Tag: Help Net Security

DigitalOcean announced updates to its role-based access control (RBAC), a method for managing user access to systems and resources within an organization by assigning permissions to roles rather than to individual users. This updates are highlighted by a new set…

Read more →

Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials enabling the attackers to access the providers’ downstream…

Read more →

Hillstone Networks has launched the latest version of its operating system, StoneOS 5.5R11. This update includes over 200 new functionalities and improvements designed to enhance threat protection and facilitate enterprise network operations in an increasingly complex and demanding environment. Key…

Read more →

RSA announced new passwordless, phishing-resistant capabilities that meet stringent technical standards and can help public sector agencies, contractors, and systems integrators fulfill Executive Order 14028 and National Security Memo 8 to improve the nation’s cybersecurity. The RSA Authenticator App is…

Read more →

Evolving global data privacy regulations are keeping marketers on their toes. In April 2024, the American Privacy Rights Act (APRA) was introduced in the Senate. The proposed bill would create a federal consumer privacy framework akin to the GDPR, which…

Read more →

Data breaches have become an increasingly severe threat, with recent reports highlighting a surge in their frequency and cost. Understanding the latest trends and statistics surrounding data breaches is essential for developing effective strategies to safeguard sensitive information. This article…

Read more →

In this Help Net Security interview, Jean-Philippe Aumasson, discusses the writing and research process for Serious Cryptography, his latest book. With a career steeped in research and practical cryptography, Aumasson offers a rare glimpse into the efforts required to distill…

Read more →

44% of unfolding ransomware attacks were spotted during lateral movement, according to Barracuda Networks. 25% of incidents were detected when the attackers started writing or editing files, and 14% were unmasked by behavior that didn’t fit with known activity patterns.…

Read more →

SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is an improper access control vulnerability in the “SonicWall…

Read more →

Hitachi Vantara and Broadcom announced a new private and hybrid cloud solution. The co-engineered solution brings together Hitachi Vantara’s integrated systems solution of Unified Compute Platform (UCP) RS with VMware Cloud Foundation to assist organizations in navigating the complexities brought…

Read more →

The CrowdStrike event in July clearly demonstrated the risks of allowing a software vendor deep access to network infrastructure. It also raised concerns about the concentration of digital services in the hands of a few companies. A prescient Reddit post…

Read more →

Fastly found 91% of cyberattacks – up from 69% in 2023 – targeted multiple customers using mass scanning techniques to uncover and exploit software vulnerabilities, revealing an alarming trend in attacks spreading across a broader target base. Industries ranked by…

Read more →

Changes witnessed over the last few years have led to larger ransomware groups breaking into smaller units, posing more considerable challenges for law enforcement. Ransomware actors are evading arrest more easily and adapting methods with innovative technologies. In this Help…

Read more →

Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates. With its flexible templating system, Nuclei can be adapted to perform various security checks. It can send requests to multiple targets using customizable templates, ensuring zero false…

Read more →

GenAI adoption has reached a critical phase, with 67% of respondents reporting their organization is increasing its investment in GenAI due to strong value to date, according to Deloitte. “The State of Generative AI in the Enterprise: Now decides Next,”…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. Vulnerabilities in Microsoft macOS apps may give…

Read more →

A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out. CVE-2024-28987 CVE-2024-28987 stems from…

Read more →

Drawbridge released its next generation cyber risk assessment service. Provided as a suite of modules, the solution combines a set of analytics with Drawbridge’s client service. Clients can now benchmark and score their cyber programs to prioritize risk remediation by…

Read more →

After peaking in late 2023, the ransomware industry is beginning to stabilize in productivity, with notable developments in ransomware targets, and industry dynamics, according to WithSecure. Sectors impacted by ransomware (Source: WithSecure) While ransomware productivity has shown signs of leveling…

Read more →

In the first six months of 2024, Hiya flagged nearly 20 billion calls as suspected spam – more than 107 million spam calls everyday. The data showed spam flag rates of more than 20% of unknown calls (calls coming from…

Read more →