Tag: Help Net Security

Microsoft ICSpector is an open-source forensics framework that enables the analysis of industrial PLC metadata and project files. Architecture The framework provides investigators with a convenient way to scan for PLCs and identify any suspicious artifacts within ICS environments, which…

Read more →

The number of cyber breaches targeting organizations’ supply chains continues to rise, with an average 4.16 breaches reported to be negatively impacting operations this year — a 26% increase from the mean number of 3.29 breaches in 2022, according to…

Read more →

Visa launched Visa Provisioning Intelligence (VPI), an AI-based product designed to combat token fraud at its source. Available as a value-added service for clients, VPI uses machine learning to rate the likelihood of fraud for token provisioning requests, helping financial…

Read more →

DNSFilter announced the expansion of its protective DNS software with a new Generative AI category. DNSFilter’s defense provides organizations of all sizes the ability to secure their network against harmful threats such as malware, botnet, and phishing in order to…

Read more →

Zscaler has unveiled Business Insights, a new addition to its Business Analytics portfolio, which enables organizations to curtail SaaS sprawl and optimize office usage to improve workplace experience while saving money. Additionally, Zscaler unveiled several enhancements to its wider Business…

Read more →

Common Sense Privacy debuts software to help companies better assess and manage privacy regulatory risks. Building on foundational IP from Common Sense Media, the nation’s leading child advocacy nonprofit organization, the platform boasts the most extensive repository of privacy evaluations…

Read more →

Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service (BaaS) for Microsoft 365. Utilizing the power and reliability…

Read more →

Safe Security announced its new SAFE Materiality Assessment Module, enabling security and risk leaders to achieve SEC compliance by estimating and tracking materiality of cyber incidents. Safe Security’s materiality module is based on the fully tunable Factor Analysis of Information…

Read more →

Drata announced its Third-Party Risk Management (TPRM) offering, empowering customers to identify, evaluate, and monitor third-party risks in one centralized and integrated platform. Third-party risk has become a critical element of a strong governance, risk, and compliance (GRC) program, especially…

Read more →

Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications OAuth is an open standard authentication protocol that uses tokens to grant applications access to server resources without having to…

Read more →

Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In December 2023, we delivered…

Read more →

How are organizations performing across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework? A recent analysis by Bitsight and Google reveals some good and some bad results – and room for improvement. What is MVSP? Minimum Viable Secure…

Read more →

Like it or not, data protection will be one of the biggest issues organizations face in 2024. Knowing where to focus compliance efforts will be tricky, with more and more state-level privacy laws becoming effective in the US, creating a…

Read more →

In this Help Net Security video, Gal Sadeh, Head of Data and Security Research at Silverfort, discusses LATMA, a free, open-source tool. It’s engineered with advanced algorithms to track and report any unusual activity within an environment. The tool consists…

Read more →

The ThreatNG Governance and Compliance Dataset is an open-source initiative that aims to democratize access to critical data, fostering transparency, collaboration, and improvement of cybersecurity practices globally. Datasets for organizational insight The open-source datasets offered by ThreatNG provide an understanding…

Read more →

Distinguishing real, business-critical application risks is more challenging than ever. A siloed, ad hoc approach to AppSec generates noisy false positives that overwhelm under-resourced security teams. You need a multidimensional approach that leverages deep context to continuously map, programmatically prioritize,…

Read more →

When it comes to ransomware attacks, the impact on OT environments is catching up to the impact on IT environments, according to Claroty. In Claroty’s previous survey conducted in 2021, 32% of ransomware attacks impacted IT only, while 27% impacted…

Read more →

Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day vulnerabilities, marking only the second time in 2023 that no zero-days were fixed (June…

Read more →

DataDome announced it is taking its bot protection offerings to a whole new level by enabling a new challenge response for customers, called Device Check. This invisible challenge works behind the scenes, validating device-specific signals with proofs of work –…

Read more →

Censys announced two new product tiers of its search tool, Censys Search Solo and Censys Search Teams. These additions are part of a series of strategic initiatives to enhance the security community, including the introduction of Threat Hunting Boot Camps,…

Read more →