Tag: Help Net Security

33% of Americans have used a sports-related term in a password, according to Bitwarden. Those who have are twice as likely to have used one inspired by a professional sports team (46%) versus a college sports team (22%). 49% of…

Read more →

Phylum announced the availability of the Phylum Threat Feed and its partnership with Sumo Logic. With the Phylum App for Sumo Logic, users can know if their organization has been impacted by software supply chain risks, including: Zero-day attacks Credential…

Read more →

HireRight launched its new global identity verification solution, Global ID. With identity theft and fraud on the rise—and many employees being onboarded and working remotely—it is arguably more important than ever to verify candidates’ identities. HireRight’s new digital Global ID…

Read more →

Netskope has unveiled the completion of the rollout of Localization Zones to its NewEdge security private cloud offering a localized experience for 220 countries and territories, including every non-embargoed UN member state. While a move to a cloud web proxy…

Read more →

Attackers usually gain access to an organization’s cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them in public code repositories. These are long-term access tokens associated with an AWS IAM or…

Read more →

Cybersixgill announced new features and capabilities that take security teams’ threat detection and mitigation efforts to new levels, helping them identify and mitigate vulnerabilities and detect and stop threats more quickly and effectively. Cybersixgill’s new Identity Intelligence module enables centralized…

Read more →

Malwarebytes announced its comprehensive vulnerability assessment module is now included in every ThreatDown bundle at no additional cost via its integrated console. Many IT organizations are struggling with rising cybersecurity costs associated with annual vendor price increases and the necessity…

Read more →

Daon announced the addition of xSentinel, an expansion of its AI.X technology. xSentinel provides adaptive synthetic voice protection to create a layer of defense within any voice communication channel and enhance the identity verification technologies suite on Daon IdentityX and…

Read more →

1Kosmos announced it has completed the integration of its 1Kosmos BlockID platform with Amazon Cognito. As an AWS Advanced Technology Partner, 1Kosmos enables Amazon customers to seamlessly add passwordless multi-factor authentication (MFA) to their customer-facing web and mobile application journeys.…

Read more →

AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an automated fashion. “The method, known as the Tree of Attacks with Pruning (TAP), can be…

Read more →

As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. This will put organizations at higher risk if they don’t adopt a more…

Read more →

Despite advanced security protocols, many cybersecurity incidents are still caused by employee actions. In this Help Net Security video, John Scott, Lead Cybersecurity Researcher at CultureAI, discusses how integrating AI and automation into your cybersecurity strategy can improve employee behaviors…

Read more →

90% of the world’s largest energy companies experienced a third-party breach in the past 12 months, according to SecurityScorecard. Powering the global economy and everyday activities, the energy sector’s significance makes it a key focus for cyber threats. The urgency…

Read more →

OpenTofu is an open-source alternative to Terraform’s widely used Infrastructure as Code provisioning tool. Previously named OpenTF, OpenTofu is an open and community-driven response to Terraform’s recently announced license change from a Mozilla Public License v2.0 (MPLv2) to a Business…

Read more →

Panther Labs launched its new Security Data Lake Search and Splunk Integration capabilities. These offerings mark a critical leap forward in managing security risks in today’s cloud-first landscape. As organizations race to implement machine learning capabilities, they’re increasingly reliant on…

Read more →

Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data vulnerability…

Read more →

Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that…

Read more →

Data Theorem has introduced the API Attack Path Visualization capabilities for the protection of APIs and the software supply chain. This latest enhancement of its API Secure solution empowers organizations with a comprehensive understanding of the attack chain, traversing all…

Read more →

Atsign has unveiled the release of SSH No Ports 4.0. SSH No Ports is a system administration tool used to access remote systems (gateways, industrial PCs, and many other devices) via SSH from anywhere, without the need for network configuration,…

Read more →

Living Security announced Unify Go, a free tool for Living Security training customers that surfaces security vulnerabilities across the workforce by aggregating and correlating employee behavior across security training, phishing, and email security tools. Unify Go is accessible to any…

Read more →