Tag: Help Net Security

In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta recommends role-based access…

Read more →

SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain takeover tools. “SubSnipe does some additional verification after the fingerprinting to find candidates more likely…

Read more →

Adversary Emulation Team Member Australian Federal Police | Australia | On-site – View job details As an Adversary Emulation Team Member you will participate in testing and assessment activities in both domestic and international settings. You will gain exposure to…

Read more →

Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose major risks The report found the GitHub Actions marketplace’s security posture to be especially concerning, with…

Read more →

Secureworks launched Taegis ManagedXDR Plus, a new Managed Detection and Response (MDR) offering that liberates the mid-market from indistinct, cookie cutter security solutions that don’t meet their unique security requirements. This announcement means that this market sector will no longer…

Read more →

The Cloud Security Alliance (CSA) demonstrated its commitment to improving its vendor-neutral cloud security training with the release of the Certificate of Cloud Security Knowledge (CCSK) v5, furnishing cloud stakeholders with the skills they need to optimize the protection of…

Read more →

Druva announced new capabilities to help its customers accelerate the investigation and remediation of cyber threats. The new Threat Hunting capability empowers IT and security teams to search their global data footprint for indicators of compromise (IOCs). Druva is also…

Read more →

The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Trend Micro’s Zero…

Read more →

Harmonic Security launched Harmonic Protect which empowers security teams with the tools to protect sensitive data without the headaches of labeling and complex rules. CISOs using Harmonic have coined it “zero-touch data protection” for its unique ability to protect vast…

Read more →

Rezonate unveiled unified coverage from human to non-human identity security (NHI) with comprehensive capabilities: identity inventory and visibility, security posture, compliance, and identity threat detection and response (ITDR). The platform is taking a unified approach to managing both human and…

Read more →

GMO GlobalSign announced updates to its Automated Certificate Management Environment (ACME) service for internal domain certificates, enabling customers to issue GlobalSign IntranetSSL certificates through its ACME service. ACME is an internet protocol designed to enable enterprises to communicate with a…

Read more →

Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: an enduring campaign that aims to infect Facebook users with the SYS01…

Read more →

McAfee announced the appointment of Craig Boundy as President and CEO, effective August 21, 2024. Boundy, a seasoned executive with over 25 years of leadership experience, joins McAfee from Experian where he served as the global Chief Operating Officer, and…

Read more →

In this Help Net Security interview, Seth Hodgson, SVP of Engineering at Udemy, discusses effective study techniques for cybersecurity certification exams. Hodgson discusses the role of study groups, online forums, and professional networks in certification preparation and shares strategies for…

Read more →

It’s been less than 18 months since the public introduction of ChatGPT, which gained 100 million users in less than two months. Given the hype, you would expect enterprise adoption of generative AI to be significant, but it’s been slower…

Read more →

This article provides an overview of the major data breaches we covered in 2024 so far, highlighting incidents involving Trello, AnyDesk, France Travail, Nissan, MITRE, Dropbox, BBC Pension Scheme, TeamViewer, Advance Auto Parts, and AT&T. Find out what led to…

Read more →

A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user–until now. A team of researchers has developed a simple firmware update that can completely hide the Bluetooth fingerprint, eliminating the vulnerability. Bluetooth signals from mobile devices pose…

Read more →

While previous Olympic games have faced cybersecurity threats, the Games of the XXXIII Olympiad, also known as Paris 2024, will see the largest number of threats, the most complex threat landscape, the largest ecosystem of threat actors, and the highest…

Read more →

AuditBoard launched of out-of-the-box (OOTB) self-assessment tools that enable internal auditors to easily assess and streamline conformance with the new Institute of Internal Auditors (IIA) Global Internal Audit Standards (“Standards”) that go into effect January 9th, 2025. These new capabilities…

Read more →

Yubico and Straxis launched a new Secure Web browsing application called MilSecure Mobile. This application can be adopted by any Defense Department (DOD) organization to enable secure access to protected DOD websites and services by service members and government employees…

Read more →