Category: Help Net Security

Secure collaboration through access-sharing is a must-have feature in almost any modern application, from requesting to edit a document or viewing a widget in a dashboard to submitting wire transfers for approval. With “Permit Share-If,” developers no longer need to…

Read more →

GitGuardian releases a tool to help companies discover how many secrets their developers have leaked on public GitHub, both company-related and personal. Even if your organization doesn’t engage in open source, your developers or subcontractors may inadvertently leak sensitive information…

Read more →

In this Help Net Security interview, Karthik Swarnam, Chief Security and Trust Officer at ArmorCode, discusses key metrics and KPIs to measure cybersecurity ROI. Swarnam shares strategies for enhancing ROI through proactive measures and effective communication with executive leadership. What…

Read more →

Applied Cryptographer Quantstamp | EMEA | Remote – View job details As an Applied Cryptographer, you will research about various cryptographic protocols and have knowledge of cryptographic primitives or concepts, like elliptic curve cryptography, hash functions, and PCPs. You should…

Read more →

Infisical is an open-source secret management platform developers use to centralize application configurations and secrets, such as API keys and database credentials, while also managing their internal PKI. In addition to managing secrets with Infisical, you can scan your files,…

Read more →

91% of respondents say their security budget is increasing this year, demonstrating a growing recognition of the importance of cybersecurity within organizations, according to Seemplicity. Vendor environments introduce complexity and fragmentation Seemplicity surveyed 300 US cybersecurity professionals to gauge perceptions…

Read more →

LOKKER released a new privacy solution for insurers: the ability to share on-demand web privacy risk reports with their insureds. These reports give insurers and the insured companies a simple view of their data privacy risk profile in eight different…

Read more →

Ketch launched its No-Code Rights Automation product, designed to make it easy for non-technical teams to comply with consumer requests for data deletion and access. This includes the full business process from receiving the consumer request, to pulling data from…

Read more →

Strata Identity announced Identity Continuity, an addition to its Maverics Identity Orchestration platform. This new premium offering ensures business continuity and uninterrupted application access by seamlessly failing over from a primary cloud Identity Provider (IDP) to a secondary IDP, using…

Read more →

Secure Code Warrior introduced SCW Trust Agent – a solution that assesses the specific security competencies of developers for every code commit. This innovative offering enables CISOs and application security (AppSec) teams to embrace a Secure-by-Design approach with deeper visibility…

Read more →

When it comes to the cyber threat landscape, change is the only constant: the inevitable interplay between cybercriminals and law enforcement agencies makes it inevitable. Europol’s recently released Internet Organised Crime Threat Assessment (IOCTA) 2024 report covers events – law…

Read more →

ESET researchers discovered a zero-day exploit, which targets the Telegram app for Android, that appeared for sale for an unspecified price in an underground forum post from June 2024. Example of how the EvilVideo exploit appears on Telegram (source: ESET)…

Read more →

Gcore has secured $60 million in Series A funding from institutional and strategic investors. Led by Wargaming, and with participation from Constructor Capital and Han River Partners, this marks the company’s first external capital raise since its inception more than…

Read more →

As organizations increasingly adopt third-party AI tools to streamline operations and gain a competitive edge, they also invite a host of new risks. Many companies are unprepared, lacking clear policies and adequate employee training to mitigate these new dangers. AI…

Read more →

The fintech market is experiencing a swift transformation driven by emerging technologies like Open Finance and GenAI, as highlighted by Juniper Research. This evolution is compounded by intense competition to become customers’ preferred choice, making the market more competitive and…

Read more →

In this Help Net Security video, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the key findings of their recent annual SaaS Security Survey Report, conducted in partnership with the Cloud Security Alliance (CSA). Seventy percent of organizations have…

Read more →

In this Help Net Security interview, Anand Pashupathy, VP & GM, Security Software & Services Division at Intel, explains how Intel’s approach to confidential computing, particularly at the silicon level, enhances data protection for AI applications and how collaborations with…

Read more →

Heeler Security announced the successful closing of an $8.5 million Seed Series funding round, led by Norwest Venture Partners with significant participation from Storm Ventures. “Application security requires a new approach that focuses on runtime visibility and that’s exactly what…

Read more →

By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for Crowdstrike Falcon Sensors that threw Windows hosts into a blue-screen-of-death…

Read more →

In this Help Net Security interview, Saira Jesani, Executive Director of the Data & Trust Alliance, discusses the role of data provenance in AI trustworthiness and its impact on AI models’ performance and reliability. Jesani highlights the collaborative process behind…

Read more →

Digitalization has evolved into a systemic risk for organizations – and, therefore, cyber insurers. With the global cost of cybercrime skyrocketing, something has to change. In this Help Net Security video, Vishaal Hariprasad, CEO at Resilience, discusses how cyber insurance…

Read more →

Shuffle is an open-source automation platform designed by and for security professionals. While security operations are inherently complex, Shuffle simplifies the process. It’s designed to integrate with Managed Security Service Providers (MSSPs) and other service providers. Key features Feature-rich workflow…

Read more →

ESET Research has discovered a sophisticated Chinese browser injector: a signed, vulnerable, ad-injecting driver from a mysterious Chinese company. This threat, which ESET dubbed HotPage, comes self-contained in an executable file that installs its main driver and injects libraries into…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Faulty CrowdStrike update takes out Windows machines worldwide Thousands and possibly millions of Windows computers and servers worldwide have been made inoperable by a faulty…

Read more →

The world is 16+ hours into what looks like the biggest IT outage in history, triggered by a defective update for Crowdstrike endpoint security software for Windows machines. The price of both Crowdstrike’s and Microsoft’s shares has tumbled down as…

Read more →

The world is 16+ hours into what looks like the biggest IT outage in history, triggered by a defective update for Crowdstrike endpoint security software for Windows machines. The price of both Crowdstrike’s and Microsoft’s shares has tumbled down as…

Read more →

Forcepoint unveils its comprehensive GenAI Security solution, offering visibility, control, and risk-based data protection across generative AI platforms, including integration with OpenAI’s ChatGPT Enterprise Compliance API. Part of Forcepoint’s mission to deliver ‘data security everywhere,’ this solution empowers businesses and…

Read more →

Netskope announced an integration with OpenAI‘s ChatGPT Enterprise Compliance API to deliver API-enabled controls that bolster security and compliance for enterprise organizations using generative AI (genAI) applications. Through this integration with the ChatGPT Enterprise, the Netskope One platform provides organizations…

Read more →

Thousands and possibly millions of Windows computers and servers worldwide have been made inoperable by a faulty update of Crowdstrike Falcon Sensors, and the outage affected transport, broadcast, financial, retail and other organizations have been affected in Europe, Australia, the…

Read more →

Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security, according to OpenSSF and the Linux Foundation. Despite this, many developers lack the essential knowledge and skills to effectively implement secure software development. Lack of…

Read more →

As GenAI models used for natural language processing, image generation, and other complex tasks often rely on large datasets that must be transmitted between distributed locations, including data centers and edge devices, WAN optimization is essential for robust deployment of…

Read more →

Cyber threats are advancing quickly in size and sophistication, largely because of the rapid evolution of technology, increasing sophistication of cyber attackers, and the expansion of attack surfaces through interconnected systems and devices, according to Ivanti. Ivanti’s research shows that…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from AuditBoard, BlueVoyant, Druva, Invicti Security, and Rezonate. AuditBoard’s self-assessment tools allow audit teams to maintain focus on their critical work AuditBoard launched out-of-the-box (OOTB) self-assessment…

Read more →

A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers. Several PoC exploits have been published, including one by IT consultant Mohamed Nabil Ali that performs bulk scanning…

Read more →

Pindrop announced it has secured $100 million in debt financing from Hercules Capital. This significant funding will enable Pindrop to further develop its audio, voice, and AI technologies, enhancing its offerings for customers in the banking, finance, contact center, insurance,…

Read more →

NTT DATA unveiled its new Edge AI platform to accelerate IT/OT convergence by bringing AI processing to the edge. By processing data when and where it is generated and unifying diverse IoT devices, systems and data, this unique, fully managed…

Read more →

Cerbos announced the general availability of Cerbos Hub, following a successful beta phase. Cerbos Hub is a managed Policy Administration Point offering for the popular open source authorization product, Cerbos Policy Decision Point (PDP). Cerbos lets teams provide the right…

Read more →

SonicWall launched Cloud Secure Edge (CSE), offering an innovative suite of Zero Trust Access offerings designed specifically for MSPs who are meeting customers with increasingly remote work forces on their cloud migration journeys. With flexible, cost-effective solutions for remote access…

Read more →

The cybercrime-focused enterprise known as FIN7 (aka the Carbanak group) has come up with yet another trick to assure the effectiveness of its “EDR killer” tool, dubbed AvNeutralizer (i.e., AuKill) by researchers. By leveraging Windows’ built-in driver TTD Monitor Driver…

Read more →

CISSP carries clout. As the world’s leading cybersecurity certification, it opens many professional opportunities worldwide. Find out what led 14 successful CISSPs around the globe to a career in cybersecurity. They open up about how certification has helped them realize…

Read more →

BlackBerry launched CylanceMDR Pro, a managed detection and response (MDR) service built on an Open XDR platform powered by AI. Designed to tackle the growing challenges of modern cybersecurity, CylanceMDR Pro overcomes the operational burden facing security teams that must…

Read more →

NETSCOUT introduced its new suite of Business Edge Observability products, including the nGenius Edge Sensor and Remote InfiniStreamNG solutions to deliver IT observability for remote locations at the digital edge. As the prevalence and importance of mission-critical applications and services…

Read more →

Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on its Smart Software Manager On-Prem license servers (CVE-2024-20419). Neither of the flaws are…

Read more →

Waterfall Security launched HERA – Hardware Enforced Remote Access, a new technology designed to enable safe and secure remote access into cyber-physical systems and OT networks. HERA allows organizations to reap the operational and economical value of remotely accessing and…

Read more →

NDAY Security unveiled the latest release to its automated offensive security platform, ATTACKN. This all-in-one platform enables organizations to deploy, monitor, and manage critical offensive security measures, including: Point-in-time Penetration Testing. Penetration Testing as a Service (PTaaS). Continuous Penetration Testing.…

Read more →

AppViewX announced the AppViewX PQC Test Center, which allows organizations to assess their PQC readiness and take steps to achieve PQC resiliency. This free online service enables users to generate and test Quantum-Safe certificates today. Quantum computing has the potential…

Read more →

Aided by the emergence of generative artificial intelligence models, synthetic identity fraud has skyrocketed, and now accounts for a staggering 85% of all identity fraud cases. For security professionals, the challenge lies in staying one step ahead of these evolving…

Read more →

In this Help Net Security interview, Curtis Arnold, VP and Chief Scientist at Core4ce, discusses the starting points for military training in zero trust principles, emphasizing foundational technologies and a unified taxonomy. Arnold provides insights into the DoD’s Zero Trust…

Read more →

Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool. Find vulnerabilities for major operating system packages Alpine Amazon Linux BusyBox CentOS CBL-Mariner Debian Distroless…

Read more →

It’s becoming evident that the legacy practice of signature-based threat detection needs to be improved for cloud security challenges. In this Help Net Security video, Jimmy Mesta, CTO at RAD Security, discusses a new proposed standard for creating behavioral fingerprints…

Read more →

Appgate has unveiled its new Malware Analysis Service that mitigates cyberthreats for enterprises and government agencies by identifying and neutralizing malicious software. Appgate’s Malware Analysis and Research Team now offers two new services that allow resource-constrained security teams to submit…

Read more →

Invicti announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution. The growth of service-based architectures has driven an explosion in APIs, creating yet another expanding attack surface for security teams to address. As…

Read more →

OpenText announced its latest product innovations with Cloud Editions (CE) 24.3. This release represents a significant leap forward in integrating advanced information management capabilities, trusted cloud solutions, robust security measures, and AI to optimize data performance for simpler, but superior,…

Read more →

Red Hat introduced new capabilities and enhancements for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes, as well as the general availability of Red Hat Advanced Cluster Security Cloud Service. The new features, delivered with the general…

Read more →

In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta recommends role-based access…

Read more →

SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain takeover tools. “SubSnipe does some additional verification after the fingerprinting to find candidates more likely…

Read more →

Adversary Emulation Team Member Australian Federal Police | Australia | On-site – View job details As an Adversary Emulation Team Member you will participate in testing and assessment activities in both domestic and international settings. You will gain exposure to…

Read more →

Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose major risks The report found the GitHub Actions marketplace’s security posture to be especially concerning, with…

Read more →

Secureworks launched Taegis ManagedXDR Plus, a new Managed Detection and Response (MDR) offering that liberates the mid-market from indistinct, cookie cutter security solutions that don’t meet their unique security requirements. This announcement means that this market sector will no longer…

Read more →

The Cloud Security Alliance (CSA) demonstrated its commitment to improving its vendor-neutral cloud security training with the release of the Certificate of Cloud Security Knowledge (CCSK) v5, furnishing cloud stakeholders with the skills they need to optimize the protection of…

Read more →

Druva announced new capabilities to help its customers accelerate the investigation and remediation of cyber threats. The new Threat Hunting capability empowers IT and security teams to search their global data footprint for indicators of compromise (IOCs). Druva is also…

Read more →

The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Trend Micro’s Zero…

Read more →

Harmonic Security launched Harmonic Protect which empowers security teams with the tools to protect sensitive data without the headaches of labeling and complex rules. CISOs using Harmonic have coined it “zero-touch data protection” for its unique ability to protect vast…

Read more →

Rezonate unveiled unified coverage from human to non-human identity security (NHI) with comprehensive capabilities: identity inventory and visibility, security posture, compliance, and identity threat detection and response (ITDR). The platform is taking a unified approach to managing both human and…

Read more →

GMO GlobalSign announced updates to its Automated Certificate Management Environment (ACME) service for internal domain certificates, enabling customers to issue GlobalSign IntranetSSL certificates through its ACME service. ACME is an internet protocol designed to enable enterprises to communicate with a…

Read more →

Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: an enduring campaign that aims to infect Facebook users with the SYS01…

Read more →

McAfee announced the appointment of Craig Boundy as President and CEO, effective August 21, 2024. Boundy, a seasoned executive with over 25 years of leadership experience, joins McAfee from Experian where he served as the global Chief Operating Officer, and…

Read more →

In this Help Net Security interview, Seth Hodgson, SVP of Engineering at Udemy, discusses effective study techniques for cybersecurity certification exams. Hodgson discusses the role of study groups, online forums, and professional networks in certification preparation and shares strategies for…

Read more →

It’s been less than 18 months since the public introduction of ChatGPT, which gained 100 million users in less than two months. Given the hype, you would expect enterprise adoption of generative AI to be significant, but it’s been slower…

Read more →

This article provides an overview of the major data breaches we covered in 2024 so far, highlighting incidents involving Trello, AnyDesk, France Travail, Nissan, MITRE, Dropbox, BBC Pension Scheme, TeamViewer, Advance Auto Parts, and AT&T. Find out what led to…

Read more →

A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user–until now. A team of researchers has developed a simple firmware update that can completely hide the Bluetooth fingerprint, eliminating the vulnerability. Bluetooth signals from mobile devices pose…

Read more →

While previous Olympic games have faced cybersecurity threats, the Games of the XXXIII Olympiad, also known as Paris 2024, will see the largest number of threats, the most complex threat landscape, the largest ecosystem of threat actors, and the highest…

Read more →

AuditBoard launched of out-of-the-box (OOTB) self-assessment tools that enable internal auditors to easily assess and streamline conformance with the new Institute of Internal Auditors (IIA) Global Internal Audit Standards (“Standards”) that go into effect January 9th, 2025. These new capabilities…

Read more →

Yubico and Straxis launched a new Secure Web browsing application called MilSecure Mobile. This application can be adopted by any Defense Department (DOD) organization to enable secure access to protected DOD websites and services by service members and government employees…

Read more →

BlueVoyant unveiled its innovative Cyber Defense Platform. The platform integrates internal, external, and supply chain defense solutions into a single, cloud-native platform designed to measure and strengthen cyber defense posture in a cost-effective manner. The mission of security operations teams…

Read more →

The maintainers of the Exim mail transfer agent (MTA) have fixed a critical vulnerability (CVE-2024-39929) that currently affects around 1.5 million public-facing servers and can help attackers deliver malware to users. About CVE-2024-39929 The vulnerability stems from a bug in…

Read more →

The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and API keys – has recently skyrocketed. A steady stream of NHI-related breaches is causing some of the chatter surrounding…

Read more →

Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any size. “Realm is unique in its custom interpreter written in Rust. This allows us to write complex TTPs as code. With…

Read more →

In this Help Net Security interview, Pranava Adduri, CEO at Bedrock Security, discusses how businesses can identify and prioritize their data security risks. Adduri emphasizes the necessity of ongoing monitoring and automation to keep up with evolving threats and maintain…

Read more →

87% of C-Suite executives feel under pressure to implement GenAI solutions at speed and scale, according to RWS. Despite these pressures, 76% expressed an overwhelming excitement across their organization for the potential benefits of GenAI. However, this excitement is tempered…

Read more →

Organizations are ramping up their use of encrypted traffic to lock down data. Could they be making it easier to hide threats in the process? On one hand, encryption means enhanced privacy, but it can also make the job of…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers stole call, text records of “nearly all” of AT&T’s cellular customers Hackers leveraging stolen Snowflake account credentials have stolen records of calls and texts…

Read more →

Hackers leveraging stolen Snowflake account credentials have stolen records of calls and texts made by “nearly all” of AT&T’s cellular customers from May to October 2022, the company has confirmed. “The data does not contain the content of calls or…

Read more →

Personal information of over 2,3 million individuals has been stolen by attackers as part of the massive data grab via compromised Snowflake accounts without MFA protection, Advance Auto Parts has confirmed by filing notices with the attorney general offices in…

Read more →

Gathid announced the release of Version 1.14.0 of its identity governance platform. This latest update introduces new comprehensive export capabilities that enable users to seamlessly establish an identity baseline in minutes with a complete view of their identity and access…

Read more →

Forcepoint announced the promotion of Ryan Windham, Chief Customer and Strategy Officer, to Chief Executive Officer (CEO), succeeding Manny Rivelo, who is retiring from his position as CEO of the company. These transitions will be effective immediately with Rivelo continuing…

Read more →

Most organizations focus on securing routers, servers, firewalls, and other endpoints, but threats can also arise from unfamiliar sources such as third-party networks, which can be used by hackers to attack an organization. Through a strong TPRM framework, companies gain…

Read more →

In this Help Net Security, Ashley Harrington, Director of Cybersecurity at Aspida, discusses the impact of cyberattack on business operations and financial health. Beyond immediate disruptions and financial burdens, cyber incident can severely damage a company’s reputation among customers and…

Read more →

Legal, compliance and privacy leaders list strengthening their personal impact on company strategy as their top priority for 2024, according to Gartner. Improving third party risk management (TPRM), and ensuring compliance programs can keep pace with fast-moving regulatory requirements are…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from AttackIQ, IT-Harvest, Pentera, Prompt Security, and Quantum Xchange. AttackIQ Mission Control simplifies security testing for distributed teams AttackIQ Mission Control enhances AttackIQ Enterprise BAS deployments…

Read more →

Kanguru has unveiled its latest security product line aimed at helping organizations safeguard sensitive data on laptops, tablets, and computers. The new hardware-based internal Self-Encrypting Drives (SEDs) are high-performance solid state drives designed to provide optimal security. These drives are…

Read more →

ScienceLogic announced a series of key updates to its AIOps platform to deliver enhanced reliability and security, enterprise enablement, third-party integration, improved user experience, and greater support for data center needs. The updates include a new integration with Cisco Intersight…

Read more →

Do you use Authy for your multi-factor authentication needs? If you do, you should keep an eye out for phishing attempts, as well as implement defenses against SIM swapping attacks. What happened? On July 1, Twilio – the company that…

Read more →

Prompt Security announced its product and go-to-market support for Managed Security Service Providers (MSSPs). This strategic initiative has already resulted in partnerships with MSSPs across Europe, the Middle East, North America, and the Asia-Pacific region. These partnerships are aimed at…

Read more →

With terms like “AI washing” making their way into mainstream business consciousness, the hype surrounding AI is making it harder to differentiate between the true applications and empty promises of the technology. The quest for tangible business benefits is in…

Read more →

In this Help Net Security interview, Chaim Mazal, Chief Security Officer at Gigamon, discusses cybersecurity preparedness measures for businesses, the impact of international inconsistencies on global operations, and the board’s role in cybersecurity. What are the top cybersecurity preparedness measures…

Read more →

In this Help Net Security video, Aaron Walton, Threat Intel Analyst at Expel, discusses travel scams. For the past 18 months, the Expel SOC team has observed a campaign targeting administrative credentials for Booking.com. The attackers create phishing emails and…

Read more →

This article compiles excerpts from various reports, presenting statistics and insights that could be helpful for CISOs. CISOs becoming more comfortable with risk levels Netskope | The Modern CISO: Bringing Balance | June 2024 Contradicting legacy stereotypes of the CISO…

Read more →

Security Compass announced its SD Elements 2024.2 product release. This release expands on the platform’s AI/ML security content designed to help organizations seamlessly integrate GenAI into their applications while ensuring they are secure and compliant by design. Security Compass has…

Read more →

The US Justice Department (DoJ) has seized two US-based domains used by Russian threat actors to create fake profiles on X (formerly Twitter) that would spread disinformation in the United States and abroad. This bot farm was created and operated…

Read more →