Tag: Help Net Security

Debunking compliance myths in the digital era

Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing reliance on…

How CISOs tackle business payment fraud

In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise (BEC), cyber attackers’ use of AI, and securing the supply chain.…

AI weaponization becomes a hot topic on underground forums

The majority of cyberattacks against organizations are perpetrated via social engineering of employees, and criminals are using new methods including AI to supercharge their techniques, according to ReliaQuest. Some 71% of all attacks trick employees via the use of phishing,…

Essential elements of a strong data protection strategy

In this Help Net Security interview, Matt Waxman, SVP and GM for data protection at Veritas Technologies, discusses the components of a robust data protection strategy, emphasizing the escalating threat of ransomware. He highlights the importance of backup and recovery…

Cybersecurity jobs available right now: March 27, 2024

Cyber Product Owner UBS | Israel | On-site – View job details Your primary responsibilities will include owning and managing application security testing products, collaborating with the cyber hygiene operational team, and understanding their needs. You will also engage with…

Drozer: Open-source Android security assessment framework

Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. Drozer features The solution enables the identification of security vulnerabilities in applications and devices by taking on…

Cybersecurity essentials during M&A surge

The volume of mergers and acquisitions has surged significantly this quarter. Data from Dealogic shows a 130% increase in US M&A activity, totaling $288 billion. Worldwide M&A has also seen a substantial uptick, rising by 56% to $453 billion. Considering…

Legit Security launches enterprise secrets scanning solution

Legit Security has unveiled its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline. An AI-powered solution that enables secrets discovery beyond source code, Legit’s offering is built to meet the…

BackBox platform update enhances CVE mitigation and risk scoring

After releasing Network Vulnerability Manager (NVM) in Q4 2023, BackBox has announced a major platform feature update that gives customers the ability to mark irrelevant or already-mitigated Common Vulnerabilities and Exposures (CVEs) as “mitigated,” helping network teams manage CVEs and…

DataVisor’s AML solution helps combat sophisticated financial crimes

DataVisor announced its latest offering: an end-to-end anti-money laundering (AML) solution boasting technology and comprehensive functionalities powered by machine learning and AI. Amidst increasing regulatory compliance requirements and the growing complexity of financial crime tactics, this essential solution stands out…

How threat intelligence data maximizes business operations

Threat intelligence is no longer a ‘nice to have’ for organizations but a ‘must,’ as it provides leaders with critical insight into their business. If leveraged correctly, threat intelligence is not just a cybersecurity asset but also gives organizations a…

Strengthening critical infrastructure cybersecurity is a balancing act

In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks. How do current cybersecurity strategies address the critical infrastructure sectors’…

Tech industry’s focus on innovation leaves security behind

The rapid digital transformation and technological progress within the technology sector have enlarged the attack surface for companies operating in this space, according to Trustwave. As the sector evolves, the proliferation of Software-as-a-Service (SaaS) providers, cloud infrastructure, and internet-connected systems…

Scammers steal millions from FTX, BlockFi claimants

Customers of bankrupt crypto platform BlockFi have been targeted with a very convincing phishing email impersonating the platform, asking them to connect their wallet to complete the withdrawal of remaining funds. Judging by this Reddit thread, many have fallen for…

20 essential open-source cybersecurity tools that save you time

Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies. When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of…

8 cybersecurity predictions shaping the future of cyber defense

Among Gartner’s top predictions are the collapse of the cybersecurity skills gap and the reduction of employee-driven cybersecurity incidents through the adoption of generative AI (GenAI). Two-thirds of global 100 organizations are expected to extend directors’ and officers’ insurance to…

How immersive AI transforms skill development

Organizations are becoming more laser-focused on extracting the value of AI, moving from the experimentation phase toward adoption. While the potential for AI is limitless, AI expertise sadly is not. In this Help Net Security video, David Harris, Principal Generative…

Scams are becoming more convincing and costly

Scams directly targeting consumers continue to increase in both complexity and volume, according to Visa. Consumers are increasingly targeted by scammers, who rely on heightened emotions to create fraud opportunities. While the number of individual scam reports from June to…

Cybercriminals use ChatGPT’s prompts as weapons

Developed by OpenAI, ChatGPT has garnered attention across industries for its ability to generate relevant responses to various queries. However, as the adoption of ChatGPT accelerates, so do discussions surrounding its ethical and security implications. Organizations grapple with questions about…

US organizations targeted with emails delivering NetSupport RAT

Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method. The malware campaign The campaign, dubbed PhantomBlu, takes the form of email messages purportedly coming from…

CISA: Here’s how you can foil DDoS attacks

In light of the rise of “DDoS hacktivism” and the recent DDoS attacks aimed at disrupting French and Alabama government websites, the Cybersecurity and Infrastructure Security Agency (CISA) has updated its guidance of how governmental entities (but also other organizations)…

New infosec products of the week: March 22, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Drata, GlobalSign, Ordr, Portnox, Sonatype, Tufin, and Zoom. GlobalSign PKIaaS Connector enhances ServiceNow certificate lifecycle management With the upgrades in GlobalSign’s PKIaaS Connector, ServiceNow…

95% of companies face API security problems

Despite the critical role of APIs, the vast majority of commercial decision-makers are ignoring the burgeoning security risk for businesses, according to Fastly. Application Programming Interfaces (APIs) have long been recognised as a bedrock of the digital economy and recent…

Vishal Rao joins Skyhigh Security as CEO

Skyhigh Security announced that it has appointed Vishal Rao as the organization’s next CEO. Rao will succeed former Skyhigh Security CEO Gee Rittenhouse, effective immediately. Rao brings an extensive background in the enterprise software industry, with approximately 25 years of…

Veritas Backup Exec enhancements protect SMBs’ critical data

Veritas Technologies announced enhancements to Veritas Backup Exec, the unified backup and recovery solution. The latest updates include malware detection capabilities, role-based access control and additional optimizations for fast backup and recovery of business-critical data. With ransomware attacks on the…

Apricorn releases 24TB hardware encrypted USB drive

Apricorn released a 24TB version of its Aegis Padlock DT and Padlock DT FIPS Desktop Drives. Apricorn brings a 24TB encrypted drive to market, delivering high performance and mass capacity to industries such as healthcare, financial services, education, and government,…

LogicGate introduces cyber and operational risk suite offerings

LogicGate announces the new Cyber Risk Suite and Operational Risk Suite offerings, providing enterprises with purpose-built integrated solutions to efficiently and effectively optimize their Enterprise Risk Management (ERM) and cyber risk programs. Each suite includes applications, integrations, licenses, and services…

Fake data breaches: Countering the damage

Amid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions. Earlier this year, a hacker on a criminal forum claimed to have…

Using cloud development environments to secure source code

In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining…

Secrets sprawl: Protecting your critical secrets

Leaked secrets, a phenomenon known as ‘secrets sprawl,’ is a pervasive vulnerability that plagues nearly every organization. It refers to the unintentional exposure of sensitive credentials hardcoded in plaintext within source code, messaging systems, internal documentation, or ticketing systems. As…

Zoom Compliance Manager helps organizations fulfill regulatory requirements

Zoom announces Zoom Compliance Manager, an all-in-one offering that provides archiving, eDiscovery, legal hold, and information protection capabilities to help organizations fulfill regulatory requirements and mitigate organizational communications compliance risks across the Zoom platform. “Zoom currently provides compliance and information…

RaaS groups increasing efforts to recruit affiliates

Smaller RaaS groups are trying to recruit new and “displaced” LockBit and Alphv/BlackCat affiliates by foregoing deposits and paid subscriptions, offering better payout splits, 24/7 support, and other “perks”. Cybercriminals wanted RaaS operations usually consist of a core group that…

ControlUp Secure DX reduces endpoint management complexity

ControlUp announced Secure DX, a real-time scanning, detection, and remediation solution that improves the security posture of endpoint devices without compromising the digital employee experience. By continuously and autonomously spotting and resolving endpoint vulnerabilities and weak security configurations, Secure DX…

CyberSaint raises $21 million to accelerate market expansion

CyberSaint announced the company has raised $21 million in Series A funding led by Riverside Acceleration Capital (RAC). Additional participating investors include Sage Hill Investors, Audeo Capital, and BlueIO. The funding will build on customer momentum, accelerate market expansion, and…

The most prevalent malware behaviors and techniques

An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence. Malware tactics and techniques The analyzed malware samples were most…

Growing AceCryptor attacks in Europe

ESET Research has recorded a considerable increase in AceCryptor attacks, with detections tripling between the first and second halves of 2023. In recent months, researchers registered a significant change in how AceCryptor is used, namely that the attackers spreading Rescoms…

Nirmata Policy Manager combats cloud security threats

Nirmata announced new features for its flagship product, Nirmata Policy Manager. With today’s increasing cloud security threats, detecting intrusions is no longer enough – the damage may already be done. That’s why Nirmata has developed Nirmata Policy Manager to proactively…

Red teaming in the AI era

As AI gets baked into enterprise tech stacks, AI applications are becoming prime targets for cyber attacks. In response, many cybersecurity teams are adapting existing cybersecurity practices to mitigate these new threats. One such practice measure is red teaming: the…

Security best practices for GRC teams

Even with the best-of-the-best tools and tech stack monitoring vulnerabilities, every security executive and GRC leader should still have some layer of paranoia. If they don’t, that’s a huge issue. In this Help Net Security video, Shrav Mehta, CEO at…

1% of users are responsible for 88% of data loss events

Data loss is a problem stemming from the interaction between humans and machines, and ‘careless users’ are much more likely to cause those incidents than compromised or misconfigured systems, according to Proofpoint. While organizations are investing in ​Data Loss Prevention…

API environments becoming hotspots for exploitation

A total of 29% of web attacks targeted APIs over 12 months (January through December 2023), indicating that APIs are a focus area for cybercriminals, according to Akamai. API integration amplifies risk exposure for enterprises APIs are at the heart…

CalypsoAI Platform provides real-time LLM cybersecurity insights

CalypsoAI has launched the CalypsoAI Platform, a SaaS-based security and enablement solution for generative AI applications within the enterprise. With the new model-agnostic SaaS platform, technology, innovation, and security leaders can harness the power of generative AI and large language…

eSentire Threat Intelligence reduces false positive alerts

eSentire launched its first standalone cybersecurity product, eSentire Threat Intelligence, extending eSentire’s protection and automated blocking capability across firewalls, threat intelligence platforms, email services and endpoint agents. eSentire Threat Intelligence provides mid-market and enterprise organizations with a simple API gateway…

Drata unveils Adaptive Automation for streamlined compliance

Drata has unveiled a new offering, Adaptive Automation. Augmenting the scope of continuous control monitoring and evidence collection, Adaptive Automation empowers GRC professionals to save time and automate even more of their compliance program through customized tests within Drata’s platform,…

NIST’s NVD has encountered a problem

Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who regularly uses the NVD as a…

Vultr Cloud Inference simplifies AI deployment

Vultr launched Vultr Cloud Inference, a new serverless platform. Leveraging Vultr’s global infrastructure spanning six continents and 32 locations, Vultr Cloud Inference provides customers with scalability, reduced latency, and enhanced cost efficiency for their AI deployments. Today’s rapidly evolving digital…

Cybersecurity jobs available right now: March 19, 2024

Central Investigations & Cybersecurity Analyst Meta | USA | On-site – View job details The successful candidate will be able to assess and analyze large amounts of data to identify sources of potential threats and abuses, operate independently in a…