Tag: Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers…

Read more →

Binarly announced Binarly Transparency Platform v2.7, a major update that enables corporate defenders to prepare for a mandatory transition to Post-Quantum Cryptography (PQC) standards. As quantum computing advances, the National Institute of Standards and Technology (NIST) has issued fresh guidance…

Read more →

Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a hard-coded IP address and have a backdoor that can be used to download and execute…

Read more →

CyberArk announced Identity Bridge, an endpoint identity security capability that will support identity and privilege sprawl reduction on Linux machines. Identity Bridge will enable organizations to authenticate to Linux systems using centralized accounts, minimizing dependence on outdated authentication methods. This…

Read more →

Deploying AI at the edge brings advantages such as low latency, improved efficiency, and real-time decision-making. It also introduces new attack surfaces. Adversaries could intercept models in transit, manipulate inputs to degrade performance, or even reverse-engineer AI systems to use…

Read more →

Organizations are facing security complexity challenges as they juggle an average of 83 different security solutions from 29 vendors, according to a report by IBM and Palo Alto Networks. It also shows 7 out of 10 surveyed companies with a…

Read more →

Now, more than ever, users can fall prey to word-perfect AI-created phishing campaigns, subtle BEC messages that sound remarkably like the sender, and highly convincing ploys from trusted vendors with legitimate-looking websites and clean domains, according to VIPRE Security Group.…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Absolute Security, Atsign, authID, BackBox, BioConnect, BitSight, BreachLock, Cisco, Commvault, Compliance Scorecard, DataDome, Hiya, IT-Harvest, Lookout, McAfee, Netgear, Oasis Security, and Swimlane. authID PrivacyKey protects…

Read more →

Law enforcement from Germany, Australia, Spain, Greece, Romania, Italy, France and the USA have seized and shut down Cracked and Nulled, the two largest cybercrime forums in the world. The takedown notice (Source: German Federal Criminal Police Office) “The websites…

Read more →

Attackers may have leveraged vulnerabilities in the SimpleHelp remote monitoring and management solution to gain initial access to healthcare organizations. About the vulnerabilities On January 13, 2025, Horizon3.ai researchers revealed their discovery of three vulnerabilities affecting SimpleHelp’s server component, which…

Read more →

Legit Security announced new root cause remediation capabilities, allowing teams to address multiple software vulnerabilities with one practical step. By pinpointing the choke points where remediation actions can address multiple issues at once, security teams accelerate risk reduction and reduce…

Read more →

Oasis Security unveiled Oasis Scout, an Identity Threat Detection and Response (ITDR) solution designed specifically for NHIs, integrated with proprietary AuthPrint technology. Available with Oasis NHI Security Cloud, Oasis Scout delivers high-fidelity threat detection and response capability for NHIs with…

Read more →

In this Help Net Security interview, Sean Cordero, CISO at Zscaler, talks about securing hybrid work and the new challenges it presents to cybersecurity teams. He discusses how hybrid work has exposed gaps in traditional security models while offering advice…

Read more →

Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. ExtensionHound solves this by analyzing Chrome’s internal network state and linking DNS activity to specific extensions.…

Read more →

APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks, according to Wallarm. “Based on our findings, what is clear is that API security is no longer just…

Read more →

Hide My Email is a service that comes with iCloud+, Apple’s subscription-based service. It allows users to generate one-time-use or reusable email addresses that forward messages to their personal inbox without ever revealing their actual email address. This means it…

Read more →

CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, cybersecurity company Greynoise has warned. Successful exploitation would allow attackers to execute arbitrary commands on…

Read more →

Swimlane announced Vulnerability Response Management (VRM) Solution that extends beyond siloed vulnerability management by offering risk-based prioritization, exploit intelligence and recommended remediation workflows. Swimlane AI automation solutions combine the power of AI with human expertise, enabling faster, more accurate decision-making…

Read more →

As US-based AI companies struggle with the news that the recently released Chinese-made open source DeepSeek-R1 reasoning model performs as well as theirs for a fraction of the cost, users are rushing to try out DeepSeek’s AI tool. In the…

Read more →

authID released PrivacyKey, a solution for protecting user biometric data while also avoiding all the compliance issues and risks related to biometric information storage. With the addition of PrivacyKey, authID serves as the ideal partner for organizations that previously delayed…

Read more →