Tag: Help Net Security

A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 (M365) accounts. Security researchers at SecurityScorecard are examining possible connections to China-affiliated threat actors, citing evidence of infrastructure linked to CDS Global Cloud…

Read more →

Account takeover (ATO) is one of the most prevalent attack types; Proofpoint says that in 2024, 99% of the customer tenants the company monitors were hit with at least one account takeover attempt, and 62% of the customers experienced at…

Read more →

In this Help Net Security interview, Aaron Roberts, Director at Perspective Intelligence, discusses how automation is reshaping threat intelligence. He explains that while AI tools can process massive data sets, the nuanced judgment of experienced analysts remains critical. Roberts also…

Read more →

In this Help Net Security video, Lee Waskevich, VP of Security at ePlus, discusses how AI deployment demands enhanced governance and stricter controls, particularly in managing data. The recent ePlus AI Readiness survey revealed that the top data concerns among…

Read more →

Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization. It performs large-scale detection and misconfiguration assessments, leveraging customizable templates with detection and misconfiguration fingerprints to identify potential security…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in…

Read more →

For most public sector organizations, digital transformation is a work in progress, with the complexity of integrating new systems and privacy and security concerns remaining key barriers, according to a report by SolarWinds. Only 6% of respondents report having fully…

Read more →

OpenText announced OpenText Core Threat Detection and Response, a new AI-powered cybersecurity solution for threat detection to be generally available with Cloud Editions 25.2. OpenText has expanded its Cybersecurity portfolio in recent years, and its next generation of innovation is…

Read more →

Versa releases Versa Sovereign SASE, allowing enterprises, governments, and service providers to deploy customized networking and security services directly from their own infrastructure in a “do-it-yourself” model. This approach addresses the growing demand for greater control amidst evolving data privacy…

Read more →

Symbiotic Security announced updates to its application and integrated development environment (IDE) extension, further streamlining security for developers by improving usability, accessibility, and real-time security insights. The demand for real-time security solutions is growing as organizations seek to shift security…

Read more →

Apple allows you to lock your notes using your iPhone passcode or a separate password, ensuring your private information stays protected across all your Apple devices, including iOS and macOS. Whether you’re using your iPhone, iPad, or Mac, here’s how…

Read more →

In this Help Net Security interview, Chester Wisniewski, Director and Global Field CISO at Sophos, discusses the shifting ransomware landscape, the risks posed by quantum decryption threats, and the role of vendor security validation. Wisniewski notes that cyber resilience is…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Fortinet, Pangea, Privacera, and Veeam Software. Fortinet enhances FortiAnalyzer to deliver accelerated threat hunting and incident response FortiAnalyzer offers a streamlined entry point to…

Read more →

Compliance & Privacy Specialist McKesson | Remote – View job details As a Compliance & Privacy Specialist, you will identify potential gaps, establish and maintain policies and procedures to guide the business in complying with regulatory requirements, create and deliver…

Read more →

Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static code…

Read more →

Runa launched Runa Assure, a security suite specifically built to fortify payout processes against threats of fraud, cyberattacks, and compliance risks. Runa Assure was purpose-built for instant payout methods, including gift cards, prepaid, and push-to-card, and now protects over two…

Read more →

A new, improved version of Darcula, a cat-themed phishing-as-a-service (PhaaS) platform aimed at serving Chinese-speaking criminals, will be released this month and will allow malicious users to create customized phishing kits to target a wider variety of brands than ever…

Read more →

Since early 2024, ESET researchers have been tracking DeceptiveDevelopment, a series of malicious campaigns linked to North Korea-aligned operators. Disguising themselves as software development recruiters, these threat actors lure victims with fake job offers and deliver software projects embedded with…

Read more →

Privacera announced significant updates to its AI Governance (PAIG) platform, reinforcing its commitment to AI risk management and compliance. These additions align PAIG to the existing National Institute of Standards and Technology’s (NIST) AI Risk Management Framework, offering a comprehensive,…

Read more →

Norton is setting the standard for scam protection with a new range of AI-powered features fully integrated in Norton Cyber Safety products to help protect people from the most widespread cyberthreat of our time. Like the first domino tipping over…

Read more →