Tag: Help Net Security

Sourcepoint announced significant enhancements to its compliance monitoring suite. These solutions are designed to help companies navigate the increasingly complex landscape of digital privacy laws and mitigate risks associated with the growing trend of tracker-based litigation. Companies today face a…

Read more →

CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,” Microsoft…

Read more →

EchoStrike is an open-source tool designed to generate undetectable reverse shells and execute process injection on Windows systems. “EchoStrike allows you to generate binaries that, when executed, create an undetectable RevShell, which can be the first entry point into a…

Read more →

In this Help Net Security video, Sara Behar, Content Manager at YL Ventures, discusses how recent regulatory actions and high-profile legal incidents involving cybersecurity leaders have influenced CISO reporting. In a recent report of the CISO Circuit, YL Ventures set…

Read more →

In this Help Net Security interview, Kristian Kamber, CEO at SplxAI, discusses how security challenges for GenAI differ from traditional software. Unlike predictable software, GenAI introduces dynamic, evolving threats, requiring new strategies for defense and compliance. Kamber highlights the need…

Read more →

As cyberattacks escalate, more regulations are being introduced to help protect organizations and their customers’ data. This has resulted in a complex web of legislation with which companies in the private sector must comply. It can be challenging, as industry…

Read more →

A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation costs for dependency risks are perilously high, function-level reachability analysis still offers the best value in this critical area, according to Endor Labs. The…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could…

Read more →

Rain Technology announced ATM Switchable Privacy, designed to protect consumers against visual hackers and snoopers at ATM terminals in financial institutions, retail stores, restaurants, airports, and other public settings. ATM stats and state of the market With more than three…

Read more →

Nudge Security unveiled new SSPM (SaaS security posture management) capabilities for its SaaS security and governance platform. This enhancement creates the industry’s most comprehensive solution of its kind, combining SaaS discovery, security posture management, spend management, third-party risk, and identity governance…

Read more →

Infrastructure as Code (IaC) has become a widely adopted practice in modern DevOps, automating the management and provisioning of technology infrastructure through machine-readable definition files. What can we to do make IaC secure by default? Security workflows for IaC First,…

Read more →

Cyber insurance is poised for exponential growth over the coming decade, but it remains a capital-intensive peril that requires structural innovation, according to CyberCube. The mid-range projection suggests that the US standalone cyber insurance market could reach $45 billion in…

Read more →

Organizations are grappling with their current NHI (non-human identities) security strategies, according to Cloud Security Alliance and Astrix Security. The high volume of NHIs significantly amplifies the security challenges organizations face. Each NHI can potentially access sensitive data and critical…

Read more →

Organizations must reassess their email security posture as incidents continue to escalate, leading to financial losses. Key findings reveal a significant increase in email attacks, with many successfully bypassing standard security protocols and targeting vulnerable sectors. Business email compromise, phishing,…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Druva, Huntress, Ketch, LOKKER, Tenable, Trellix, and Wing Security. Tenable AI Aware provides exposure insight into AI applications, libraries and plugins Tenable AI Aware leverages…

Read more →

The UK National Crime Agency has arrested and detained a suspect – a 17-year-old male in Walsall (West Midlands) – on suspicion of Computer Misuse Act offences in relation to the Transport for London (TfL) cyberattack, the agency has announced…

Read more →

Druva launched Dru Investigate, a gen AI-powered tool that guides data security investigations using a natural language interface. With Dru Investigate, users across IT, security, legal, and privacy teams can swiftly identify and mitigate data risks, without needing to write…

Read more →

NETSCOUT announced updates to its advanced, scalable deep packet inspection-based Omnis Cyber Intelligence Network Detection and Response (NDR) platform. New MITRE ATT&CK behavioral analytics enable earlier detection of advanced threats like ransomware, suspicious traffic, or unauthorized access attempts while improving…

Read more →

Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution: CVE-2024-45112 and CVE-2024-41869. Nothing in the advisory points to…

Read more →

Every type of fraud is on the rise, and 2023 was a particularly devastating year for victims of cryptocurrency and business email compromise (BEC) scams, according to the FBI. Cryptocurrency fraud Based on complaints filed to FBI’s Internet Crime Complaint…

Read more →