Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The stolen 2016 MSA key in combination with…
Tag: Help Net Security
Picus Security helps organizations reduce their threat exposure with AI-driven insights
Picus Security announced Picus Numi AI. As the latest innovation of the Picus Security Validation Platform, this generative AI security analyst empowers any member of a security team to access critical, up-to-date information about their security posture to make purposeful…
Bitwarden releases magic links API to improve passwordless user authentication
Bitwarden strengthened Bitwarden Passwordless.dev with the release of a magic links API. This offering empowers developers to incorporate passwordless authentication into their applications, providing a more secure and user-friendly experience for users. The magic links API enables developers to send…
NVD: NIST is working on longer-term solutions
The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support,” says the U.S. National Institute of Standards…
Owl Talon 3 provides hardware-enforced, one-way data transfers
Owl Cyber Defense Solutions launched next generation of their flagship data diode software platform, Owl Talon 3. This new release represents the first in a planned series of leaps forward for Owl’s hardware-enforced one-way data transfer technology. With an all-new…
TrueMedia.org introduces deepfake detection tool
TrueMedia.org launched its deepfake detection technology for reporters, and other key audiences to use ahead of the 2024 U.S. elections. The free tool is currently available to government officials, fact checkers, campaign staff, universities, non-profits, and reporters of accredited news…
Location tracking and the battle for digital privacy
While some online privacy issues can be subtle and difficult to understand, location tracking is very simple – and very scary. Perhaps nothing reveals more about who we are and what we do than a detailed map of all the…
How Google plans to make stolen session cookies worthless for attackers
Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain access user accounts. Session (i.e., authentication) cookies are stored by browsers when a…
Cybersecurity jobs available right now: April 3, 2024
Cyber Security Manager Charterhouse Middle East | UAE | On-site – View job details The Cyber Security Manager will identify and address potential security issues, define access privileges, implement control structures, and conduct periodic audits. In addition, you’ll also contribute…
Human risk is the top cyber threat for IT teams
After another year rife with cybercrime, IT and cyber leaders are confronted with a new reality. AI and deepfakes can trick even the most well-trained employee, and executing a strong cyber defense is more important than ever. In this Help…
Cyber attacks on critical infrastructure show advanced tactics and new capabilities
In this Help Net Security interview, Marty Edwards, Deputy CTO OT/IoT at Tenable, discusses the impact of geopolitical tensions on cyber attacks targeting critical infrastructure. Edwards highlights the need for collaborative efforts between policymakers, government agencies, and the private sector…
Fortinet upgrades its real-time network security operating system
Fortinet announced the latest version of its FortiOS operating system and other major enhancements to the company’s cybersecurity platform, the Fortinet Security Fabric. FortiOS 7.6 empowers customers to better mitigate risk, reduce complexity, and realize a superior user experience across…
Fastly Bot Management protects websites, apps, and valuable data from malicious automated traffic
Fastly introduced Fastly Bot Management to help organizations combat automated “bot” attacks at the edge and significantly reduce the risk of fraud, DDoS attacks, account takeovers, and other online abuse. Fastly Bot Management represents an important cybersecurity milestone for the…
AT&T data leaked: 73 million customers affected
AT&T has confirmed that the data set leaked on the dark web some two weeks ago does, indeed, contain “AT&T data-specific fields”. The company is reaching out to affected customers and offering credit monitoring services. What type of data has…
LogRhythm Axon enhancements improve data management and operational efficiency
Recent global research reveals 61% of organizations still rely on manual and time-intensive methods for sharing security status updates. In response, LogRhythm announced its 8th consecutive quarterly release. The latest innovations to LogRhythm Axon facilitate seamless dashboard and search import/export…
Veracode acquires Longbow Security to help organizations reduce application risk
Veracode announced the acquisition of Longbow Security, a pioneer in security risk management for cloud-native environments. The acquisition marks the next exciting phase of Veracode, underscoring the company’s commitment to help organizations manage and reduce application risk across the growing…
What the ID of tomorrow may look like
Few joys remain untouched by the necessity of identity verification. With its ubiquitous presence, the call for heightened security, improved accessibility, and seamless authentication resonates loudly for businesses and individuals alike. In response, a tool, or perhaps a reinvented vision…
Cloud Active Defense: Open-source cloud protection
Cloud Active Defense is an open-source solution that integrates decoys into cloud infrastructure. It creates a dilemma for attackers: risk attacking and being detected immediately, or avoid the traps and reduce their effectiveness. Anyone, including small companies, can use it…
Why AI forensics matters now
In this Help Net Security video, Sylvia Acevedo, who serves on the Boards of Qualcomm and Credo, discusses why companies should invest in forensic capabilities and why forensics will be such an important topic as AI continues to be integrated…
73% brace for cybersecurity impact on business in the next year or two
Only 3% of organizations across the globe have the ‘mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to Cisco. The 2024 Cisco Cybersecurity Readiness Index highlights that readiness is down significantly from one year ago,…
6 keys to navigating security and app development team tensions
There will always be a natural tension between cybersecurity teams and developers. After all, it’s the developer’s role to “develop.” They want and are paid to create and ship new applications and features that help move the organization forward. It’s…
How to design and deliver an effective cybersecurity exercise
Armed forces have always utilized war-gaming exercises for battlefield training to prepare for times of conflict. With today’s digital transformation, the same concept is being applied in the form of cybersecurity exercises – tests and simulations based on plausible cyber-attack…
Escalating malware tactics drive global cybercrime epidemic
Evasive, basic, and encrypted malware all increased in Q4 2023, fueling a rise in total malware, according to WatchGuard. Threat actors employ diverse tactics The average malware detections rose 80% from the previous quarter, illustrating a substantial volume of malware…
Infosec products of the month: March 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, AuditBoard, Bedrock Security, Cado Security, Check Point, CyberArk, Cynerio, DataDome, Delinea, Drata, Exabeam, GitGuardian, GitHub, GlobalSign, Legato Security, Legit Security, Malwarebytes, Ordr, Pentera, Portnox,…
Securing privacy in the face of expanding data volumes
One of the primary concerns regarding data privacy is the potential for breaches and unauthorized access. Whether it’s financial records, medical histories, or personal communications, individuals have a right to control who can access their data and for what purposes.…
XZ Utils backdoor update: Which Linux distros are affected and what can you do?
The news that XZ Utils, a compression utility present in most Linux distributions, has been backdoored by a supposedly trusted maintainer has rattled the open-source software community on Friday, mere hours until the beginning of a long weekend for many.…
Week in review: Backdoor found in XZ utilities, weaponized iMessages, Exchange servers at risk
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in…
Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)
A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns. The cause of…
Stream.Security unveils threat investigation and AI-powered remediation capabilities
Stream.Security announced new threat investigation and AI-powered remediation capabilities. The new real-time attack path detection and generative AI-powered remediation tools are part of the real-time exposure management features that the cloud security company is rolling out. With these capabilities, customers…
AI abuse and misinformation campaigns threaten financial institutions
Though generative AI offers financial firms remarkable business and cybersecurity utility, cyberthreats relating to GenAI in financial services are a consistent concern, according to FS-ISAC. Cybercriminals exploit AI for data exfiltration The cybersecurity community’s current consensus is that adversarial usage…
How much does cloud-based identity expand your attack surface?
We all know using a cloud-based identity provider (IdP) expands your attack surface, but just how big does that attack surface get? And can we even know for sure? As Michael Jordan once said, “Get the fundamentals down, and the…
Advanced cybersecurity strategies boost shareholder returns
Companies demonstrating advanced cybersecurity performance generate a shareholder return that is 372% higher than their peers with basic cybersecurity performance, according to a new report from Diligent and Bitsight. Boards under pressure to fortify cyber oversight The escalation in the…
New infosec products of the week: March 29, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Security, CyberArk, GitGuardian, Legit Security, and Malwarebytes. GitGuardian SCA automates vulnerability detection and prioritization for enhanced code health GitGuardian SCA is specifically designed for…
Zero-day exploitation surged in 2023, Google finds
2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting…
Snowflake Data Clean Rooms helps organizations preserve the privacy of their data
Snowflake introduced Snowflake Data Clean Rooms to customers in AWS East, AWS West, and Azure West, revolutionizing how enterprises of all sizes can securely share data and collaborate in a privacy-preserving manner to achieve high value business outcomes in the…
AppViewX partners with Fortanix to address critical enterprise security challenges
AppViewX and Fortanix announced a partnership to offer cloud-delivered secure digital identity management and code signing. Together the companies make it easy to address critical enterprise security challenges with comprehensive, robust and scalable platforms for certificate lifecycle management automation and…
NHS Scotland confirms ransomware attackers leaked patients’ data
NHS Dumfries and Galloway (part of NHS Scotland) has confirmed that a “recognised ransomware group” was able to “access a significant amount of data including patient and staff-identifiable information,” and has published “clinical data relating to a small number of…
Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that US federal…
Enterprises increasingly block AI transactions over security concerns
Enterprises must secure a transformation driven by generative AI (GenAI) bidirectionally: by securely adopting GenAI tools in the enterprise with zero trust while leveraging it to defend against the new AI-driven threat landscape, according to Zscaler. AI has already become…
Debunking compliance myths in the digital era
Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing reliance on…
How CISOs tackle business payment fraud
In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise (BEC), cyber attackers’ use of AI, and securing the supply chain.…
AI weaponization becomes a hot topic on underground forums
The majority of cyberattacks against organizations are perpetrated via social engineering of employees, and criminals are using new methods including AI to supercharge their techniques, according to ReliaQuest. Some 71% of all attacks trick employees via the use of phishing,…
Cybercriminals use cheap and simple infostealers to exfiltrate data
The rise in identity-based attacks can be attributed to a rapid increase in malware, according to SpyCloud. Researchers found that 61% of data breaches in 2023, involving over 343 million stolen credentials, were infostealer malware-related. Of these compromised identity records,…
CyberArk Secure Browser helps prevent breaches resulting from cookie theft
CyberArk launched CyberArk Secure Browser, an identity-centric secure browser, providing enhanced security and privacy alongside a familiar, productive user experience. Backed by intelligent privilege controls and simple to deploy across devices, CyberArk Secure Browser is purpose-built for a cloud-first world,…
AU10TIX’s Digital ID suite identifies potentially fraudulent activities
AU10TIX announced the expansion of its Digital ID solution, which enables businesses to securely verify IDs of all types, including physical, digital, eID, verifiable credentials, and more. AU10TIX’s fully automated Digital ID solution serves as a verification hub for business…
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo Security, told…
Malwarebytes adds AI functionality to ThreatDown Security Advisor
Malwarebytes has added AI functionality to its Security Advisor, available in every ThreatDown Bundle. Leveraging generative AI technology, the new capabilities will transform Security Advisor into a dynamic experience that allows customers to use simple natural language requests to search…
Bedrock Security protects sensitive data within one unified platform
Bedrock Security unveiled its data security platform. Empowering organizations to manage data risk introduced by cloud and generative AI, Bedrock continuously discovers, manages, and protects sensitive data. The platform is powered by data AI Reasoning (AIR) Engine. AIR automatically understands…
Attackers leverage weaponized iMessages, new phishing-as-a-service platform
Scammers are leveraging the Darcula phishing-as-a-service platform, iMessages and Google Messages to great effect. The platform allows them to impersonate a variety of brands based in over 100 different countries: postal services, public and private utilities, packet delivery services, financial…
How security leaders can ease healthcare workers’ EHR-related burnout
Staff experiencing burnout in healthcare settings is not something that security leaders typically worry about – unless, maybe, it is the security team itself that is suffering from it. Healthcare CISOs and privacy officers worry more about the confidentiality and…
Essential elements of a strong data protection strategy
In this Help Net Security interview, Matt Waxman, SVP and GM for data protection at Veritas Technologies, discusses the components of a robust data protection strategy, emphasizing the escalating threat of ransomware. He highlights the importance of backup and recovery…
Cybersecurity jobs available right now: March 27, 2024
Cyber Product Owner UBS | Israel | On-site – View job details Your primary responsibilities will include owning and managing application security testing products, collaborating with the cyber hygiene operational team, and understanding their needs. You will also engage with…
Drozer: Open-source Android security assessment framework
Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. Drozer features The solution enables the identification of security vulnerabilities in applications and devices by taking on…
Cybersecurity essentials during M&A surge
The volume of mergers and acquisitions has surged significantly this quarter. Data from Dealogic shows a 130% increase in US M&A activity, totaling $288 billion. Worldwide M&A has also seen a substantial uptick, rising by 56% to $453 billion. Considering…
Legit Security launches enterprise secrets scanning solution
Legit Security has unveiled its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline. An AI-powered solution that enables secrets discovery beyond source code, Legit’s offering is built to meet the…
Vercara UltraAPI offers protection against malicious bots and fraudulent activity
Vercara has launched UltraAPI, a product suite that protects APIs and web applications from malicious bots and fraudulent activity while ensuring regulatory compliance. Powered by Cequence Security UltraAPI helps organizations protect applications and APIs against cyber threats via three core…
BackBox platform update enhances CVE mitigation and risk scoring
After releasing Network Vulnerability Manager (NVM) in Q4 2023, BackBox has announced a major platform feature update that gives customers the ability to mark irrelevant or already-mitigated Common Vulnerabilities and Exposures (CVEs) as “mitigated,” helping network teams manage CVEs and…
Swimlane partners with Dragos to automate threat detection across both IT and OT environments
Swimlane announced a partnership with Dragos. Through the partnership, the companies are offering a new integration between Swimlane Turbine and the Dragos Platform that enables customers to automate threat detection and enrichment across both IT and OT environments, leveraging AI…
ArmorCode Risk Prioritization provides visibility into security findings with business context
ArmorCode announced ArmorCode Risk Prioritization, providing a 3D scoring approach for managing application security risks. ArmorCode combines the three dimensions of technical severity ratings, unique business context, and insight on whether a threat is being actively exploited to help organizations…
GitGuardian SCA automates vulnerability detection and prioritization for enhanced code health
GitGuardian has released its Software Composition Analysis (SCA) module. SCA directly impacts the health of organizations’ codebase by automating vulnerability detection, prioritization, and remediation in software dependencies. Its additional capabilities ensure code licensing and regulatory compliance, such as generating comprehensive…
17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office for Information Security…
DataVisor’s AML solution helps combat sophisticated financial crimes
DataVisor announced its latest offering: an end-to-end anti-money laundering (AML) solution boasting technology and comprehensive functionalities powered by machine learning and AI. Amidst increasing regulatory compliance requirements and the growing complexity of financial crime tactics, this essential solution stands out…
Apps secretly turning devices into proxy network nodes removed from Google Play
Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that doesn’t sound so…
Reinforcement learning is the path forward for AI integration into cybersecurity
AI’s algorithms and machine learning can cull through immense volumes of data efficiently and in a relatively short amount of time. This is instrumental to helping network defenders sift through a never-ending supply of alerts and identify those that pose…
How threat intelligence data maximizes business operations
Threat intelligence is no longer a ‘nice to have’ for organizations but a ‘must,’ as it provides leaders with critical insight into their business. If leveraged correctly, threat intelligence is not just a cybersecurity asset but also gives organizations a…
Strengthening critical infrastructure cybersecurity is a balancing act
In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks. How do current cybersecurity strategies address the critical infrastructure sectors’…
Scammers exploit tax season anxiety with AI tools
25% of Americans has lost money to online tax scams, according to McAfee. Of the people who clicked on fraudulent links from supposed tax services, 68% lost money. Among those, 29% lost more than $2,500, and 17% lost more than…
Tech industry’s focus on innovation leaves security behind
The rapid digital transformation and technological progress within the technology sector have enlarged the attack surface for companies operating in this space, according to Trustwave. As the sector evolves, the proliferation of Software-as-a-Service (SaaS) providers, cloud infrastructure, and internet-connected systems…
Interos Resilience Watchtower enables companies to monitor vulnerabilities
Interos announced Interos Resilience Watchtower, a personalized risk technology that evolves organizations from monitoring to action. The module allows leaders to build tailored risk models that prioritize at-risk suppliers based on their materiality to the business, for a faster and…
Scammers steal millions from FTX, BlockFi claimants
Customers of bankrupt crypto platform BlockFi have been targeted with a very convincing phishing email impersonating the platform, asking them to connect their wallet to complete the withdrawal of remaining funds. Judging by this Reddit thread, many have fallen for…
APT29 hit German political parties with bogus invites and malware
APT29 (aka Cozy Bear, aka Midnight Blizzard) has been spotted targeting German political parties for the first time, Mandiant researchers have shared. Phishing leading to malware The attack started in late February 2024, with phishing emails containing bogus invitations to…
20 essential open-source cybersecurity tools that save you time
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies. When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of…
8 cybersecurity predictions shaping the future of cyber defense
Among Gartner’s top predictions are the collapse of the cybersecurity skills gap and the reduction of employee-driven cybersecurity incidents through the adoption of generative AI (GenAI). Two-thirds of global 100 organizations are expected to extend directors’ and officers’ insurance to…
How immersive AI transforms skill development
Organizations are becoming more laser-focused on extracting the value of AI, moving from the experimentation phase toward adoption. While the potential for AI is limitless, AI expertise sadly is not. In this Help Net Security video, David Harris, Principal Generative…
Scams are becoming more convincing and costly
Scams directly targeting consumers continue to increase in both complexity and volume, according to Visa. Consumers are increasingly targeted by scammers, who rely on heightened emotions to create fraud opportunities. While the number of individual scam reports from June to…
Cybercriminals use ChatGPT’s prompts as weapons
Developed by OpenAI, ChatGPT has garnered attention across industries for its ability to generate relevant responses to various queries. However, as the adoption of ChatGPT accelerates, so do discussions surrounding its ethical and security implications. Organizations grapple with questions about…
Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Outsmarting cybercriminal innovation with strategies for enterprise resilience In this Help Net Security interview, Pedro Cameirão, Head of Cyber Defense Center at Nokia, discusses emerging…
US organizations targeted with emails delivering NetSupport RAT
Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method. The malware campaign The campaign, dubbed PhantomBlu, takes the form of email messages purportedly coming from…
CISA: Here’s how you can foil DDoS attacks
In light of the rise of “DDoS hacktivism” and the recent DDoS attacks aimed at disrupting French and Alabama government websites, the Cybersecurity and Infrastructure Security Agency (CISA) has updated its guidance of how governmental entities (but also other organizations)…
Ex-Secret Service agent and convicted hacker share stage at GISEC Global
A former United States Secret Service Agent and a Vietnamese former-hacker-turned-cybersecurity-specialist are set to reunite for the first time at GISEC Global 2024 to discuss their unique cat-and-mouse-style chase, which ultimately resulted in an arrest and conviction. Matt O’Neil is…
Attackers are targeting financial departments with SmokeLoader malware
Financially motivated hackers have been leveraging SmokeLoader malware in a series of phishing campaigns predominantly targeting Ukrainian government and administration organizations. The phishing campaign The Ukrainian SSSCIP State Cyber Protection Center (SCPC), together with the Palo Alto Networks Unit 42…
Shadow AI is the latest cybersecurity threat you need to prepare for
Shadow IT – the use of software, hardware, systems and services that haven’t been approved by an organization’s IT/IT Sec departments – has been a problem for the last couple of decades, and a difficult area for IT leaders to…
Organizations under pressure to modernize their IT infrastructures
The use of hybrid multicloud models is forecasted to double over the next one to three years as IT decision makers are facing new pressures to modernize IT infrastructures because of drivers like AI, security, and sustainability, according to Nutanix.…
Inside the book – See Yourself in Cyber: Security Careers Beyond Hacking
In this Help Net Security video, Ed Adams, president and CEO of Security Innovation, discusses his new book See Yourself in Cyber: Security Careers Beyond Hacking. The book, published by Wiley, explores the breadth and depth of cybersecurity careers. It…
New infosec products of the week: March 22, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Drata, GlobalSign, Ordr, Portnox, Sonatype, Tufin, and Zoom. GlobalSign PKIaaS Connector enhances ServiceNow certificate lifecycle management With the upgrades in GlobalSign’s PKIaaS Connector, ServiceNow…
95% of companies face API security problems
Despite the critical role of APIs, the vast majority of commercial decision-makers are ignoring the burgeoning security risk for businesses, according to Fastly. Application Programming Interfaces (APIs) have long been recognised as a bedrock of the digital economy and recent…
Vishal Rao joins Skyhigh Security as CEO
Skyhigh Security announced that it has appointed Vishal Rao as the organization’s next CEO. Rao will succeed former Skyhigh Security CEO Gee Rittenhouse, effective immediately. Rao brings an extensive background in the enterprise software industry, with approximately 25 years of…
AttackIQ Ready! 2.0 enables organizations to validate their cyber defense
AttackIQ announced AttackIQ Ready! 2.0, a managed breach and attack simulation-as-a-service that combines fully automated and on-demand adversary emulation testing that enables organizations to validate their cyber defense. While continuous security control validation is essential for maintaining an adaptive defense…
Veritas Backup Exec enhancements protect SMBs’ critical data
Veritas Technologies announced enhancements to Veritas Backup Exec, the unified backup and recovery solution. The latest updates include malware detection capabilities, role-based access control and additional optimizations for fast backup and recovery of business-critical data. With ransomware attacks on the…
Apricorn releases 24TB hardware encrypted USB drive
Apricorn released a 24TB version of its Aegis Padlock DT and Padlock DT FIPS Desktop Drives. Apricorn brings a 24TB encrypted drive to market, delivering high performance and mass capacity to industries such as healthcare, financial services, education, and government,…
LogicGate introduces cyber and operational risk suite offerings
LogicGate announces the new Cyber Risk Suite and Operational Risk Suite offerings, providing enterprises with purpose-built integrated solutions to efficiently and effectively optimize their Enterprise Risk Management (ERM) and cyber risk programs. Each suite includes applications, integrations, licenses, and services…
Kyndryl partners with Cloudflare to help enterprises migrate to next-generation networks
Kyndryl and Cloudflare announced a Global Strategic Alliance, an expansion of their partnership, to enable enterprises to migrate and manage networks for multi-cloud connectivity and comprehensive network security. The partnership combines Kyndryl’s end-to-end consulting services and expertise across enterprise networking,…
Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware
Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity server, has been…
Fake data breaches: Countering the damage
Amid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions. Earlier this year, a hacker on a criminal forum claimed to have…
Using cloud development environments to secure source code
In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining…
WebCopilot: Open-source automation tool enumerates subdomains, detects bugs
WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting. “I built this solution to streamline the application security process,…
Secrets sprawl: Protecting your critical secrets
Leaked secrets, a phenomenon known as ‘secrets sprawl,’ is a pervasive vulnerability that plagues nearly every organization. It refers to the unintentional exposure of sensitive credentials hardcoded in plaintext within source code, messaging systems, internal documentation, or ticketing systems. As…
Malware stands out as the fastest-growing threat of 2024
93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year, according to Thales. The number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Despite this…
Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)
Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly encourages”…
Zoom Compliance Manager helps organizations fulfill regulatory requirements
Zoom announces Zoom Compliance Manager, an all-in-one offering that provides archiving, eDiscovery, legal hold, and information protection capabilities to help organizations fulfill regulatory requirements and mitigate organizational communications compliance risks across the Zoom platform. “Zoom currently provides compliance and information…