Tag: Help Net Security

Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials. “We are aware of recent reports related…

Read more →

Have attackers compromised Snowflake or just their customers’ accounts and databases? Conflicting claims muddy the situation. What is Snowflake? Snowflake is cloud-based data storage and analytics company based in the US, and claims nearly 9,500 organizations around the world as…

Read more →

Personal information of current and former BBC employees has been exposed in a data breach that affected the broadcaster’s in-house pension scheme. More than 25,000 individuals have been affected, according to The Guardian. What data was exposed? “On the 21…

Read more →

Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations’ network. “The vulnerability is particularly critical because…

Read more →

apexanalytix launched Cyber Risk, a solution that automatically assesses the cybersecurity posture of every supplier, continuously monitors the dark web to uncover risk exposure and responds to threats impacting suppliers in real-time. Business partner data breaches account for 15% of…

Read more →

The risk of a cyber breach is the number one global driver for zero trust strategy implementation, according to Entrust. The 2024 State of Zero Trust & Encryption Study surveyed over 4,000 IT security practitioners worldwide. The survey shows that…

Read more →

Encrypted Notepad, an open-source text editor, ensures your files are saved and loaded encrypted with AES-256. With no ads, no network connection required, and no unnecessary features, it’s a tool that simply works. “Like the Windows Notepad app, it has…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Adaptive Shield, Dashlane, Detectify, and Truecaller. Adaptive Shield unveils platform enhancements to improve SaaS security Adaptive Shield has extended the capabilities of its SaaS Security…

Read more →

The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and Exposures (CVEs) for inclusion in the National Vulnerability Database (NVD), the agency has announced on Wednesday.…

Read more →

Applications developed by public sector organizations have more security debt than those created by the private sector, according to Veracode. Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 59% of…

Read more →

With the rise of identity sprawl and system complexity, more businesses are suffering identity-related incidents than ever before, according to IDSA. Identity-related incidents in headlines Identity-related incidents continue to dominate today’s headlines. Clorox, MGM, and Caesars fell prey to social…

Read more →

The National Institute of Standards and Technology (NIST) is launching a new testing, evaluation, validation and verification (TEVV) program intended to help improve understanding of artificial intelligence’s capabilities and impacts. Assessing Risks and Impacts of AI (ARIA) aims to help…

Read more →

Three seconds! That’s how much of your voice an AI voice synthesizer needs to generate a complete clone of your voice. Illegitimate voice cloning and speech synthesis technologies are improving at an incalculable rate of change and are, unfortunately, already…

Read more →

Microsoft has named yet another state-aligned threat actor: Moonstone Sleet (formerly Storm-1789), which engages in cyberespionage and ransomware attacks to further goals of the North Korean regime. “Moonstone Sleet uses tactics, techniques, and procedures (TTPs) also used by other North…

Read more →

GMO GlobalSign announced the rebranding of the company’s certificate automation product, Automated Enrollment Gateway (AEG), to Certificate Automation Manager. The renamed solution reflects the greatly increased capabilities introduced over the years to meet the shifts taking place across the digital…

Read more →

A convincing phishing page and some over-the-phone social engineering allowed a group of crooks to steal over $37 million from unlucky Coinbase Pro users. One of them – Chirag Tomar, a 30-year-old citizen of the Republic of India – has…

Read more →

Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it aggregates logs…

Read more →

Dashlane unveiled Dashlane Nudges, a new automated tool to empower admins to proactively create a more security-conscious workforce and drive better credential security behavior across their organization, reducing the risk of credential theft. Compromised credentials continue to be at the…

Read more →

Transcend raised $40 million in Series B funding led by new investor StepStone Group, with participation from HighlandX and existing investors Accel, Index Ventures, 01 Advisors (01A), Script Capital, and South Park Commons. This brings the total raised to nearly…

Read more →

Cyber risk management has many components. Those who do it well will conduct comprehensive risk assessments, enact well-documented and well-communicated processes and controls, and fully implemented monitoring and review requirements. Processes and controls typically comprise policies, which will include detailed…

Read more →