Category: Help Net Security

Cyber threats targeting government organizations have become increasingly sophisticated, posing significant risks to national security, public infrastructure, and sensitive data. These threats are diverse in nature, originating from various actors such as nation-states, hacktivist groups, and organized cybercrime entities. Governments…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Social engineer reveals effective tricks for real-world intrusions In this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing…

Read more →

“The Akira ransomware malware, which was first detected in Finland in June 2023, has been particularly active at the end of the year,” the Finnish National Cybersecurity Center (NCSC-FI) has shared on Wednesday. NCSC-FI has received 12 reports of Akira…

Read more →

A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have two-factor authentication enabled on their account are safe from account takeover. “We have not detected…

Read more →

Behavox launched the Behavox Intelligent Archive. This new offering is WORM (Write Once, Read Many) compliant and seamlessly integrates with the Behavox surveillance product. Developed in partnership with Google Cloud, the Behavox Intelligent Archive offers security, scalability, and access to…

Read more →

HackerOne announced a partnership with code security solution, Semgrep, to combine Semgrep’s automated code security tools with expert support from HackerOne PullRequest code reviewers. Security teams can now analyze code through Semgrep and have PullRequest reviewers validate results to provide…

Read more →

As we reflect on the cybersecurity landscape and the trajectories of threat vectors, it’s evident that we’re on the cusp of a paradigm shift in cloud security. Businesses and cybersecurity professionals must stay abreast of these changes, adapting their strategies…

Read more →

In this Help Net Security video, Marcus Bartram, General Partner at Telstra Ventures, discusses his 2024 cybersecurity predictions: The U.S. will be in a recession by Q4 2024, and tech companies will continue reducing their workforce. Still, VCs will be…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Critical Start, Dasera, ID R&D, and SpecterOps. SpecterOps adds new Attack Paths to BloodHound Enterprise SpecterOps announced updates to BloodHound Enterprise (BHE) that add new…

Read more →

Radiant Logic unveiled RadiantOne AI, its data lake powered Artificial Intelligence engine, and AIDA, its Generative AI Data Assistant. RadiantOne AI is designed to complement your existing tech stack and governance products by correlating data across multiple sources and providing…

Read more →

Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk of exploitation can be mitigated by importing mitigation.release.20240107.1.xml…

Read more →

Cisco has fixed a critical vulnerability (CVE-2024-20272) in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system. Cisco Unity Connection is a unified messaging and voicemail solution for…

Read more →

VicOne announced a partnership with BlackBerry to strengthen the cybersecurity posture of the automotive ecosystem. By leveraging ML processing at the edge and cloud-controlled access to vehicle data, the partnership will enable car manufacturers and software developers to investigate and…

Read more →

Vanta announced that it has appointed Jadee Hanson as its CISO, overseeing Security, Enterprise Engineering, Privacy and Governance, Risk and Compliance (GRC), reporting directly to Vanta’s CEO Christina Cacioppo. Hanson is the latest executive to join Vanta’s leadership team over…

Read more →

Organizations constantly work to ensure optimal threat detection and prevention across their systems. One question gets asked repeatedly: “Can we detect the threats we’re supposed to be able to detect?” Red team assessment, penetration testing, and even purple team assessments…

Read more →

In this Help Net Security, Alexander Hagenah, Head of Cyber Controls at SIX, discusses the critical steps in creating effective offensive security operations and their impact on organizational security strategies. What are the critical steps in creating effective offensive security…

Read more →

In this Help Net Security video, Bindu Sundaresan, Director at AT&T Cybersecurity, discusses the ongoing changes we’ll see from the CISO role as digital transformation efforts continue. It is now a position that leads cross-functional teams to match the speed…

Read more →

APIs, a technology that underpins today’s most used sites and apps, are being leveraged by businesses more than ever—ultimately opening the door to more online threats than seen before, according to Cloudflare. APIs power the digital world—our phones, smartwatches, banking…

Read more →

Dasera has expanded its capabilities, securing sensitive data across multiple applications. With the inclusion of Microsoft 365, Dasera provides organizations with enhanced visibility into their data across OneDrive, SharePoint, and Teams, ensuring robust protection and governance. The integration with Microsoft…

Read more →

Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning. About Mimic ransomware Mimic ransomware was first spotted in the wild in June 2022 and analyzed by Trend Micro researchers in January 2023. It…

Read more →

Someone has hijacked the X (formerly Twitter) account of the US Securities and Exchange Commission (SEC), and posted an announcement saying the agency has decided to allow the listing of Bitcoin ETFs (exchange-traded funds) on registered national security exchanges. The…

Read more →

Bluefin launched a new ShieldConex capability providing token and/or EMV/P2PE based processing services to any payment processor, as well as protecting Personally Identifiable Information and Protected Health Information (PII/PHI) endpoints. For enterprise merchants looking for a universal solution, the endpoint-agnostic…

Read more →

anecdotes announced that it has closed $25 million in a Series B round of funding, elevating the total capital raised to $55 million. Notably, Vertex and DTCP have joined as new investors, underscoring their belief in anecdotes’ unique enterprise offering…

Read more →

Fly Catcher is an open-source device that can detect aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency. Angelina Tsuboi, the developer of Fly Catcher, is an enthusiastic pilot, cybersecurity researcher, and tinkerer. She was driven to…

Read more →

As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. But this uncertainty doesn’t mean progress should grind to a halt: Exploring AI is essential to staying competitive, meaning CISOs are under…

Read more →

In this Help Net Security video, Nick Carroll, Cyber Incident Response Manager at Raytheon, discusses how while organizations will be challenged to strengthen their defenses faster than cyber threats are evolving, this ‘come from behind’ rush to keep pace with…

Read more →

A team of computer scientists led by the University of Massachusetts Amherst recently announced a new method for automatically generating whole proofs that can be used to prevent software bugs and verify that the underlying code is correct. This new…

Read more →

For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700. None of the vulnerabilities fixed this time aroundare under active exploitation or have been previously publicly disclosed. The critical…

Read more →

SpecterOps announced updates to BloodHound Enterprise (BHE) that add new Attack Paths focused on Active Directory Certificate Services (ADCS). These updates make BHE the most advanced tool on the market today for securing ADCS. ADCS is the Public Key Infrastructure…

Read more →

Critical Start launched their Asset Visibility offering. As part of an MCRR strategy, Asset Visibility helps customers become more proactive within their security program, helping them uncover assets that need protection, validate that the expected endpoint security controls are in…

Read more →

Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable. “Depending on a manufacturer’s use and business configuration,…

Read more →

ID R&D introduced voice clone detection as a new option for its IDLive Voice liveness detection product. Detecting voice clones and audio deepfakes can prevent fraud and crime, deter bad actors, and help preserve trust in the authenticity of digital…

Read more →

Silex Technology announced their new protection service product offering called AMC Protect, a robust software management service designed to monitor and remedy vulnerabilities. AMC Protect targets customers utilizing Silex’s embedded wireless LAN modules or purchasing Silex’s OEM products. “We have…

Read more →

Delinea announced it has acquired Authomize, an innovator in the detection and elimination of identity-based threats across the cloud. The continuous discovery and visibility capabilities of Authomize, married with Delinea’s SaaS solutions for PAM, will extend the Delinea Platform’s reach…

Read more →

Viavi Solutions announced significant enhancements to the Observer Platform allowing IT teams to further maximize network availability, productivity and compliance. The enhancements include critical new capabilities in End-User Experience (EUE) scoring, digital certificate analysis, application identification, Unified Communications (UC) support,…

Read more →

A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information disclosure and potentially remote code execution. Cacti is often used in network operation centers of telecoms and web hosting…

Read more →

Zyxel Networks launched the XMG1915 series – a family of smart managed switches designed to provide small businesses and professional home users (prosumers) with the throughput and versatility needed to support today’s high bandwidth applications and services. With the growth…

Read more →

When organizations get hit by ransomware and pay the crooks to decrypt the encrypted data and delete the stolen data, they can never be entirely sure the criminals will do as they promised. And even if an organization gets its…

Read more →

Why is it that when a company becomes aware of a potential data security incident, the team working on it (and others who are made aware that “something” is going on) have an immediate and overwhelming feeling that the company…

Read more →

In this Help Net Security interview, Phil Vachon, Head of Infrastructure in the Office of the CTO at Bloomberg, discusses the varying definitions of zero trust among security professionals and companies, emphasizing its broad design philosophy. Vachon explores challenges in…

Read more →

As AI tools become more widespread, impersonation and deception have become easier. However, organizations are combating this issue with policies and technological solutions. In this Help Net Security video, Mike Bechtel, Chief Futurist at Deloitte, discusses the digital risk of…

Read more →

Think you’re too small to experience a cyber attack? That’s not the case. In fact, cyber threat actors (CTAs) are increasingly setting their sights on small businesses. If successful, their attack attempts can be devastating. Fortunately, the Center for Internet…

Read more →

Adversaries can intentionally mislead or “poison” AI systems, causing them to malfunction, and developers have yet to find an infallible defense against this. In their latest publication, NIST researchers and their partners highlight these AI and machine learning vulnerabilities. Taxonomy…

Read more →

McAfee announced its AI-powered Deepfake Audio Detection technology, known as Project Mockingbird. This new, proprietary technology was developed to help defend consumers against the surging threat of cybercriminals utilizing fabricated, AI-generated audio to carry out scams that rob people of…

Read more →

In this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for gathering target information. Street explores the overlooked threat of physical security and the human tendency…

Read more →

Andrew Ginter is a widely-read author on industrial security and a trusted advisor for industrial enterprises. He holds a BSc. in Applied Mathematics and an MSc. in Computer Science from the University of Calgary. He developed control system software products…

Read more →

AuthLogParser is an open-source tool tailored for digital forensics and incident response, specifically crafted to analyze Linux authentication logs (auth.log). The tool examines the auth.log file, extracting crucial details like SSH logins, user creations, event names, IP addresses, among others.…

Read more →

In this Help Net Security video, Shahar Man, CEO of Backslash Security, offers his top three AppSec predictions for 2024, uncovering future trends. The post Top 2024 AppSec predictions appeared first on Help Net Security. This article has been indexed…

Read more →

Email-based attacks have evolved beyond traditional spam and phishing attempts. Cybercriminals now employ sophisticated tactics such as spear-phishing, whaling, and business email compromise (BEC), posing a significant threat to businesses of all sizes. Email attacks can result in financial losses,…

Read more →

Vim, a highly adaptable text editor, is designed to efficiently create and modify all types of text. It comes included as vi in most UNIX systems and macOS. Renowned for its rock-solid stability, Vim is constantly evolving to improve further,…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Wi-Fi 7’s mission-critical role in enterprise, industrial networking In this Help Net Security interview, Tiago Rodrigues, CEO at Wireless Broadband Alliance, discusses the transformative world…

Read more →

In a bold leap towards fortifying against cyber threats, SessionGuardian unveiled its SessionGuardian Mobile software. This solution delivers relentless identity assurance and data protection for iOS mobile devices. This offering seamlessly complements the existing SessionGuardian VDI and SessionGuardian Web. In…

Read more →

Happy 2024 Everyone! I hope everyone is looking forward to another exciting year in the ever-changing world of IT operations and software security. This article aims to provide a quick summary of some of the latest trends, announcements, and changes…

Read more →

The motivations behind cyberattacks are as diverse as the methods employed. Whether driven by financial gain, political agendas, or sheer malice, cybercriminals exploit weaknesses in cybersecurity defenses, seeking entry points to compromise sensitive data, disrupt critical systems, or hold organizations…

Read more →

In this Help Net Security video, Bassam Al-Khalidi, co-CEO of Axiad, discusses the results of Axiad’s recent State of Authentication Survey. Key findings from the survey revealed: – 39% indicated phishing is the most feared cyberattack, while 49% said it…

Read more →

60% of IT decision-makers agreed that budget cuts have negatively impacted their mental health and wellbeing, according to Integrity360. To add to that, 55% noted that the current economic climate has reduced access to mental health and wellbeing resources within…

Read more →

Intellicheck announced advancements for digital users of the Intellicheck Identity Platform. Clients integrating the new Capture process can be up and running with no more than two simple web hooks. The new digital authentication experience does not require any significant…

Read more →

Industrial Defender introduced Industrial Defender Risk Signal, its new risk-based vulnerability management (RBVM) solution. Building upon the company’s robust vulnerability assessment capabilities, Industrial Defender Risk Signal intelligently prioritizes vulnerability for highest impact, integrating threat intelligence and the user’s specific business…

Read more →

SentinelOne has agreed to acquire PingSafe. The acquisition of PingSafe’s cloud native application protection platform (CNAPP), when combined with SentinelOne’s cloud workload security and cloud data security capabilities, is expected to provide companies with a fully integrated platform that drives…

Read more →

DriveFS Sleuth automates the investigation of Google Drive File Stream disk artifacts. The tool can parse the disk artifacts and build a filesystem tree-like structure enumerating the synchronized files along with their respective properties. “While engaged in a threat-hunting activity…

Read more →

In this Help Net Security video, Greg Ellis, General Manager, Application Security, at Digital.ai, discusses how artificial intelligence is revolutionizing the way applications are developed and redefining the possibilities within the tech industry. The post The dynamic relationship between AI…

Read more →

Open-source tools represent a dynamic force in the technological landscape, embodying innovation, collaboration, and accessibility. These tools, developed with transparency and community-driven principles, empower users with the freedom to scrutinize, modify, and adapt solutions according to their unique needs. In…

Read more →

In 2023, businesses have been hit with 800,000 cyberattacks, over 60,000 of which were DDoS attacks and 4,000 falling victim to ransomware, according to Vercara. The research found that consumers hold nuanced perceptions regarding cybersecurity incidents and are often less…

Read more →

SonicWall acquired Banyan Security, a security service edge (SSE) solution provider. This acquisition strengthens SonicWall’s portfolio by adding zero trust security trusted by leading Fortune 100 companies to small businesses that are replacing legacy architectures for SSE solutions, including Zero…

Read more →

In this Help Net Security interview, Vedran Cindric, CEO at Treblle, discusses the exponential growth of AI-related APIs, citing a 96% increase in 2023. He sheds light on the integral role APIs play in powering AI interactions, revealing the invisible…

Read more →

In this Help Net Security video, John Dwyer, Head of Research at IBM X-Force, discusses how 2024 is poised to be an incredibly impactful year for cyber attacks, driven by world events and access to advanced technologies like AI. The…

Read more →

Managing and allocating budgets for cybersecurity and IT has become an increasingly critical aspect of organizational strategy. Organizations recognize the need to invest significantly in cybersecurity to safeguard sensitive data, protect against ransomware attacks, and ensure the integrity of their…

Read more →

Rapid GenAI adoption is the top-ranked issue for the next two years for legal, compliance and privacy leaders, according to Gartner. 70% of respondents reported rapid GenAI adoption as a top concern for them. “Increases in capability and usability have…

Read more →

Mobile banking is outpacing online banking across all age groups due to its convenience and our desire to have those apps at our fingertips, according to Zimperium. However, this surge is accompanied by a dramatic growth in financial fraud. The…

Read more →

As the sophistication and frequency of cyber threats continue to escalate, the demand for skilled cybersecurity professionals has never been bigger. The skills gap is not merely a statistical discrepancy; it represents a substantial vulnerability in the defense mechanisms of…

Read more →

Threat actors evolved tactics, opting for a more nuanced approach that spread attacks across a broader timeframe to blend in with legitimate traffic and evade detection during peak holiday shopping times, according to Cequence Security. 2023 holiday season unveiled alarming…

Read more →

The cryptocurrency market has grown significantly, attracting both enthusiasts and investors. However, the rise of cryptocurrencies has also brought forth an unprecedented need for cybersecurity measures. Cybersecurity in the context of cryptocurrencies involves safeguarding not only the blockchain networks but…

Read more →

As we transition from Wi-Fi 6 to the more advanced Wi-Fi 7, we uncover the significant enhancements in speed, efficiency, and spectrum usage that set it apart from its predecessors. In this Help Net Security interview, Tiago Rodrigues, CEO at…

Read more →

Organizations with mainframes face a unique challenge: extending consistency across the entire enterprise, including mainframe environments. The ongoing issue lies in the incompatibility of tools designed for both mainframes and enterprise settings, resulting in disparate solutions, training methods, and user…

Read more →

As technology continues to advance at an unprecedented pace, so does the complexity of API (application programming interface) security. With the proliferation of APIs in modern applications and services, organizations will need to develop a better understanding of their API…

Read more →

The worldwide revenue for AI software will reach $307 billion in 2027, according to IDC. The forecast for AI-centric software includes Artificial Intelligence Platforms, AI Applications, AI System Infrastructure Software (SIS), and AI Application Development and Deployment (AD&D) software (excluding…

Read more →

Public safety professionals want technology upgrades and adoption of federal standards for first responder IT security, reporting and efficiency, according to Mark43. “We heard a resounding response from first responders across the country: They are concerned about their public safety…

Read more →

As healthcare organizations increasingly rely on interconnected systems, electronic health records, and telemedicine, the industry becomes a prime target for malicious actors seeking to exploit vulnerabilities. The consequences of a cybersecurity breach in healthcare are not only measured in compromised…

Read more →

35% of IT leaders will prioritize reducing time and resources on repetitive tasks in 2024, as 59% claim IT support is where the majority of their time is spent, according to Exclaimer. The survey results show that 2023’s biggest challenges…

Read more →

The proliferation of generative AI tools has been compared to the dawn of the internet, the spread of smartphones and laptops, and the mass transition to cloud computing. All these advancements make it easier for individuals to adopt technology into…

Read more →

In 2023, cyberattacks surged both in terms of frequency and sophistication. The proliferation of cutting-edge hacking tools and technologies – now more accessible than ever thanks to advances in generative AI – created an environment conducive for cyber threats to…

Read more →

90% of IT decision-makers plan to deploy more automation, including AI, in the next 12 months, according to Digitate. IT leaders embrace AI-powered automation 26% of respondents plan to implement machine-operated tasks that require limited human input or fully transition…

Read more →

Cybersecurity is awash in threat detection and mitigation solutions: SIEM, DLP, SOAR, MDR, EDR, XDR, and more. Threat detection is essential, as it serves to locate and minimize the threat as quickly and effectively as possible. However, some companies are…

Read more →

The impact of DDoS attacks extends far beyond mere inconvenience, as they can result in financial losses, compromised data, and erosion of customer trust. Understanding the nature and consequences of DDoS activity is essential for organizations and individuals alike as…

Read more →

Generative AI (GenAI) is a form of artificial intelligence technology focused on generating new content. This can include text, images, audio, and other media types. It’s a rapidly evolving field with significant implications in various industries, technology, and beyond. Foundations…

Read more →

91% of banks and insurance companies have now initiated their cloud journey, a significant increase from 2020, when only 37% of firms had embarked on their cloud transformations, according to Capgemini. However, this high rate and its corresponding investment does…

Read more →

Notable security breaches have bypassed MFA to compromise taxi broker Uber, games company EA, and authentication business Okta, according to SE Labs. CISOs must bolster MFA protections SE Labs advised CISOs to step-up their efforts against attacks on systems protected…

Read more →

Cloud security is a critical aspect of modern computing, as businesses and individuals increasingly rely on cloud services to store, process, and manage data. Cloud computing offers numerous benefits, including scalability, flexibility, and cost efficiency, but it also introduces unique…

Read more →

Digital nomads are expressing the most frustration when interacting with organizations offering services in the United States, according to Regula. This revelation comes as a surprise, given that the United States was the most frequented destination for the digital nomad…

Read more →

The fintech market is undergoing a rapid shift, with the rise of new technologies, such as Open Finance, generative AI and A2A (Account-to-Account) payments having a major impact on business models, according to Juniper Research. This is combined with unprecedented…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Creating a formula for effective vulnerability prioritization In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights…

Read more →

Base Operations announced the successful close of a $9.1 million Series A led by Grotech Ventures and Spero Ventures with notable contributions from Vela Partners, Good Growth Capital, Mindset Ventures, Alliance Holdings, and Gaingels. The company is also proud to…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Argus Cyber Security, Cleafy, Kasada, and Stratus. Kasada launches advanced bot defense platform with evolving protection and attack insights Kasada launched its enhanced bot defense…

Read more →

Wi-Fi technology continues to evolve in ways that anticipate the needs of consumers, businesses, enterprise verticals, smart cities, and service providers, according to the Wireless Broadband Alliance. Tiago Rodrigues, CEO of the Wireless Broadband Alliance, revealed predictions for 2024 and…

Read more →

In this Help Net Security video, William Noto, VP and Industry Principal for Claroty, discusses their recent global survey of 1,100 IT and OT security professionals who work in critical infrastructure sectors. When it comes to ransomware attacks, the impact…

Read more →

While tech workers want to learn and organizations are spending thousands of dollars per employee on learning technology, it is not translating into improved on-the-job performance for 4 out of 10 IT employees, according to Skillable. Inadequate training puts workers…

Read more →

Generative AI stands at the forefront of technological innovation, reshaping industries and unlocking new possibilities across various domains. However, as the integration of these technologies continues, a vigilant approach to ethical considerations and regulatory compliance is essential to ensure that…

Read more →

The concept of DCAP solutions was introduced by Gartner experts, as it was clear, that without such solutions information security (IS) specialists would not be able to cope with the protection of data in various silos due to the increase…

Read more →

The new year finds us confronted by a landscape characterized by political uncertainty, social fragmentation, escalating geopolitical tensions, and a turbulent macro-economic backdrop, making it crucial for security leaders to strategically prepare for the forthcoming challenges. Let’s explore the three…

Read more →

The manufacturing industry is embracing digital transformation to fuel efficiency and productivity. However, this evolution is accompanied by profound and growing cybersecurity challenges. In this Help Net Security video, Kory Daniels, CISO at Trustwave, discusses recent comprehensive research highlighting the…

Read more →