Tag: Help Net Security

Storm-0501, an affiliate of several high-profile ransomware-as-a-service outfits, has been spotted compromising targets’ cloud environments and on-premises systems. “Storm-0501 is the latest threat actor observed to exploit weak credentials and over-privileged accounts to move from organizations’ on-premises environment to cloud…

Read more →

Microsoft has made changes to Recall – the screenshot-taking, AI-powered search feature for Copilot+ PCs running Windows 11 – to reassure users worried about security and privacy. The security of the feature has been assessed by Microsoft’s Offensive Research &…

Read more →

SCCMSecrets is an open-source tool that exploits SCCM policies, offering more than just NAA credential extraction. SCCM policies are a key target for attackers in Active Directory environments, as they can expose sensitive technical information, including account credentials. Attackers may…

Read more →

Application programming interfaces (APIs) are essential to how generative AI (GenAI) functions with agents (e.g., calling upon them for data). But the combination of API and LLM issues coupled with rapid rollouts is likely to see numerous organizations having to…

Read more →

Open source has become the foundation of modern application development, with up to 98% of applications incorporating open-source components and open-source code accounting for 70% or more of the typical application. In this Help Net Security video, Donald Fischer, CEO…

Read more →

Despite the rise in cyber threats, many people do not have a holistic view of security, according to Yubico. The results of the survey uncovered concerning patterns and behaviors when it comes to personal and workplace cybersecurity, including the extensive…

Read more →

In this Help Net Security interview, Joe Baguley, CTO EMEA at Broadcom, shares insights on private AI and its significance in data security. He explains how it helps organizations maintain control over sensitive information while addressing the complexities of compliance…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Windows Server 2025 gets hotpatching option, without reboots Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able…

Read more →

After much hyping and following prematurely leaked information by a third party, security researcher Simone Margaritelli has released details about four zero-day vulnerabilities in the Common UNIX Printing System (CUPS) that can be abused by remote, unauthenticated attackers to achieve…

Read more →

SpyCloud released new hosted automation solution, SpyCloud Connect, which delivers custom-built automation workflows to Information Security (InfoSec) and Security Operations (SecOps) teams. The solution enables rapid automation of SpyCloud’s suite of identity threat protection products with a vast array of…

Read more →

AuditBoard announced extensions to its modern connected risk platform to help teams improve efficiency, foster collaboration, and increase the rigor and intentionality of their GRC management programs. Available immediately, these functionalities include: AuditBoard analytics enhancements include nine new out-of-the-box workflows…

Read more →

Tosint is an open-source Telegram OSINT tool that extracts useful information from Telegram bots and channels. It’s suited for security researchers, investigators, and others who want to gather insights from Telegram sources. Several law enforcement agencies utilize Tosint to gather…

Read more →

IoT devices have become integral to how many organizations operate. From Smart TVs in conference rooms to connected sensors and wireless security cameras, these connected devices are now a fixture in the modern workplace. They also, however, present a real…

Read more →

In this Help Net Security interview, Nadir Izrael, CTO at Armis, discusses how AI has transformed cyberwarfare by amplifying attacks’ scale and sophistication. Izrael emphasizes the need for AI-powered defenses and proactive cybersecurity strategies to combat these evolving threats. How…

Read more →

iOS 18 allows you to lock and hide apps to protect the information within them by requiring Face ID, Touch ID, or your passcode for access, while also concealing the content from searches, notifications, and various areas throughout the system.…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Absolute, ArmorCode, Bitdefender, Guardsquare, Malwarebytes, NETGEAR, and Nudge Security. Bitdefender debuts GravityZone PHASR, enhancing security through user behavior analysis GravityZone PHASR enables security teams to…

Read more →

Zilla Security launched AI-powered modern IGA platform, which includes Zilla AI Profiles and significantly enhanced provisioning capabilities. These innovations tackle the long-standing challenge of managing hundreds of roles or group membership rules to give users job-appropriate access. The cloud has…

Read more →

Active Directory (AD), Microsoft’s on-premises directory service for Windows domain networks, is so widely used for enterprise identity and access management that compromising it has become almost a standard step in cyber intrusions. “Active Directory is susceptible to compromise due…

Read more →

DoControl released a security product suite for Google Workspace, designed to protect data, identities, configurations, and third-party connected apps. DoControl’s SSPM provides Google Workspace customers with security capabilities that are not offered by Google’s built-in security ecosystem. Adopted by top…

Read more →

Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety vulnerabilities, despite old code (written in C/C++) not having been rewritten. The number of memory safety…

Read more →