Developing responsible AI isn’t a straightforward proposition. On one side, organizations are striving to stay at the forefront of technological advancement. On the other hand, they must ensure strict compliance with ethical standards and regulatory requirements. Organizations attempting to balance…
Tag: Help Net Security
Establishing a security baseline for open source projects
In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) and opportunities for overcoming these challenges. The OpenSSF community has developed open-source security tools and projects,…
How AI affects vulnerability management in open-source software
In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch management has been the…
AI’s rapid growth puts pressure on CISOs to adapt to new security risks
The increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, according to Trellix. GenAI’s impact on CISO responsibility GenAI has rolled out at an immense speed,…
Critical vulnerabilities take 4.5 months on average to remediate
Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA’s deadlines, according to Bitsight. Organizations struggle to remediate critical…
Securing the future through cybersecurity education
In this Help Net Security round-up, we present excerpts from previously recorded videos in which security experts talk about the cybersecurity talent shortage and the role STEM education can play in solving that problem. They also discuss actions needed to…
Download: The Ultimate Guide to the CISSP
The Ultimate Guide to the CISSP covers everything you need about the world’s premier cybersecurity leadership certification. Learn how CISSP and ISC2 will help you navigate your training path, succeed in certification, and advance your career so you’re ready to…
Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging…
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)
Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigger an exploitable…
May 2024 Patch Tuesday forecast: A reminder of recent threats and impact
The thunderstorms of April patches have passed, and it has been pretty calm leading up to May 2024 Patch Tuesday. April 2024 Patch Tuesday turned out to be a busy one with 150 new CVEs addressed by Microsoft. There were…
How secure is the “Password Protection” on your files and drives?
People in certain professions, such as healthcare, law, and corporations, often rely on password protection when sending files via email, believing it provides adequate security against prying eyes. However, simple password protection on a PDF or Excel file is not…
Cybercriminals are getting faster at exploiting vulnerabilities
Cybercriminals are targeting the ever-increasing number of new vulnerabilities resulting from the exponential growth in the number and variety of connected devices and an explosion in new applications and online services, according to Fortinet. It’s only natural that attacks looking…
Nmap 7.95 released: New OS and service detection signatures
Nmap is a free, open-source tool for network discovery and security auditing. It’s valued by systems and network administrators for network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap identifies available hosts on a network, the…
Selfie spoofing becomes popular identity document fraud technique
Document image-of-image was the most prevalent identity (ID) document fraud technique in 2023, occurring in 63% of all IDs that were rejected, according to Socure. Selfie spoofing and impersonations dominate document-related identity fraud Document image-of-image occurs when the user takes…
GenAI enables cybersecurity leaders to hire more entry-level talent
93% of security leaders said public GenAI was in use across their respective organizations, and 91% reported using GenAI specifically for cybersecurity operations, according to Splunk. A total of 1,650 security leaders participated in the global survey, with many reporting…
New infosec products of the week: May 10, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, AuditBoard, Cranium, Datadog, Eclypsium, ExtraHop, Forcepoint, SentinelOne, Splunk, Sumo Logic, and Trellix. AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the organization…
F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)
Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) affecting F5’s BIG-IP Next Central Manager. About the vulnerabilities BIG-IP Next is “a completely new incarnation” of F5’s BIG-IP devices/modules, which are used for…
Zscaler swats claims of a significant breach
On Wednesday, a threat actor named “InteIBroker” put up for sale “access to one of the largest cyber security companies” and immediately ignited speculation about which company it might be. InteIBroker claims to have access to “logs packed with credentials”,…
AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the organization
AuditBoard announced powerful enhancements for its InfoSec Solutions to help organizations meet their IT compliance, cyber risk, and vendor risk management needs in the face of rising risks and increased regulatory requirements. With these new capabilities, including enhanced AI automation,…
CISA starts CVE “vulnrichment” program
The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is failing Since 1999, NVD analysts have…
BigID equips security teams with AI-guided data security and risk remediation recommendations
BigID announced the introduction of AI-guided data security and risk remediation recommendations. These new capabilities empower security teams to eliminate guesswork and more proactively address security risks to improve their overall security posture across their data environment. BigID’s AI-guided data…
Secureworks Taegis NDR identifies malicious activity on the network
Secureworks released Secureworks Taegis NDR, to stop nefarious threat actors from traversing the network. The dominance of cloud applications and remote working has created an explosion in network traffic, up over 20% from 2023 to 20241. Adversaries are taking advantage…
Critical Start adds multiple frameworks to Risk Assessments
Critical Start announced the expansion of the frameworks available in its Risk Assessments offering. These additions to the tool expand upon the initial offering, providing additional framework-based assessments for customers to achieve data-driven evaluation, articulation, and monitoring their overall cyber…
Skyhigh Security boosts data protection measures with AI innovations
Skyhigh Security announced strategic additions to its Security Service Edge (SSE) portfolio. In response to an evolving cyber threat landscape and new data security challenges, these new innovations will empower organizations to seamlessly adopt zero-trust principles and enhance data protection…
Regulators are coming for IoT device security
Cybersecurity is a relatively new challenge for many IoT device makers who have traditionally produced non-connected devices. These devices were less vulnerable to exploitation and, as a result, manufacturers often lack the expertise and experience needed to effectively secure their…
Global ransomware crisis worsens
Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings’ 2024 Global Threat Intelligence Report. Global ransomware crisis After a down year in 2022, ransomware and extortion incidents increased in 2023. More than 5,000 ransomware victims…
Why SMBs are facing significant security, business risks
In this Help Net Security video, Alex Cox, Director of Threat Intelligence at LastPass, discusses how human factors are getting in the way while SMB leaders report investing more time, attention, and budget in cybersecurity. According to LastPass, these factors…
Ransomware attacks impact 20% of sensitive data in healthcare orgs
Recent cyber incidents demonstrate the healthcare industry continues to be a prime target for ransomware hackers, according to Rubrik. New research by Rubrik Zero Labs reveals that ransomware attacks produce larger impacts against these healthcare targets. In fact, the report…
3 CIS resources to help you drive your cloud cybersecurity
In the process of moving to the cloud, you need a security-first cloud migration strategy that considers both your security and compliance requirements upfront. In this article, we’ll discuss how you can use resources from the Center for Internet Security…
SentinelOne Singularity Cloud Native Security simulates harmless attacks on cloud infrastructure
Attackers are targeting the scope and scale of the cloud to run rapid and coordinated threat campaigns. A new approach is needed to defend against them, and SentinelOne is delivering it with the launch of Singularity Cloud Native Security. A…
Cado Security launches solution for forensic investigations in distroless container environments
Cado Security has introduced a solution for conducting forensic investigations in distroless container environments. With Cado Security’s new offering, security teams can investigate the root cause, scope, and impact of malicious activity detected within distroless container environments to gain greater…
Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)
Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same local network. “This…
CyberSaint releases NIST CSF Benchmarking Feature
CyberSaint released the NIST Cybersecurity Framework (CSF) Benchmarking Feature, which allows CISOs and security teams to measure their NIST posture against industry peers through a historical maturity graph on the CyberStrong Executive Dashboard. Organizations across industries struggle to compare themselves…
Ghost Security Phantasm detects attackers targeting APIs
Ghost Security announced the early access availability of Phantasm, application-specific threat intelligence poised to fill a large gap that currently exists in both threat intelligence and application security. Developed by a team of industry experts from Ghost Labs, the research…
MITRE breach details reveal attackers’ successes and failures
MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti…
Traceable launches Generative AI API Security to combat AI integration risks
Traceable AI has revealed an Early Access Program for its new Generative AI API Security capabilities. As enterprises increasingly integrate Generative AI such as Large Language Models (LLMs) into critical applications, they expose those applications to attacks that exploit the…
Photos: RSA Conference 2024
RSA Conference 2024 is taking place at the Moscone Center in San Francisco. Help Net Security is on-site, and this gallery takes you inside the event. The featured vendors are: Sophos, NetSPI, IT-Harvest, Cisco, GitGuardian, Delinea, Splunk, Entrust, and Trellix.…
MITRE and NVIDIA build AI supercomputer for federal agency use
MITRE is building a new capability intended to give its AI researchers and developers access to a massive increase in computing power. The new capability, MITRE Federal AI Sandbox, will provide better experimentation of next generation AI-enabled applications for the…
Cloudflare for Unified Risk Posture identifies cyber threats
Cloudflare announced Cloudflare for Unified Risk Posture, a new suite of risk management solutions designed to streamline the process of identifying, evaluating, and managing cyber threats that pose risk to an organization, across all environments. Powered by Cloudflare’s rich security…
Inpher SecurAI protects the privacy of user inputs on large language models
Inpher released SecurAI, a solution that protects the privacy and security of user inputs on large language models. This release of SecurAI leverages the NVIDIA H100 Tensor Core GPU for maximum speed and performance. “Enterprises need to harness the power…
nodeQ launches PQtunnel to simplify the migration to PQC for both SMEs and large enterprises
nodeQ has developed PQtunnel, a tool designed to assist businesses – ranging from SMEs to large enterprises – in transitioning their end-to-end (E2E) secure communication to PQC. This software application is available in two variants: PQtunnel TLS and PQtunnel SSH,…
Forcepoint ONE Data Security simplifies data protection with zero-trust principles for all organizations
Forcepoint introduced Forcepoint ONE Data Security, an enterprise-grade unified cloud-managed solution designed to simplify data protection with zero-trust principles for all organizations. The new Forcepoint SaaS solution provides unified management for endpoint and multi-channel cloud data security, eliminating the need…
Red Hat launches RHEL AI for streamlined GenAI model testing and deployment
Red Hat has launched Red Hat Enterprise Linux AI (RHEL AI), a foundation model platform that enables users to more seamlessly develop, test and deploy generative AI (GenAI) models. RHEL AI brings together the open source-licensed Granite large language model…
Theori unveils Xint to automate security operations in cloud and hybrid environments
Theori unveiled its latest security management solution, Xint. Xint streamlines and automates security operations across cloud and hybrid environments, providing comprehensive visibility throughout the entire security ecosystem. Xint integrates cloud security, external threat detection, and an advanced Offensive Security AI…
Eclypsium offers protection for GenAI hardware infrastructure
Eclypsium announced new GenAI assessment capabilities for its Supply Chain Security Platform. The new capabilities help secure the fundamental layers of the GenAI tech stack through support for NVIDIA hardware and popular GenAI foundation models. As demand for GenAI skyrockets,…
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)
Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam Service Provider Console is a cloud platform used by managed services providers (MSPs) and enterprises to…
AppOmni introduces ZTPM for enhanced cisibility in SaaS security
AppOmni unveiled AppOmni Zero Trust Posture Management (ZTPM), a solution set that strengthens security in modern infrastructures by bridging a critical gap in network-centric zero trust (ZT) architectures. Specifically, the framework provides visibility and monitoring into the configuration, security posture,…
ExtraHop releases AI tools to automate SOC workflows
ExtraHop has revealed a set of AI tools in the RevealX platform designed to automate SOC workflows and relieve analyst fatigue. Against the backdrop of a rapidly expanding threat landscape and alert overload, SOC analysts are increasingly overworked and under-resourced.…
Forgepoint Capital boosts Nudge Security’s seed round
Nudge Security announced new funding from Forgepoint Capital, which joins Ballistic Ventures in bringing the fast-growing startup’s seed funding to $16.5 million. Forgepoint Co-Founder and Managing Director Alberto Yépez will join the Nudge Security board. “With its patented, turnkey…
AppViewX AVX ONE provides visibility, automation and control of certificates and keys
AppViewX announced AVX ONE, a fully integrated SaaS-based CLM platform for PKI, IAM, security, DevOps, cloud, platform and application teams. AVX ONE provides enterprise scale, visibility, automation and control of certificates and keys. It enables governance, and remediation, and crypto-agility…
New Relic introduces Secure Developer Alliance for enhanced security insights
New Relic launched Secure Developer Alliance. Industry leaders including FOSSA, Gigamon, Lacework, Aviatrix, and Opus are among the first to join the alliance, which provides them with pragmatic research, education, and guidance to implementing observable security. In addition, the Secure…
Liongard unveils Managed Attack Surface Solution for SMBs, mid-market, and enterprise clients
Liongard unveils its latest innovation: the Managed Attack Surface Solution for SMBs, mid-market, and enterprise clients. This solution combines its ASM platform with the expertise of its extensive global managed IT service partner network, providing comprehensive visibility, protection and resources…
Accenture partners with Mandiant to improve cybersecurity operations
Accenture and Mandiant, part of Google Cloud, are teaming up to collaboratively deliver cyber resilience services to help organizations more efficiently detect, investigate, respond to and recover from cyberattacks. As part of the partnership, Accenture will utilize Mandiant Threat Intelligence,…
Bitwarden adds mobile passkey support for everyone
Bitwarden has announced the availability of mobile passkey support for everyone. Setting Bitwarden as the default passkey provider, users can generate and use passkeys seamlessly on mobile devices and desktop browsers, combining the convenience of synced vaults with the seamless…
Relyance AI release Asset Intelligence and DSPM for data visibility and compliance
Relyance AI unveiled the release of Asset Intelligence and Data Security Posture Management, the first DSPM solution to bring together complete asset-level visibility and lineage to all sensitive enterprise data in the context of contractual and regulatory obligations. Security and…
97% of organizations hit by ransomware turn to law enforcement
Sophos has released additional findings from its annual “State of Ransomware 2024” survey. According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government bodies for help…
Security tools fail to translate risks for executives
Organizations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats, according to Dynatrace. The results indicate that CISOs encounter challenges in aligning security teams with the C-suite, resulting in organizational gaps in understanding cyber risk.…
Cybersecurity jobs available right now: May 8, 2024
CISO Pinsent Masons | United Kingdom | Hybrid – View job details As a CISO, you will be responsible for the overall security posture of the organisation, ensuring the organisation’s information and technology assets are protected from internal and external…
Pktstat: Open-source ethernet interface traffic monitor
Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platforms, it employs generic PCAP live wire capture. Pktstat is a versatile tool that doesn’t rely on advanced or…
The complexities of third-party risk management
In this Help Net Security video, Brad Hibbert, Chief Strategy Officer and Chief Operating Officer for Prevalent, discusses five interesting findings from a recent industry study on third-party risk management and what he thinks they mean for cybersecurity professionals and…
How workforce reductions affect cybersecurity postures
In its State of Pentesting Report, Cobalt reveals an industry struggling to balance the use of AI and protecting against it, while facing significant resource and staffing constraints. Pentesting plays a key role in addressing this challenge, equipping organizations with…
LockBit leader unmasked: US charges Russian national
Russian national Dmitry Khoroshev is “LockBitSupp”, the creator, developer and administator of the infamous LockBit ransomware group, according to UK, US and Australia law enforcement agencies. The US Justice Deparment has unsealed charges against Khoroshev and the US Department of…
Abnormal extends Account Takeover Protection to cloud apps, introduces AI Security Mailbox
Abnormal Security is expanding its Account Takeover Protection product line beyond email to provide visibility into cross-platform user behavior and centralize compromised account detection and remediation across identity, collaboration, and cloud infrastructure applications. In addition, the company is launching AI…
Dynatrace enhances its platform with new Kubernetes Security Posture Management capabilities
Dynatrace is enhancing its platform with new Kubernetes Security Posture Management (KSPM) capabilities for observability-driven security, configuration, and compliance monitoring. This announcement follows the rapid integration of Runecast technology into the Dynatrace platform following the company’s successful acquisition earlier this…
Akamai to acquire Noname for $450 million
Akamai Technologies has announced that it has entered into a definitive agreement to acquire application programming interface (API) security company, Noname Security. Noname, one of the top API security vendors in the market, will enhance Akamai’s existing API Security solution…
Ransomware operations are becoming less profitable
As the number of real (and fake) victims of ransomware gangs continues to rise, the number of ransomware payments is falling, along with the average ransom payment. The reasons behind this decrease are many: increased cyber resilience of organizations (which…
Vectra AI Platform enhancements combat GenAI attacks
Vectra AI announced an expansion of the Vectra AI Platform to protect enterprises from new threat vectors introduced by the rapid adoption of GenAI tools. The Vectra AI Platform’s patented Attack Signal Intelligence uses behavior-based AI to defend against cyber…
BigID introduces dual-scanning capabilities for cloud native workloads
BigID has introduced a new advancement in cloud data security, privacy, and governance with the launch of its dual-scanning technology. BigID’s dual, or “hybrid”, scanning technology gives organizations speed, efficiency, and flexibility by combining side-scanning and direct scanning techniques to…
Cranium AI Exposure Management Solution helps organizations secure internal and third-party AI systems
Cranium has launched Cranium AI Exposure Management, the exposure management solution to help organizations protect and secure internal and third-party AI solutions. The Cranium Platform features an AI-augmented workflow with a secure LLM architecture paired with proprietary threat intelligence to…
Datadog Event Management helps teams reduce alert fatigue
Datadog released IT Event Management to its suite of AIOps capabilities. With Event Management, Datadog intelligently consolidates, correlates and enriches all alert events and important signals from Datadog and existing third-party observability tools into one consistent view. This process reduces…
Elastic’s Search AI to transform SOCs with AI-driven SIEM solutions
Elastic has announced that Search AI will replace the traditional SIEM with an AI-driven security analytics solution for the modern SOC. Powered by the Search AI platform, Elastic Security is replacing largely manual processes for configuration, investigation and response by…
Sumo Logic’s analytics capabilities allow security teams to find insights within their data
Sumo Logic announced new AI and security analytics capabilities that allow security and development teams to align around a single source of truth and collect and act on data insights more quickly. These advancements, bolstered by Sumo Logic’s free data…
Forescout AI enables security leaders to make confident, informed decisions
Forescout introduced its AI product strategy built to help business leaders and security operators synthesize connected device threats and make decisions with clarity and confidence. “Many cybersecurity vendors have flooded the market with solutions that apply generative AI capabilities to…
Code42 unveils source code exfiltration detection and protection capabilities
Code42 has advanced its Incydr data protection product with new capabilities to see and stop source code leak and theft and ensure organizations can prevent potential breaches, without burdening developers or security analysts. Source code is the most important intellectual…
Trellix Database Security protects sensitive data
Trellix announced an enhanced Trellix Database Security, available immediately. Trellix Database Security strengthens customers’ overall security posture by protecting sensitive data in leading database types, including legacy databases, from advanced threats while supporting compliance initiatives. “Data can be an organization’s…
Arctic Wolf Cyber Resilience Assessment helps organizations advance business resilience
Arctic Wolf released the Arctic Wolf Cyber Resilience Assessment, a risk assessment tool designed to help businesses of almost any size advance their cyber resilience and improve insurability by effectively mapping their security posture against industry-standard frameworks. The release of…
Cybercrime stats you can’t ignore
In this article, you will find excerpts from various reports that offer stats and insights about the current cybercrime landscape. Behavioral patterns of ransomware groups are changing GuidePoint Security | GRIT Q1 2024 Ransomware Report | April 2024 Q1 2024…
6 tips to implement security gamification effectively
There’s not a CISO in the industry who’s not aware of the extremely short median CISO tenure. That’s why the best CISOs are those who constantly seek ways to strengthen their teams. They help members evolve and grow in their…
The strategic advantages of targeted threat intelligence
In this Help Net Security video, Gabi Reish, Chief Business Development and Product Officer at Cybersixgill, discusses the role of threat intelligence in every enterprise’s security stack. Threat intelligence plays a significant role in proactively managing a company’s threat exposure.…
Ransomware activity is back on track despite law enforcement efforts
Despite significant disruptions for high-profile ransomware gangs LockBit and BlackCat, Q1 2024 became the most active first quarter ever recorded — a 21% increase over Q1 2023, according to Corvus Insurance. In January, Corvus reported that global ransomware attacks in…
Only 45% of organizations use MFA to protect against fraud
Most businesses struggle with identity verification and have concerns over ability to protect against AI, according to Ping Identity. Despite stronger protection solutions available, many organizations aren’t taking full advantage. The report, based on responses from 700 IT decision-makers across…
Swimlane Marketplace simplifies automation for security teams
Swimlane announced the Swimlane Marketplace, a full-stack modular marketplace for security automation. The Swimlane Marketplace goes beyond the typical marketplace by facilitating seamless integration and simplifying automation, empowering organizations to streamline security operations (SecOps) across any technology stack or use…
Tidal Cyber unveils customizations and integrations that improve data-driven defense
Tidal Cyber announced new innovation in its Tidal Cyber Enterprise Edition with customizations and integrations that improve data-driven defense against adversaries. The platform fully operationalizes Threat-Informed Defense, empowering enterprise security teams to save time and money while vastly improving their…
Anomali introduces AI-powered Security Operations Platform
Anomali unveiled its AI-powered Security Operations Platform. At the center of it is an omnipresent and intelligent Anomali Copilot that automates important tasks and seamlessly reports to management in seconds. The Copilot navigates a proprietary cloud-native security data lake that…
Splunk Asset and Risk Intelligence accelerates security investigations
Splunk announced Splunk Asset and Risk Intelligence, a solution designed to power the SOC of the future by helping businesses streamline compliance, reduce cyber risk and eliminate the sources of shadow IT. This new addition builds upon Splunk’s robust security…
NinjaOne platform enhancements help security teams identify potential vulnerabilities
NinjaOne has expanded its platform offerings with endpoint management, patch management, and backup capabilities. Now, organizations can easily access the visibility and control needed to ensure confidence in the face of mounting security concerns. Endpoints are one of the top…
BlackBasta claims Synlab attack, leaks some stolen documents
The BlackBasta ransomware / cyber extortion gang is behind the recent cyber attack that resulted in the temporary shutdown of operations at Synlab Italia. The group claimed the attack on their leak site on Saturday and says they have exfiltrated…
Proofpoint enhances email security with pre-delivery social engineering and link protection
Proofpoint has unveiled two innovations that redefine email security with the most comprehensive and effective end-to-end email protection across the entire email delivery chain. Uniquely combining new pre-delivery, click-time, and post-delivery detections, Proofpoint’s enhanced core email security packages now include:…
McAfee and Intel collaborate to combat deepfakes with Deepfake Detector
McAfee has unveiled enhancements to its AI-powered deepfake detection technology leveraging the power of the NPU in Intel Core Ultra processor-based PCs. The advanced AI-powered technology that underpins McAfee Deepfake Detector (previously known as ‘Project Mockingbird’) made its debut earlier…
Strategies for preventing AI misuse in cybersecurity
As organizations increasingly adopt AI, they face unique challenges in updating AI models to keep pace with evolving threats while ensuring seamless integration into existing cybersecurity frameworks. In this Help Net Security interview, Pukar Hamal, CEO at SecurityPal, discusses the…
How to prepare for the CISSP exam: Tips from industry leaders
The Certified Information Systems Security Professional (CISSP) is the most widely recognized certification in the information security industry. CISSP certifies that an information security professional possesses extensive technical and managerial expertise for designing, engineering, and managing an organization’s security stance.…
Organizations go ahead with AI despite security risks
AI adoption remains sky high, with 54% of data experts saying that their organization already leverages at least four AI systems or applications, according to Immuta. 79% also report that their budget for AI systems, applications, and development has increased…
How MFA can improve your online security
In this Help Net Security round-up, we present excerpts from previously recorded videos in which security experts talk about multi-factor authentication (MFA). By requiring users to provide multiple forms of verification before granting access, MFA significantly enhances security posture, mitigating…
Privacy requests increased 246% in two years
Data Subject Requests (DSRs) — formal requests made to a company by a person to access, delete, or request not to sell/share the personal data that the company holds on them — increased by 32% from 2022 to 2023, according…
eBook: CISSP fundamentals in focus
From the technical tools that help manage access control to non-technical skills like collaboration, learn about the fundamentals required in cybersecurity – and how CISSP guides you with the knowledge and skills you need to succeed. Inside the eBook: The…
Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls…
Bug hunters can get up to $450,000 for an RCE in Google’s Android apps
Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains. “We increased reward amounts by up to 10x in some categories (for example Remote Arbitrary Code Execution in a Tier…
Trellix Wise automates security workflows with AI, streamlining threat detection and remediation
Trellix has unveiled Trellix Wise, a powerful suite of traditional and Generative Artificial Intelligence (GenAI) tools to drastically reduce cyber risk. Trellix Wise extends across the Trellix XDR Platform to discover and neutralize threats more efficiently while lowering security operations…
Cyble Vision X covers the entire breach lifecycle
Cyble is launching Cyble Vision X, the successor to its Cyble Vision 2.0 threat intelligence platform, to elevate the user experience by empowering decision-makers with immediate access to critical information. The comprehensive release infuses artificial intelligence (AI) into every aspect…
Microsoft, Google widen passkey support for its users
Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique passwords to secure out digital lives. Despite decades of often-repeated statements proclaiming the death…