Tag: Help Net Security

Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, AuditBoard, Cranium, Datadog, Eclypsium, ExtraHop, Forcepoint, SentinelOne, Splunk, Sumo Logic, and Trellix. AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the organization…

Read more →

Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) affecting F5’s BIG-IP Next Central Manager. About the vulnerabilities BIG-IP Next is “a completely new incarnation” of F5’s BIG-IP devices/modules, which are used for…

Read more →

On Wednesday, a threat actor named “InteIBroker” put up for sale “access to one of the largest cyber security companies” and immediately ignited speculation about which company it might be. InteIBroker claims to have access to “logs packed with credentials”,…

Read more →

AuditBoard announced powerful enhancements for its InfoSec Solutions to help organizations meet their IT compliance, cyber risk, and vendor risk management needs in the face of rising risks and increased regulatory requirements. With these new capabilities, including enhanced AI automation,…

Read more →

The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is failing Since 1999, NVD analysts have…

Read more →

BigID announced the introduction of AI-guided data security and risk remediation recommendations. These new capabilities empower security teams to eliminate guesswork and more proactively address security risks to improve their overall security posture across their data environment. BigID’s AI-guided data…

Read more →

Secureworks released Secureworks Taegis NDR, to stop nefarious threat actors from traversing the network. The dominance of cloud applications and remote working has created an explosion in network traffic, up over 20% from 2023 to 20241. Adversaries are taking advantage…

Read more →

Critical Start announced the expansion of the frameworks available in its Risk Assessments offering. These additions to the tool expand upon the initial offering, providing additional framework-based assessments for customers to achieve data-driven evaluation, articulation, and monitoring their overall cyber…

Read more →

Skyhigh Security announced strategic additions to its Security Service Edge (SSE) portfolio. In response to an evolving cyber threat landscape and new data security challenges, these new innovations will empower organizations to seamlessly adopt zero-trust principles and enhance data protection…

Read more →

Cybersecurity is a relatively new challenge for many IoT device makers who have traditionally produced non-connected devices. These devices were less vulnerable to exploitation and, as a result, manufacturers often lack the expertise and experience needed to effectively secure their…

Read more →

Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings’ 2024 Global Threat Intelligence Report. Global ransomware crisis After a down year in 2022, ransomware and extortion incidents increased in 2023. More than 5,000 ransomware victims…

Read more →

In this Help Net Security video, Alex Cox, Director of Threat Intelligence at LastPass, discusses how human factors are getting in the way while SMB leaders report investing more time, attention, and budget in cybersecurity. According to LastPass, these factors…

Read more →

Recent cyber incidents demonstrate the healthcare industry continues to be a prime target for ransomware hackers, according to Rubrik. New research by Rubrik Zero Labs reveals that ransomware attacks produce larger impacts against these healthcare targets. In fact, the report…

Read more →

In the process of moving to the cloud, you need a security-first cloud migration strategy that considers both your security and compliance requirements upfront. In this article, we’ll discuss how you can use resources from the Center for Internet Security…

Read more →

Attackers are targeting the scope and scale of the cloud to run rapid and coordinated threat campaigns. A new approach is needed to defend against them, and SentinelOne is delivering it with the launch of Singularity Cloud Native Security. A…

Read more →

Cado Security has introduced a solution for conducting forensic investigations in distroless container environments. With Cado Security’s new offering, security teams can investigate the root cause, scope, and impact of malicious activity detected within distroless container environments to gain greater…

Read more →

Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same local network. “This…

Read more →

CyberSaint released the NIST Cybersecurity Framework (CSF) Benchmarking Feature, which allows CISOs and security teams to measure their NIST posture against industry peers through a historical maturity graph on the CyberStrong Executive Dashboard. Organizations across industries struggle to compare themselves…

Read more →

Ghost Security announced the early access availability of Phantasm, application-specific threat intelligence poised to fill a large gap that currently exists in both threat intelligence and application security. Developed by a team of industry experts from Ghost Labs, the research…

Read more →

MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti…

Read more →