Tag: Help Net Security

Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity server, has been…

Read more →

Amid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions. Earlier this year, a hacker on a criminal forum claimed to have…

Read more →

In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining…

Read more →

WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting. “I built this solution to streamline the application security process,…

Read more →

Leaked secrets, a phenomenon known as ‘secrets sprawl,’ is a pervasive vulnerability that plagues nearly every organization. It refers to the unintentional exposure of sensitive credentials hardcoded in plaintext within source code, messaging systems, internal documentation, or ticketing systems. As…

Read more →

93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year, according to Thales. The number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Despite this…

Read more →

Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly encourages”…

Read more →

Zoom announces Zoom Compliance Manager, an all-in-one offering that provides archiving, eDiscovery, legal hold, and information protection capabilities to help organizations fulfill regulatory requirements and mitigate organizational communications compliance risks across the Zoom platform. “Zoom currently provides compliance and information…

Read more →

DataDome launched DataDome Account Protect. This solution targets the growing threat of account takeovers and fake account creations that organizations worldwide face, providing robust security for login and registration endpoints against account-based attacks for business fraud purposes. Account fraud, particularly…

Read more →

Smaller RaaS groups are trying to recruit new and “displaced” LockBit and Alphv/BlackCat affiliates by foregoing deposits and paid subscriptions, offering better payout splits, 24/7 support, and other “perks”. Cybercriminals wanted RaaS operations usually consist of a core group that…

Read more →

ControlUp announced Secure DX, a real-time scanning, detection, and remediation solution that improves the security posture of endpoint devices without compromising the digital employee experience. By continuously and autonomously spotting and resolving endpoint vulnerabilities and weak security configurations, Secure DX…

Read more →

Semgrep announced Semgrep Assistant, a tool that uses Artificial Intelligence (AI) to drive efficiencies and uncover insights across all phases of an AppSec program, from rule creation to remediation. Semgrep is a static code analysis tool that alerts users about…

Read more →

Apiiro has announced a product integration and partnership with Secure Code Warrior to extend its ASPM technology and processes to the people layer. The partnership combines Apiiro’s deep code analysis and risk context with Secure Code Warrior’s agile learning catalog…

Read more →

CyberSaint announced the company has raised $21 million in Series A funding led by Riverside Acceleration Capital (RAC). Additional participating investors include Sage Hill Investors, Audeo Capital, and BlueIO. The funding will build on customer momentum, accelerate market expansion, and…

Read more →

Portnox introduced its Conditional Access for Applications solution. Available as part of the Portnox Cloud platform, Conditional Access for Applications delivers easy-to-implement passwordless authentication, endpoint risk posture assessment, and automated endpoint remediation for organizations seeking to harden their application security…

Read more →

Venafi introduced SPIFFE (Secure Production Identity Framework For Everyone) support for Venafi Firefly, Venafi’s lightweight workload identity issuer designed to support modern, highly distributed cloud native workloads. As workload identity plays an increasingly fundamental role in cloud native architectures, today’s…

Read more →

An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence. Malware tactics and techniques The analyzed malware samples were most…

Read more →

ESET Research has recorded a considerable increase in AceCryptor attacks, with detections tripling between the first and second halves of 2023. In recent months, researchers registered a significant change in how AceCryptor is used, namely that the attackers spreading Rescoms…

Read more →

Nirmata announced new features for its flagship product, Nirmata Policy Manager. With today’s increasing cloud security threats, detecting intrusions is no longer enough – the damage may already be done. That’s why Nirmata has developed Nirmata Policy Manager to proactively…

Read more →

As AI gets baked into enterprise tech stacks, AI applications are becoming prime targets for cyber attacks. In response, many cybersecurity teams are adapting existing cybersecurity practices to mitigate these new threats. One such practice measure is red teaming: the…

Read more →