Category: Help Net Security

BeyondTrust has fixed an unauthenticated command injection vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS) products that may allow remote code execution, and is urging organizations with on-premise installations to test the patch and implement it…

Read more →

Appdome announced that the Appdome Mobile Defense Platform now protects applications running on mobile-enabled platforms like Apple macOS, Apple visionOS, Meta Quest, HarmonyOS Next, Android Auto, Apple CarPlay, Android TV, Apple TV, and Google Play Games for PC. Emerging mobile…

Read more →

GitGuardian unveiled a comprehensive Non-Human Identity (NHI) security strategy with integrations across major secrets management platforms, addressing the growing challenge of secrets sprawl in enterprise environments. With Non-Human Identities—digital references used to authenticate machine-to-machine access—now outnumbering human users 100:1, organizations…

Read more →

Stairwell announces Stairwell Core, which enables organizations to privately collect, store, and continuously reassess executable files so they can confidently determine if malware has affected their systems. Core offers customers an accessible entry point into the Stairwell ecosystem, giving users…

Read more →

What was once primarily a technical role, CISOs now find themselves accountable for organizational risk, regulatory compliance, and even legal liabilities across the entire organization. However, as cyber threats intensify, it’s clear that overseeing cybersecurity operations enterprise-wide is not feasible…

Read more →

In this Help Net Security interview, Vivek Agarwal, Privacy Program Manager at Meta Platforms, shares insights on strategies for reducing time to market, improving vendor onboarding, and updating privacy requirements to ensure compliance across third-party contracts. From leveraging automation and…

Read more →

Google’s open-source tool Vanir enables Android developers to quickly scan custom platform code for missing or applicable security patches. By automating patch validation, Vanir helps OEMs deliver critical security updates faster, enhancing the security of the Android ecosystem. Vanir uses…

Read more →

Breaches in 2024 had less impact on consumers’ trust in brands compared to the previous year (a 6.5% decrease from 62% in 2023 to 58% in 2024), according to a recent Vercara report. Most consumers also remain unaware of the…

Read more →

Malware that’s made specifically to target industrial control systems (ICS), Internet of Things (IoT) and operational technology (OT) control devices is still rare, but in the last few weeks security researchers have identified two salient threats based on samples uploaded…

Read more →

A large-scale malvertising campaign distributing the Lumma infostealer malware via intrusive “ads” leading to fake CAPTCHA pages has been tied by researchers to a threat actor abusing the Monetag ad network. The campaign from the users’ perspective Internet users usually…

Read more →

RunSafe Security has released the RunSafe Security Platform that automates risk identification, exploit prevention, and runtime software monitoring. Now, developers can generate a high-fidelity software bill of materials (SBOM) at build time, ensuring the highest level of accuracy in identifying…

Read more →

Kali Linux 2024.4 includes a broad set of updates and changes. The summary of the changelog since the 2024.3 release from September: Python 3.12 – New default Python version (Au revoir pip, hello pipx). The end of the i386 kernel…

Read more →

Arctic Wolf and BlackBerry announced they have entered into a definitive agreement for Arctic Wolf to acquire BlackBerry’s Cylance endpoint security assets. Cylance is the pioneer of AI-based endpoint protection trusted by thousands of organizations around the world. With this…

Read more →

As the borderless threat ecosystem poses new challenges for companies and governments worldwide, CISA’s 2025-2026 International Plan aims to address this problem. CISA’s plan calls for integrated cyber defense across borders, addressing the complex, global cybersecurity challenges that businesses, governments…

Read more →

In this Help Net Security interview, Jennifer White, Senior Director for Banking and Payments Intelligence at J.D. Power, discusses how financial institutions can improve customer satisfaction during fraud resolution, covering proactive fraud prevention, clear communication, and empathetic issue resolution. White…

Read more →

CISO ONE Security | Israel | Hybrid – View job details As a CISO, you will be responsible for overseeing information security, cybersecurity, application security, and business continuity strategies. The role involves implementing and managing security measures and collaborating with…

Read more →

Serbian police and intelligence officers used Cellebrite forensic extraction software to unlock journalists’ and activists’ phones and install previously unknown Android spyware called NoviSpy, a new Amnesty International report claims. The unlocking was made possible through exploitation of a zero-day…

Read more →

A threat actor tracked as MUT-1244 by DataDog researchers has been targeting academics, pentesters, red teamers, security researchers, as well as other threat actors, in order to steal AWS access keys, WordPress account credentials and other sensitive data. MUT-1244 has…

Read more →

Risk Aperture launched AI360, a solution designed to address the growing cybersecurity risks posed by artificial intelligence (AI). AI360 leverages proprietary algorithms, predictive analytics, and machine learning to deliver actionable insights, helping organizations secure AI systems. Developed from decades of expertise,…

Read more →

Malware peddlers are using NodeLoader, a loader written in Node.js, to foil security solutions and deliver infostealers and cryptominers to gamers. The malicious links in YouTube comments (Source: Zscaler ThreatLabz) Attackers leveraging the Node.js loader In this latest malware delivery…

Read more →