Tag: Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be…

Read more →

More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%,” ransomware incident response firm Coveware…

Read more →

The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. “Initially, we learned of a new parked domain (help-lastpass[.]com) and immediately marked the website for monitoring should it go live…

Read more →

Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data across standard industry SBOM formats. “he…

Read more →

From branded emails and marketing campaigns to critical protocols, internal portals, and internet traffic, domains are central to digital enterprise operations. They are constantly created for new assets and initiatives. In this Help Net Security video, Mark Flegg, Global Director…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from IDnow, Immuta, Privacera, Redgate, ShadowDragon, and Tanium. ShadowDragon Horizon enhancements help users conduct investigations from any device Horizon is accessible with any internet connection and…

Read more →

Threat actors are continuing to successfully breach across the entire attack surface and the stakes are only getting higher: 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result, according to Pentera.…

Read more →

Gurucul announced enhancements to its federated search capabilities. Gurucul federated search empowers users to run queries from a single console across any data source, including data lakes, cloud object storage, databases, identity systems, threat intel sources, and SIEMs – including…

Read more →

The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary commands on…

Read more →

Redgate has launched an enterprise version of its popular database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations. Redgate Monitor Enterprise offers advanced capabilities for monitoring large, complex…

Read more →

Immuta launched Domains policy enforcement, a new capability in the Immuta Data Security Platform that provides additional controls for data owners to implement a data mesh architecture with domain-specific data access policies. Centralizing data access decisions across organizations often leads…

Read more →

SAS is launching new AI products and services to improve AI governance and support model trust and transparency. Model cards and new AI Governance Advisory services will help organizations navigate the turbulent AI landscape, mitigating risk and helping them pursue…

Read more →

Law enforcement from 19 countries severely disrupted one of the world’s largest phishing-as-a-service platform, known as LabHost. This year-long operation, coordinated at the international level by Europol, resulted in the compromise of LabHost’s infrastructure. International investigation disrupts phishing-as-a-service platform LabHost…

Read more →

Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants — cheap, independently produced, and crudely constructed — on the dark web. The developers of these junk gun variants are attempting to disrupt the traditional affiliate-based ransomware-as-a-service (RaaS)…

Read more →

When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team touches customer identity at some point, the teams that own it differ from organization to…

Read more →

A recent Enea survey highlights a worrying trend in enterprise security: Following ChatGPT’s launch, 76% of businesses are inadequately protected against rising AI-driven vishing and smishing threats. In this Help Net Security video, John Hughes, SVP, Head of Network Security…

Read more →

Most industries continue to run almost two or more months behind in patching software vulnerabilities, endpoints remain vulnerable to threats, and most enterprise PCs must be replaced to support AI-based technologies, according to the Absolute Security Cyber Resilience Risk Index…

Read more →

49.6% of all internet traffic came from bots in 2023, a 2% increase over the previous year, and the highest level Imperva has reported since it began monitoring automated traffic in 2013. For the fifth consecutive year, the proportion of…

Read more →

Armis has acquired Silk Security for a total of $15 million and will integrate the Silk Platform into the Armis Centrix AI-based Vulnerability Prioritization and Remediation solution to supercharge its capabilities and now be able to provide security teams with…

Read more →

While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be as easy a disabling the devices’ telemetry, it has now been comfirmed that this mitigation is ineffectual. “Device telemetry does not need to be…

Read more →