Category: Help Net Security

US charges suspected LockBit ransomware developer

The US Department of Justice has unsealed charges against Rostislav Panev, 51, a dual Russian and Israeli national, suspected of being a developer for the LockBit ransomware group. Panev was arrested in August 2024 and is currently in custody in…

Evilginx: Open-source man-in-the-middle attack framework

Evilginx is an open-source man-in-the-middle attack framework designed to phish login credentials and session cookies, enabling attackers to bypass 2FA safeguards. “Back in 2017, I was experimenting with extracting cookies from one browser and importing them into another. I realized…

How companies can fight ransomware impersonations

As these threat actors become increasingly strategic and harder to detect, organizations must take all measures to protect their data, including cybersecurity training. In this Help Net Security video, Rodman Ramezanian, Global Cloud Threat Lead at Skyhigh Security, discusses how…

What open source means for cybersecurity

With outdated and inadequately maintained components, along with insecure dependencies, the open-source ecosystem presents numerous risks that could expose organizations to threats. In this article, you will find excerpts from 2024 open-source security reports that can help your organization strengthen…

CISA: Use Signal or other secure communications app

In the wake of the widespread compromise of US telecom giants’ networks by Chinese hackers and the FBI advising Americans to use end-to-end encrypted communications, CISA is advising “highly targeted individuals” – senior government officials and politicians – to lock…

AI is becoming the weapon of choice for cybercriminals

AI changes how organizations look at cybersecurity GenAI is compromising security while promising efficiency This article highlights key findings from 2024 reports on AI and GenAI technologies, focusing on their potential and major challenges. Overreliance on GenAI to develop software…

Why cybersecurity is critical to energy modernization

In this Help Net Security interview, Anjos Nijk, Managing Director of the European Network for Cyber security (ENCS), discusses cybersecurity in the energy sector as it modernizes with renewable sources and smart grid technologies. Nijk also addresses the need for…

New infosec products of the week: December 20, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Appdome, GitGuardian, RunSafe Security, Stairwell, and Netwrix. GitGuardian launches multi-vault integration to combat secrets sprawl GitGuardian unveiled a comprehensive Non-Human Identity (NHI) security strategy with…

Ukrainian hacker gets prison for infostealer operations

Ukrainian national Mark Sokolovsky was sentenced to 60 months in federal prison for one count of conspiracy to commit computer intrusion. According to court documents, he conspired to operate the Raccoon Infostealer as a malware-as-a-service (MaaS). Individuals who deployed Raccoon…

NetSPI introduces external attack surface management solutions

NetSPI introduced three tiers of external attack surface management (EASM) solutions, delivered through the The NetSPI Platform. The new offerings address the evolving needs of NetSPI’s global customer base, to move toward a continuous threat exposure management (CTEM) model and…

GitGuardian launches multi-vault integration to combat secrets sprawl

GitGuardian unveiled a comprehensive Non-Human Identity (NHI) security strategy with integrations across major secrets management platforms, addressing the growing challenge of secrets sprawl in enterprise environments. With Non-Human Identities—digital references used to authenticate machine-to-machine access—now outnumbering human users 100:1, organizations…

Stairwell Core boosts threat intelligence for security teams

Stairwell announces Stairwell Core, which enables organizations to privately collect, store, and continuously reassess executable files so they can confidently determine if malware has affected their systems. Core offers customers an accessible entry point into the Stairwell ecosystem, giving users…

CISO accountability: Navigating a landscape of responsibility

What was once primarily a technical role, CISOs now find themselves accountable for organizational risk, regulatory compliance, and even legal liabilities across the entire organization. However, as cyber threats intensify, it’s clear that overseeing cybersecurity operations enterprise-wide is not feasible…

Vanir: Open-source security patch validation for Android

Google’s open-source tool Vanir enables Android developers to quickly scan custom platform code for missing or applicable security patches. By automating patch validation, Vanir helps OEMs deliver critical security updates faster, enhancing the security of the Android ecosystem. Vanir uses…

Malvertising on steroids serves Lumma infostealer

A large-scale malvertising campaign distributing the Lumma infostealer malware via intrusive “ads” leading to fake CAPTCHA pages has been tied by researchers to a threat actor abusing the Monetag ad network. The campaign from the users’ perspective Internet users usually…

RunSafe Security Platform enhances risk management with automation

RunSafe Security has released the RunSafe Security Platform that automates risk identification, exploit prevention, and runtime software monitoring. Now, developers can generate a high-fidelity software bill of materials (SBOM) at build time, ensuring the highest level of accuracy in identifying…

The shifting security landscape: 2025 predictions and challenges

As the borderless threat ecosystem poses new challenges for companies and governments worldwide, CISA’s 2025-2026 International Plan aims to address this problem. CISA’s plan calls for integrated cyber defense across borders, addressing the complex, global cybersecurity challenges that businesses, governments…

Cybersecurity jobs available right now: December 17, 2024

CISO ONE Security | Israel | Hybrid – View job details As a CISO, you will be responsible for overseeing information security, cybersecurity, application security, and business continuity strategies. The role involves implementing and managing security measures and collaborating with…

Serbian government used Cellebrite to unlock phones, install spyware

Serbian police and intelligence officers used Cellebrite forensic extraction software to unlock journalists’ and activists’ phones and install previously unknown Android spyware called NoviSpy, a new Amnesty International report claims. The unlocking was made possible through exploitation of a zero-day…

Risk Aperture AI360 manages AI-specific vulnerabilities and threats

Risk Aperture launched AI360, a solution designed to address the growing cybersecurity risks posed by artificial intelligence (AI). AI360 leverages proprietary algorithms, predictive analytics, and machine learning to deliver actionable insights, helping organizations secure AI systems. Developed from decades of expertise,…

Evasive Node.js loader masquerading as game hack

Malware peddlers are using NodeLoader, a loader written in Node.js, to foil security solutions and deliver infostealers and cryptominers to gamers. The malicious links in YouTube comments (Source: Zscaler ThreatLabz) Attackers leveraging the Node.js loader In this latest malware delivery…

Trapster Community: Open-source, low-interaction honeypot

Trapster Community is an open-source, lightweight, low-interaction honeypot designed for deployment within internal networks. It enhances network security by creating a deceptive layer that monitors and detects suspicious activities. “Our reengineered approach leverages the asyncio library, breaking away from the…

Celigo Private Cloud enhances security and connectivity

Celigo introduced Celigo Private Cloud, a transformative solution offering enterprises fully private automation instances. Designed for businesses that prioritize enhanced security, control, and compliance, Celigo Private Cloud empowers organizations to scale their automation strategies with confidence. Today, enterprises increasingly rely…

Rubrik Turbo Threat Hunting accelerates cyber recovery

As organizations around the world struggle with extended downtime and revenue loss due to widespread cyberattacks, Rubrik announces Rubrik Turbo Threat Hunting. This new feature is designed to accelerate cyber recovery and enables organizations to locate clean recovery points across…

FuzzyAI: Open-source tool for automated LLM fuzzing

FuzzyAI is an open-source framework that helps organizations identify and address AI model vulnerabilities in cloud-hosted and in-house AI models, like guardrail bypassing and harmful output generation. FuzzyAI offers organizations a systematic approach to testing AI models against various adversarial…

New infosec products of the week: December 13, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Cato Networks, Horizon3.ai, SecureAuth, Stamus Networks, Trellix, and Versa Networks. Trellix Drive Encryption enhances security against insider attacks Trellix Drive Encryption offers enhanced security against…

Cleo patches zero-day exploited by ransomware gang

Cleo has released a security patch to address the critical vulnerability that started getting exploited while still a zero-day to breach internet-facing Cleo Harmony, VLTrader, and LexiCom instances. Version 5.8.0.24 of the three products, which was pushed out on Wednesday,…

27 DDoS-for hire platforms seized by law enforcement

As part of an ongoing international crackdown known as Operation PowerOFF, international law enforcement has seized over two dozen platforms used to carry out Distributed Denial-of-Service (DDoS) attacks. These “booter” (aka “stresser”) sites were used by both cybercriminals and hacktivists…

We must adjust expectations for the CISO role

Cybersecurity has become one of the most high-stakes facets of business operations in the past few years. The chief information security officer (CISO) role, once a back-office function primarily focused on technical oversight, has moved squarely into the executive spotlight.…

Citrix acquires deviceTRUST and Strong Network

With the widespread adoption of hybrid work models, where teams operate across geographical regions on managed and unmanaged devices, every connection and endpoint presents a potential security risk. Addressing this challenge, Citrix announced the strategic acquisitions of deviceTRUST GmbH and…

Jetico Search locates and manages sensitive data

Jetico launches Search, a PII and sensitive data discovery tool integrated with BCWipe to locate and securely erase files beyond forensic recovery. Addressing the growing demand for effective solutions in data protection, Search integrates discovery capabilities with Jetico’s renowned BCWipe…

Keycloak: Open-source identity and access management

Keycloak is an open-source project for identity and access management (IAM). It provides user federation, strong authentication, user management, authorization, and more. Keycloak is based on standard protocols and supports OpenID Connect, OAuth 2.0, and SAML. Single Sign-On: Users authenticate…

Microsoft enforces defenses preventing NTLM relay attacks

Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. Until NTLM gets disabled by default, Microsoft is working on shoring up defenses against NTLM relay…

BadRAM: $10 hack unlocks AMD encrypted memory

Cybersecurity researchers have identified a vulnerability (CVE-2024-21944, aka BadRAM) affecting ADM processors that can be triggered by rogue memory modules to unlock the chips’ encrypted memory. The SPD chip can be modified using an off-the-shelf microcontroller. The researchers used a…

CyTwist’s detection engine combats AI-generated malware

CyTwist launches its patented detection engine to combat the insidious rise of AI-generated malware. Enhancing an organization’s existing security stack, CyTwist’s solution profiles threat actors using field-proven counterintelligence methodologies and hyper-targeted probability algorithms, resulting in detection of a suspected attack…

Trellix Drive Encryption enhances security against insider attacks

Trellix announced Trellix Drive Encryption upgrades for on-premises and SaaS management. Customers benefit from the flexibility needed for encryption protection deployment to safeguard their data and devices from unauthorized access. “The majority of lost and stolen assets reported this past…

Cato Networks extends SASE-based protection to IoT/OT environments

With the introduction of Cato IoT/OT Security, Cato Networks is enabling enterprises to simplify the management and security of Internet of Things (IoT) and operational technology (OT) devices. Cato IoT/OT Security converges device discovery and classification, policy enforcement, and threat…

Open source malware up 200% since 2023

Sonatype’s 2024 Open Source Malware Threat Report reveals that the number of malicious packages has surpassed 778,500 since tracking began in 2019. In 2024, researchers examined how threat actors leverage malicious open-source packages to target developers, particularly as enterprises increasingly…

Why crisis simulations fail and how to fix them

In this Help Net Security interview, Allison Ritter, Head of Cyber Experiential Exercising at Cyberbit, shares her insights on the key differences between in-person and virtual cyber crisis simulations and what makes each approach effective. Ritter highlights the need for…

Containers have 600+ vulnerabilities on average

Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are struggling to get container security right. Issues from misconfigured clouds, containers, and networks to uncertainty over who owns container security…

Microsoft fixes exploited zero-day (CVE-2024-49138)

On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code with higher privileges. CVE-2024-49138 exploited by attackers CVE-2024-49138 stems from…

Stamus Networks Clear NDR uncovers unauthorized activity

Stamus Networks announced Clear NDR, an open and transparent NDR system that empowers cyber defenders to uncover and stop serious threats and unauthorized activity before they cause harm to the organization. It can be deployed as a standalone NDR solution…

Versa Endpoint DLP prevents data exfiltration

Versa announced Versa Endpoint DLP, an integrated endpoint data loss prevention (DLP) capability delivered by the Versa SASE Client as part of the VersaONE Universal SASE Platform. The endpoint DLP feature provides the widest range of data exfiltration prevention capabilities…

Preventing data leakage in low-node/no-code environments

Low-code/no-code (LCNC) platforms enable application development by citizen developers, often generating “shadow engineering” projects that evade security oversight. While LCNC solutions like Power BI reports and automated workflows foster agility and innovation, they also introduce significant risks, including data leakage.…

Cybersecurity jobs available right now: December 10, 2024

Cloud Security Engineer Sendbird | USA | Hybrid – View job details As a Cloud Security Engineer, you will work with engineering teams to build secure infrastructure at scale, secure multi-account and multi-cloud infrastructure for Sendbird, own CSPM and cloud…

Microsoft: “Hack” this LLM-powered service and get paid

Microsoft, in collaboration with the Institute of Science and Technology Australia and ETH Zurich, has announced the LLMail-Inject Challenge, a competition to test and improve defenses against prompt injection attacks. The setup and the challenge LLMail is a simulated email…

Skyhigh Security strengthens data protection for Microsoft Copilot

Skyhigh Security announced the expansion of its purpose-built data protection capabilities to secure Microsoft Copilot, the fastest-growing AI solution in the enterprise. This latest milestone underscores Skyhigh Security’s commitment to enabling safe AI adoption, building on a series of strategic…

RSA expands phishing-resistant, passwordless capabilities

RSA announced expanded phishing-resistant, passwordless capabilities. Built to secure financial services organizations, government agencies, healthcare, and other highly-regulated industries from the most frequent and highest-impact attacks, these new RSA capabilities meet the most stringent cybersecurity regulations and are a key…

Extreme Platform ONE integrates networking and security with AI

Extreme Networks unveiled Extreme Platform ONE, a technology platform that reduces the complexity for enterprises by seamlessly integrating networking, security and AI solutions. The platform’s AI-powered automation includes conversational, interactive and autonomous AI agents—to assist, advise and accelerate the productivity…

8Base hacked port operating company Luka Rijeka

Luka Rijeka, a company that offers maritime transport, port, storage of goods and forwarding services in Rijeka, Croatia, has been hacked by the 8Base ransomware group. The group claimed the attack on their dark web data leak site and professed…

TPM 2.0: The new standard for secure firmware

Connected devices are better protected from cyberattacks and less likely to be compromised by errors thanks to the new TPM 2.0 specification from the Trusted Computing Group (TCG). Manufacturers attach a Trusted Platform Module (TPM) to a device to help…

Top cybersecurity books for your holiday gift list

The holiday season is approaching, and with it, the tradition of gift-giving. For professionals and enthusiasts alike, a well-chosen book can provide both knowledge and inspiration. To help with ideas on what to give, we’ve compiled a list of cybersecurity…

What makes for a fulfilled cybersecurity career

In this Help Net Security video, Richard Hummel, NETSCOUT’s Director of Threat Intelligence, talks about his journey into cybersecurity and offers insight for those that are interested in pursuing it as a career. The post What makes for a fulfilled…

Businesses plagued by constant stream of malicious emails

36.9% of all emails received by businesses (20.5 billion) in 2024 were unwanted, according to Hornetsecurity’s analysis of 55.6+ billion emails processed through their security services between November 1, 2023 and October 31, 2024 – and 2.3% of those contained…