthur Ventures and Lead Edge Capital. This milestone marks a significant leap forward in the company’s mission to redefine how enterprises manage risk exposure from…

Read more →

Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation Ivanti disclosed CVE-2024-21893 – a server-side request forgery (SSRF)…

Read more →

CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-43770 Roundcube…

Read more →

In this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats. He points out the changes in threat tactics, the…

Read more →

Generative AI based on large language models (LLMs) has become a valuable tool for individuals and businesses, but also cybercriminals. Its ability to process large amounts of data and quickly generate results has contributed to its widespread adoption. AI in…

Read more →

Basically, DLP systems are aimed at prevention of data leaks, and in real-life mode they monitor and block (if required) transmitting of confidential data. However, the traditional approach to DLP system isn’t sufficient. That’s why SearchInform offers the next-gen platform…

Read more →

In this Help Net Security video, Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, discusses how purple teaming allows security teams to break down barriers between teams and increase operational effectiveness. It’s no longer about team red…

Read more →

QR code attacks, or “quishing” attacks, have emerged as a popular tactic among cybercriminals, with no signs of slowing down, according to Abnormal Security. Although phishing emails have grown in sophistication over time, the end goal has stayed the same:…

Read more →

Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild. The exploitation-in-the-wild has been confirmed by CISA, by adding it to its Known Exploited Vulnerabilities (KEV) catalog, though…

Read more →

OneTrust announced its newest platform features that make it easier for customers to govern their use of AI and accelerate AI innovation, ensure the responsible use of data across the entire data lifecycle, and achieve compliance program efficiency through enhanced…

Read more →

While most organizations focus cybersecurity efforts on fortifying their networks, the mobile devices connected to them often remain vulnerable. In addressing this gap, the Center for Internet Security (CIS) introduces CIS Endpoint Security Services (ESS) Mobile, a tailored solution offered…

Read more →

Bugcrowd has secured $102 million in strategic growth funding to scale its AI-powered crowdsourced security platform offerings globally. Led by General Catalyst, with participation from longtime existing investors Rally Ventures and Costanoa Ventures, this funding round underscores investor confidence in…

Read more →

Visa announced extended digital wallet capabilities within Visa Commercial Pay, a suite of B2B payment solutions built in partnership with Conferma Pay to revolutionize how businesses manage transactions globally. The innovation enables financial institutions to add virtual corporate cards into…

Read more →

Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor. About Rhysida Rhysida is a relatively new ransomware-as-a-service gang that engages in double extortion. First observed…

Read more →

In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Edan highlights the challenges of technological advancements and outlines strategies for automakers to…

Read more →

As we enter 2024, ransomware remains the most significant cyberthreat facing businesses, according to Malwarebytes. Malwarebytes reveals that the United States accounted for almost half of all ransomware attacks in 2023. “Small and medium-sized organizations face a deluge of cyber…

Read more →

In this Help Net Security video, Andy Thompson, Offensive Cybersecurity Research Evangelist at CyberArk, discusses the dire consequences of hacking water systems and why their cybersecurity must be prioritized. From contaminating water supplies to disrupting essential services, the impact of…

Read more →

SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential vulnerabilities and…

Read more →

2024 is expected to witness a surge in cyberattacks driven by global events and the widespread accessibility of advanced technologies. In this Help Net Security round-up, we present segments from previously recorded videos where cybersecurity experts discuss predictions for 2024,…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How CISOs navigate policies and access across enterprises In this Help Net Security interview, Marco Eggerling, Global CISO at Check Point, discusses the challenge of…

Read more →

The FCC has revealed the unanimous adoption of a Declaratory Ruling that recognizes calls made with AI-generated voices are “artificial” under the Telephone Consumer Protection Act (TCPA). The ruling, which takes effect immediately, makes voice cloning technology used in common…

Read more →

Action1 announced its latest release and the introduction of a new guiding concept for its business. The latest feature update contains multiple enhancements to the Action1 platform, empowering customers to bring their patching efforts ‘down to science,’ ensuring precision and…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Cisco, Metomic, OPSWAT, Qualys, and Varonis. Varonis MDDR helps organizations prevent data breaches Varonis introduced Varonis Managed Data Detection and Response (MDDR), a managed service…

Read more →

Have you ever been swept away by an enticing headline and didn’t bother to probe the news in-depth? You might have shared an eye-catching news story or engaged with a compelling post, only to realize later that what appeared to…

Read more →

January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs addressed in Windows 10, 35 in Windows 11, and surprisingly no zero-day vulnerabilities from Microsoft to start the new year. January’s release was a…

Read more →

97% of office workers across the UK and US trust their cybersecurity team’s ability to prevent or minimize damage from cyberattacks, according to CybSafe. The study examining attitudes towards cybersecurity teams within organizations has uncovered that despite minor issues around…

Read more →

In this Help Net Security interview, Robin Long, founder of Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001 information security standard. Long advises organizations to establish a detailed project roadmap and to book…

Read more →

Nearly half of businesses reported a growth in synthetic identity fraud, while biometric spoofs and counterfeit ID fraud attempts also increased, according to AuthenticID. Consumers and businesses alike are facing new challenges in today’s digital existence, from considering the ramifications…

Read more →

In this Help Net Security video, Karen Schuler, Global Privacy & Data Protection Chair at BDO, discusses overconfidence in data privacy and data protection practices. There is an apparent disconnect between tech CFOs’ confidence and consumer perceptions. BDO’s 2024 Technology…

Read more →

A fraudulent app named “LassPass Password Manager” that mimics the legitimate LastPass mobile app can currently be found on Apple’s App Store, the password manager maker is warning. The fraudulent app on Apple’s App Store “The app in question is…

Read more →

Invicti Security and Mend.io have partnered to bring the full spectrum of application security testing and supply chain security tools to customers. This partnership pairs Invicti’s DAST, IAST, and API Security domains with Mend’s SAST, SCA, and Container Security solutions…

Read more →

DigitalOcean announced the next evolution of DigitalOcean Backups, an offering that protects users from data disruptions and supports business continuity through enhanced daily, system-level backups of DigitalOcean Droplets. Through these more frequent and faster backups, startups, independent software vendors (ISVs),…

Read more →

F5 announced new capabilities that reduce the complexity of protecting and powering the exploding number of applications and APIs at the heart of modern digital experiences. As AI accelerates the growth of applications and the APIs that connect them, F5…

Read more →

VikingCloud announced CCS Advantage, a self-service Payment Card Industry Data Security Standard (PCI DSS) compliance and cybersecurity program for Level 4 (L4) businesses. CCS Advantage integrates VikingCloud’s new Cyber Risk Score and proprietary threat scanning technology into its global PCI…

Read more →

Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. They are targeting vulnerabilities for which patches have been made available in 2020 and 2023.…

Read more →

Kyndryl announced an expanded partnership with Google Cloud to develop responsible generative AI solutions and to accelerate adoption among customers. Kyndryl and Google Cloud have worked together since 2021 to help global businesses transform with Google Cloud’s advanced AI capabilities…

Read more →

For more than 12 years, I’ve been organizing and running hackathons with the goal of finding security vulnerabilities and fixing them before a product hits the market. These events can play a pivotal role in the product development lifecycle, increasing…

Read more →

SOAPHound is an open-source data collection tool capable of enumerating Active Directory environments through the Active Directory Web Services (ADWS) protocol. How SOAPHound works SOAPHound is a substitute for various open-source security tools typically employed for extracting data from Active…

Read more →

In this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing cybersecurity services. She compares the cost-effectiveness of outsourcing to maintaining an in-house team, noting the challenges of…

Read more →

As-a-service attacks continue to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up the majority of malicious tools in use by attackers, according to Darktrace. Cybercriminals exploit as-a-Service tools As-a-Service tools can provide attackers with everything…

Read more →

OAuth apps have become prominent in several attack groups’ TTPs in recent years. OAuth apps are used for every part of the attack process. In this Help Net Security video, Tal Skverer, Research Team Lead at Astrix Security, shares insights…

Read more →

Securiti AI released AI Security & Governance offering, providing a solution to enable safe adoption of AI. It combines comprehensive AI discovery, AI risk ratings, Data+AI mapping and advanced Data+AI security & privacy controls, helping organizations adhere to global standards…

Read more →

Qualys unveiled TotalCloud 2.0. This significant upgrade to Qualys’ AI-powered cloud native application protection platform (CNAPP) delivers a single prioritized view of cloud risk and is the first to extend its protection to SaaS applications. The shift toward multi-cloud and…

Read more →

Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor. “The effects of the intrusion were limited because the victim network was segmented…

Read more →

SolarWinds announced enhancements to its SaaS-based and self-hosted, on-premises observability solutions built to monitor and observe complex, distributed environments from anywhere. The AI-powered enhancements enable teams to manage on-prem, hybrid, or cloud-native ecosystems with full-stack visibility across networks, infrastructure, databases,…

Read more →

Though there are organizations out there investigating how commercial spyware is misused to target journalists, human rights defenders and dissidents, the growing market related to the development and sale of this type of software and the exploits used to deploy…

Read more →

OneTrust introduced Data Privacy Maturity Model. The model provides privacy, security, marketing, and data teams with the resources to transform their privacy programs from tactical compliance initiatives that mitigate risk, to strategic customer trust imperatives that unlock the value of…

Read more →

DynaRisk launched Cyber Intelligence Data Lake. This major feature upgrade propels the company’s capabilities in preventing and predicting hacker activity. DynaRisk’s Cyber Intelligence Data Lake is a leap forward in the cyber risk management landscape, offering next-generation intelligence quickly and…

Read more →

Entrust has entered into exclusive discussions to acquire Onfido. With this contemplated acquisition, Entrust would add a compliant AI/ML-based biometric and document IDV tech stack to its portfolio of identity solutions. Additionally, Entrust would have the opportunity to advance the…

Read more →

CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted…

Read more →

JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About CVE-2024-23917 CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative…

Read more →

Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. It’s also equipped for incident response, continuous monitoring, hardening, and forensics preparation. Details The tool includes hundreds of controls that align…

Read more →

According to recent surveys, 98% of organizations keep their financial, business, customer and/or employee information in the cloud but, at the same time, 95% of cloud security professionals are not sure their security protections and their team would manage to…

Read more →

Threat actors aren’t looking for companies of specific sizes or industries, they are looking for opportunities. Given that many companies operate in the dark and overlook breaches until ransomware attacks occur, this makes the threat actors’ job easy. It also…

Read more →

In this Help Net Security interview, Jamieson O’Reilly, Founder of DVULN, discusses adversary simulations, shedding light on challenges rooted in human behavior, decision-making, and responses to evolving cyber threats. Unveiling the interplay between red and blue teams, O’Reilly talks about…

Read more →

Microsoft’s Azure AD Password Protection, now rebranded as Microsoft Entra ID helps users create a password policy they hope will protect their systems from account takeover and other identity and access management issues. However, Entra ID has significant security gaps.…

Read more →

Despite reported threat detection, investigation, and response (TDIR) improvements in security operations, more than half of organizations still experienced significant security incidents in the last year, according to Exabeam. North America experienced the highest rate of security incidents (66%), closely…

Read more →

Adaptiva announced the deployment of its new risk-based prioritization capability for OneSite Patch. The automated risk-based prioritization feature enables IT professionals to prioritize and patch vulnerabilities based on criticality and risk severity — and can do so with unmatched speed,…

Read more →

Bitdefender launched Email Protection, a new feature that scans and identifies potentially dangerous content such as phishing attempts and online scams, in webmail accessed from any device. Email Protection allows users to extend one of the world’s best endpoint protection…

Read more →

SailPoint unveiled two sets of new offerings designed to give customers options as they build their identity program, while driving customer success throughout their identity journey. First, the company is extending the family of SailPoint Identity Security Cloud offerings with…

Read more →

Cisco announced Motific, Cisco’s SaaS product that allows for trustworthy GenAI deployments in organizations. Born from Outshift, Cisco’s incubation business, Motific provides a central view across the entire GenAI journey, empowering central IT and security teams to rapidly deliver trustworthy…

Read more →

A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the Spoutible API Security consultant Troy Hunt has been tipped off about…

Read more →

Delinea announced that Kate Reed has joined the company as Chief Marketing Officer (CMO). With more than two decades of experience in technology and cybersecurity, Reed assumes leadership of all marketing functions and initiatives and will play a pivotal role…

Read more →