Tag: Help Net Security

OPSWAT announced new advancements to its MetaDefender Kiosk product line. In response to the escalating challenges faced by organizations in managing and handling threats originating from peripheral media such as USBs and bring-your-own-devices (BYOD), OPSWAT continues its commitment to innovation.…

Read more →

AnyDesk Software GmbH, the German company behind the widely used (and misused) remote desktop application of the same name, has confirmed they’ve been hacked and their production systems have been compromised. The statement was published on Friday evening and lacks…

Read more →

Latio Application Security Tester is an open-source tool that enables the usage of OpenAI to scan code from the CLI for security and health issues. Features and future plans James Berthoty, the creator of Latio Application Security Tester, told Help…

Read more →

Privacy is much more than a regulatory compliance matter. Findings from a new Cisco study highlight the growing Privacy concerns with GenAI, trust challenges facing organizations over their use of AI, and the attractive returns from privacy investment. “Organizations see…

Read more →

Escape’s security research team scanned 189.5 million URLs and found more than 18,000 exposed API secrets. 41% of exposed secrets were highly critical, i.e. could lead to financial risks for the organizations. Exposed API secrets The exposed secrets include hundreds…

Read more →

Cybersecurity strategies are essential components of modern organizations, designed to protect digital assets, sensitive information, and overall business continuity from potential cyber threats. As technology advances, the complexity and frequency of cyber attacks continue to grow, making it imperative for…

Read more →

Over the next few years, the number of organizations navigating to the cloud to advance their business goals is expected to grow exponentially. According to Gartner, more than 70% of enterprises will use cloud platforms to accelerate their business initiatives…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Prioritizing cybercrime intelligence for effective decision-making in cybersecurity In this Help Net Security interview, Alon Gal, CTO at Hudson Rock, discusses integrating cybercrime intelligence into…

Read more →

Verimatrix collaboration with AWS to further bolster scalability, availability and ease of use for its Streamkeeper Multi-DRM cloud-based OTT content security platform. Streamkeeper Multi-DRM, a multi-tenant platform deployed on the AWS cloud, is compatible with AWS SPEKE to work seamlessly…

Read more →

DDoS attack trends for the second half of 2023 reveal alarming developments in their scale and sophistication, according to Gcore. The maximum attack power rose from 800 Gbps (1H 2023) to 1.6 Tbps. UDP floods continue to dominate, constituting 62%…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from BackBox, ProcessUnity, SentinelOne, and Vade. ProcessUnity unveils all-in-one platform for third-party risk management With a single, configurable platform, ProcessUnity helps organizations manage the increasing complexity…

Read more →

In this Help Net Security interview, Roland Palmer, VP Global Operations Center at Sumo Logic, discusses key challenges and innovations of the NIS2 Directive, aiming to standardize cybersecurity practices across sectors. NIS2 mandates minimal cybersecurity requirements for member companies, encompassing…

Read more →

The European Commission adopted the implementing regulation concerning the EU cybersecurity certification scheme on Common Criteria (EUCC). The outcome aligns with the candidate cybersecurity certification scheme on EUCC that ENISA drafted in response to a request issued by the European…

Read more →

There is a misconception that only software and technology companies leverage crowdsourced security. However, data contradicts this belief. Companies across various sectors are increasingly adopting crowdsourced security, as reported by Bugcrowd. The government industry sector saw the fastest growth for…

Read more →

69% of identity-based incidents involved malicious logins from suspicious infrastructure, which are hosting providers or proxies that aren’t expected for a user or organization, according to Expel. Identity-based incidents accounted for 64% of all incidents investigated by the Expel SOC,…

Read more →

The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell (CVE-2021-44228) and PwnKit (CVE-2021-4034) vulnerabilities for lateral movement and privilege escalation. The FritzFrog botnet The FritzFrog botnet, initially identified in…

Read more →

Qualys is expanding Qualys CyberSecurity Asset Management (CSAM) to identify unmanaged and untrusted devices in real-time. Leveraging the Qualys Cloud Agent to continuously monitor the network, this passive discovery method complements scans, agents, and API-based discovery to build a comprehensive…

Read more →

Graylog released a free version of Graylog API Security. This API discovery and monitoring tool makes API security accessible to enterprises of all sizes at a time when API-related attacks are on the rise. Uniquely, Graylog API Security enables organizations…

Read more →

The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations. A botnet for probing critical infrastructure organizations The threat actors used the KV botnet malware…

Read more →

Secureworks launched AI-powered Threat Score to silence alert noise and reduce security analyst workload by over 50%. With ransomware dwell times falling, security analysts are under more pressure than ever to make the right decisions about which alerts they investigate.…

Read more →