Tag: Help Net Security

In this Help Net Security video, Peter Manev, Chief Strategy Officer at Stamus Networks, discusses a pervasive problem plaguing security analysts called “alert fatigue,” – which occurs when security teams become desensitized to an overwhelming volume of alerts, causing them…

Read more →

Increasing data requests overwhelm IT teams, but security concerns hinder their ability to provide employees with access to timely data, according to CData Software. The majority of Ops professionals feel that they are prohibited from accessing the data they need…

Read more →

Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions 8.5.4…

Read more →

Fortinet announced a comprehensive secure networking solution integrated with Wi-Fi 7. Fortinet’s first Wi-Fi 7 access point, FortiAP 441K, delivers increased speed and capacity, and the new FortiSwitch T1024 is purpose-built with 10 Gigabit Ethernet (GE) access and 90W Power…

Read more →

Skopenow launched Grid, its new 360-degree situational awareness solution. Grid equips security, intelligence, and investigative teams worldwide with enhanced proactive threat intelligence capabilities, enabling real-time detection of risks to people, assets, and operations. In a global landscape marked by uncertainty,…

Read more →

Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit…

Read more →

Accenture and SandboxAQ are partnering to deliver AI and quantum computing solutions to help organizations identify and remediate cybersecurity vulnerabilities. According to recent Accenture research, executives’ top concern for 2024 is the ability to adapt to advancements in technology and…

Read more →

As cyber threats grow more sophisticated, understanding and implementing robust cybersecurity frameworks is crucial for organizations of all sizes. This article lists the most essential cybersecurity frameworks developed to guide businesses and governments in safeguarding their digital assets. From the…

Read more →

OAuth attacks are on the rise. In December, the Microsoft Threat Intelligence team observed threat actors misusing OAuth apps to take over a cloud server and mine cryptocurrency, establish persistence following business email compromise and launch spam activity using the…

Read more →

Tsurugi Linux is a heavily customized open-source distribution focused on supporting DFIR investigations. The project focuses mainly on live forensics analysis, post-mortem analysis, and digital evidence acquisition. Users can also perform malware analysis, OSINT and computer vision activities. “We’ve crafted…

Read more →

Misinformation and disinformation are biggest short-term risks, while extreme weather and critical change to Earth systems are greatest long-term concern, according to the Global Risks 2024 Report from the World Economic Forum. Against a backdrop of systemic shifts in global…

Read more →

A vulnerability (CVE-2023-36025) that Microsoft fixed in November 2023 continues to be exploited by malware peddlers: this time around, the delivered threat is a variant of the Phemedrone Stealer. About the malware Phemedrone Stealer is a piece of malware written…

Read more →

Trellix announced Trellix XDR Platform for Ransomware Detection and Response (RDR), available immediately worldwide. Trellix XDR Platform for RDR provides visibility across an organization’s entire security ecosystem and delivers critical coverage for each stage of a ransomware campaign. The solution…

Read more →

Trellix announced Trellix XDR Platform for Ransomware Detection and Response (RDR), available immediately worldwide. Trellix XDR Platform for RDR provides visibility across an organization’s entire security ecosystem and delivers critical coverage for each stage of a ransomware campaign. The solution…

Read more →

Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About CVE-2024-21591 CVE-2024-21591 is an out-of-bounds write vulnerability that could allow an unauthenticated, network-based threat actor to carry…

Read more →

Adalanche provides immediate insights into the permissions of users and groups within an Active Directory. It’s an effective open-source tool for visualizing and investigating potential account, machine, or domain takeovers. Additionally, it helps identify and display any misconfigurations. What unique…

Read more →

In this Help Net Security video, John Morello, CTO of Gutsy, discusses the often-overlooked aspect of cybersecurity – the offboarding process. He outlines the real-world implications and potential impact on an organization’s security posture if off-boarding isn’t handled thoroughly. The…

Read more →

For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic (and usually poorly-written) email and fire it out to thousands of recipients in the hope that a few might take the bait. Over…

Read more →

In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. Nathaniel anticipates a growing pressure on organizations…

Read more →

Cyber threats targeting government organizations have become increasingly sophisticated, posing significant risks to national security, public infrastructure, and sensitive data. These threats are diverse in nature, originating from various actors such as nation-states, hacktivist groups, and organized cybercrime entities. Governments…

Read more →