Category: Help Net Security

A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect their wallets, TradingView has reported. The pop-up (Source: Lottie Player…

Read more →

In this Help Net Security interview, Miguel Guevara, Product Manager, Privacy Safety and Security at Google, discusses the complexities involved in scaling differential privacy technology across large systems. He emphasizes the need to develop secure, private, and user-controlled products while…

Read more →

Cost savings and business benefits were quantified in “The Total Economic Impact of Cynet All-in-One Security,” a commissioned study conducted by Forrester Consulting on behalf of Cynet in October 2024. The Total Economic Impact Study framework helps organizations understand the…

Read more →

North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo Alto Networks) The attack…

Read more →

Claro Enterprise Solutions launched Collaboration Security Management solution. This comprehensive service addresses critical security challenges related to file sharing, data loss events, or unknown shadow users, faced by organizations using Microsoft 365. As remote and hybrid work models become the…

Read more →

Yet again, connected devices are in the news for all the wrong reasons. In October, security researchers found that robot vacuums from Chinese company, Ecovacs, can be compromised via a backdoor. In one case, hackers gained control over the device…

Read more →

In this Help Net Security interview, Lior Div, CEO at Seven AI, discusses the concept of agentic AI and its application in cybersecurity. He explains how it differs from traditional automated security systems by offering greater autonomy and decision-making capabilities.…

Read more →

The most common challenge for CISOs is resource constraints: not enough staff, budget or technology to support the security program needed or meet compliance requirements, according to DirectDefense. Cybersecurity industry faces ongoing talent shortage The World Economic Forum claims there’s…

Read more →

A recent Vectra AI report highlights a growing distrust of threat detection tools. 47% of respondents note they do not trust their tools to work the way they need them to. Moreover, 60% of SOC practitioners say security vendors flood…

Read more →

XM Cyber launched its innovative Vulnerability Risk Management (VRM) solution, extending its Continuous Exposure Management Platform. This new approach to vulnerability management empowers organizations to see through the fog of false positives left behind by legacy vulnerability assessment tools and…

Read more →

Immuta announced an expansion of its platform with the launch of a new Data Marketplace solution to power fast and safe internal data sharing. Fueling a data marketplace that is owned and managed by the customer, the Immuta Platform enables…

Read more →

Neon, the serverless Postgres database built for developers, launched Neon Authorize. It enables developers to manage permissions and access controls with ease. This new offering leverages Postgres RLS (Row-Level Security) – a Postgres primitive that protects data from malicious actors…

Read more →

A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX and other ransomware. The PSAUX ransom note (Source: LeakIX) The CyberPanel vulnerabilities CyberPanel…

Read more →

With the proliferation of APIs, and the speed at which AI functionality is helping fuel innovation, a strategic approach for securing APIs is no longer a nice to have, it’s a criticality. Without a proactive approach, your APIs could become…

Read more →

Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protocol (RDP) configuration file. “Based…

Read more →

Kaseya announced Kaseya 365 User, joining Kaseya 365 Endpoint which launched in April 2024. Kaseya 365 User gives managed service providers (MSPs) the ability to help their customers prevent, respond to and recover from threats to user identity and security.…

Read more →

Seclore announced the extension of its Seclore Enterprise Digital Rights Management (EDRM) capabilities to support neutral or interoperable computer-aided design (CAD) files for industries that create, manage, and share intellectual property (IP). The support for neutral CAD files creates better…

Read more →

In this Help Net Security interview, Carla Roncato, VP of Identity at WatchGuard Technologies, discusses how companies can balance privacy, security, and usability in digital identity systems. She emphasizes modern techniques like biometrics and passkeys to replace knowledge-based authentication methods…

Read more →

Cybersecurity is an overly reactive industry. Too often we act like firefighters, rushing from blaze to blaze, extinguishing flames hoping to keep the damage to a minimum, rather than fire suppression experts designing environments that refuse to burn. Just consider…

Read more →

Medical practices remain vulnerable to cyberattacks, with over a third unable to cite a cybersecurity incident response plan, according to Software Advice. This gap exposes healthcare providers to risks of patient data breaches, HIPAA violations, financial penalties, and patient safety…

Read more →

The identity of a suspected developer and administrator of the Redline malware-as-a-service operation has been revealed: Russian national Maxim Rudometov. Infrastructure takedown As promised on Monday when they announced the disruption of the Redline and Meta infostealer operations, law enforcement…

Read more →

Kentik launched The Cloud Latency Map, a free public tool allowing anyone to explore the latencies measured between over 100 cloud regions worldwide. Users can identify recent changes in latencies globally between various public clouds and data center regions for…

Read more →

Securiti released Gencore AI, a holistic solution to easily build safe, enterprise-grade GenAI systems, copilots and AI agents. This new solution accelerates GenAI adoption in the enterprise by making it easy to build unstructured and structured data + AI pipelines…

Read more →

Aviatrix unveiled new features and functionality designed to fill critical cloud network security gaps in cloud environments. With its latest software release and introduction of new features, including the Hybrid Cloud Transit and Distributed Cloud Firewall (DCF) integration with enhanced…

Read more →

Zenity announced they have received $38 million in Series B funding co-led by Third Point Ventures and DTCP, pushing the total capital raised to over $55 million. It follows the recent strategic investment by Microsoft’s venture arm, M12, with strong…

Read more →

Crooks are leveraging the event management and ticketing website Eventbrite to deliver their phishing emails to potential targets. “Since July, these attacks have increased 25% week over week, resulting in a total growth rate of 900%,” Perception Point researchers say.…

Read more →

Corero Network Security launched a new cloud-based availability protection platform, CORE. CORE by Corero Network Security is a cloud-based availability protection platform designed to seamlessly enhance a company’s existing security infrastructure. It delivers advanced defense, leveraging existing infrastructure, offering flexibility…

Read more →

Akamai launched new capabilities to its Account Protector security solution. These enhancements are designed to safeguard user accounts against abuse throughout their entire lifecycle and provide advanced protection against account opening abuse, account takeover attacks, and other attack schemes. The…

Read more →

Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes file still affects Microsoft’s operating system, 0patch researchers have discovered. The path to discovery The story starts…

Read more →

PIXM Security launched its new Managed Service Provider (MSP) program for zero-day phishing protection. With over 500,000 end users already protected, PIXM shields MSPs and their customers from credential theft and zero-day phishing attacks that can lead to malware and…

Read more →

In this Help Net Security interview, security researchers Specter and ChendoChap discuss gaming consoles’ unique security model, highlighting how it differs from other consumer devices. They also share their thoughts on how advancements in console security could shape future consumer…

Read more →

API Gateway Security Engineer Ness Technologies | Israel | Hybrid – View job details As an API Gateway Security Engineer, you will be responsible for managing and implementing API Gateway solutions with a strong focus on information security. Your responsibilities…

Read more →

EmberOT’s OT PCAP Analyzer, developed for the industrial security community, is a free tool providing a high-level overview of the devices and protocols in packet capture files. “The OT PCAP Analyzer was designed specifically with critical OT environments in mind.…

Read more →

In this Help Net Security video, John Bennett, CEO at Dashlane, discusses their recent Global Password Health Score Report, detailing the global state of password health and hygiene. Poor security habits like password reuse remain widespread. With passwordless technologies like…

Read more →

55% of organizations say the security risks for their business have never been higher, according to Vanta. Yet the average company only dedicates 11% of its IT budget to security — far from the ideal allocation of 17%, according to…

Read more →

Black Basta ransomware affiliates are still trying to trick enterprise employees into installing remote access tool by posing as help desk workers, now also via Microsoft Teams. Phishing via MS Teams Earlier this year, Rapid7 warned about Black Basta using…

Read more →

Armis announced the close of a $200 million Series D round of investment, increasing its total company valuation to a new high of $4.2 billion. Armis’ latest funding round was led by both top-tier investors General Catalyst and Alkeon Capital,…

Read more →

The Dutch National Police, along with partner law enforcement agencies, has disrupted the operation of the Redline and Meta infostealers and has collected information that may unmask users who paid to leverage the infamous malware. Screenshot of the Redline License…

Read more →

Entrust announced an all-in-one consumer banking platform that allows banks and credit unions to provide high-assurance security throughout the customer lifecycle – from account opening to financial credential issuance to on-going, everyday transactions and interactions. The solution integrates leading AI-driven…

Read more →

Extreme Networks introduced new features within ExtremeCloud Universal Zero Trust Network Access (ZTNA), an identity-based network access solution. Universal ZTNA unifies cloud Network Access Control and ZTNA in a single, easy-to-use SaaS offering, with one zero trust policy engine for…

Read more →

Jumio unveiled Jumio Liveness, an enhanced, in-house technology designed to address increasingly sophisticated fraud tactics. This solution expands beyond traditional presentation attacks, such as paper or screen copies, and employs sophisticated AI models to block advanced threats like injection attacks…

Read more →

Filigran announces the completion of its $35 million Series B fundraise, led by global software investor Insight Partners, with continued support from existing investors Accel and Moonfire. This new round of funding comes just months after the company’s $16 million…

Read more →

In the war against malicious cyber activity, it’s time for security vendors to step in – and it’s not how you might think. CISA Director Jen Easterly put it right at this year’s Black Hat conference: “We got ourselves into…

Read more →

In this Help Net Security interview, Emily Long, CEO at Edera, discusses the most common vulnerabilities in Kubernetes clusters and effective mitigation strategies. Long shares insights on emerging isolation technologies that could enhance Kubernetes security and better protect containerized environments.…

Read more →

Threat actors continue to probe the payments ecosystem for vulnerabilities and were successful in conducting fraud schemes affecting multiple financial institutions, technologies, and processes, according to Visa. The resurgence of physical theft Scammers are going back to basics with an…

Read more →

In this Help Net Security video, Jake King, Head of Threat & Security Intelligence at Elastic, discusses the key findings from the 2024 Elastic Global Threat Report. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike and…

Read more →

The ethical and responsible use of technology is fast becoming part of the mandate for CIOs, as organizations balance the need for progress with the protection of stakeholders’ trust and well-being, according to Gartner. “This year’s top strategic technology trends…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Fortinet releases patches for publicly undisclosed critical FortiManager vulnerability In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix…

Read more →

The Securities and Exchange Commission charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with making materially misleading disclosures regarding cybersecurity risks and intrusions. The SEC also…

Read more →

Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few days, Cisco has released fixes for a slew of vulnerabilities affecting…

Read more →

Proof launched Verify, a live face-to-face experience that delivers high-level assurance with identity verification performed in the presence of an agent, reducing the risk of fraudulent activities such as deepfakes by ensuring that users are legitimate. Organizations and consumers alike…

Read more →

Concentric AI has secured financing of $45 million in a Series B round, bringing the company’s total funding to more than $67 million. The funding round was led by Top Tier Capital Partners and HarbourVest Partners. CyberFuture, a global CISO…

Read more →

AuthenticID released AuthenticID360, its new holistic identity verification platform. AuthenticID360 delivers robust verification and risk signaling capabilities, including a 2-second response time for identity transactions. A unified solution for comprehensive identity verification and risk scoring AuthenticID360 combines ID verification, biometric…

Read more →

Climbing Mount Everest isn’t a feat for the faint hearted. Extreme weather, dangerous terrain and acclimatization requirements make the trek challenging for even the most experienced climbers. It’s estimated that the expedition takes more than two months, on average. That’s…

Read more →

In this Help Net Security video, IEEE member Marc Lijour explains quantum computing and offers insight into how to fend off a quantum computer attack. The post How to fend off a quantum computer attack appeared first on Help Net…

Read more →

In this Help Net Security interview, Michael Daum, Head of Global Cyber Claims for Allianz Commercial, discusses the significant rise in cyber claims in 2024, driven by an increase in data breaches and ransomware attacks. Daum highlights the need for…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Fastly, IBM, Ivanti, Kusari, and Nucleus Security. IBM Guardium Data Security Center protects hybrid cloud and AI IBM Guardium Data Security Center provides a common…

Read more →

Due to widely varying government, risk, and compliance (GRC) tool pricing, enterprise risk management (ERM) leaders must understand four different pricing-tier categories of GRC solutions and apply a scoping framework to further estimate likely costs ahead of vendor selection, according…

Read more →

Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a vulnerability stemming from missing authentication for a critical function in FortiManager’s fgfmd daemon. Remote, unauthenticated attackers…

Read more →

Nucleus Security announced Nucleus POAM Process Automation, a comprehensive solution for federal agencies and their vendors to streamline risk management and automate their Plan of Action and Milestones (POA&M) process. This solution overcomes error-prone and labor-intensive manual processes by automating…

Read more →

F5 announced BIG-IP Next for Kubernetes, an AI application delivery and security solution that equips service providers and large enterprises with a centralized control point to accelerate, secure, and streamline data traffic that flows into and out of large-scale AI…

Read more →

In this Help Net Security interview, John Cohen, Executive Director, Program for Countering Hybrid Threats at the Center for Internet Security, discusses the four pillars of the National Framework for Action, emphasizing how these measures can combat the exploitation of…

Read more →

When building a cybersecurity team, you likely asked yourself, “Should I focus on certifications or real-world skills?” And since you rarely encounter entry-level candidates who can hit the ground running, naturally, you’d consider a candidate with both. But that’s not…

Read more →

Cyber insurance is vital for companies mitigating cyber risks, but the industry still encounters significant challenges, including shifting policy requirements and uncertainty around coverage in the event of an incident. As cyberattacks continue to cause problems for organizations worldwide, it’s…

Read more →

To safeguard your data, Google Chrome uses Safe Browsing to protect you from: harmful websites and extensions, malicious or intrusive advertisements, malware, phishing attacks, and social engineering threats. Safe Browsing scans and evaluates websites to identify potentially harmful sites, which…

Read more →

AI impersonation is now the hardest vector for cybersecurity professionals to protect companies against, according to Teleport. The study, which surveyed 250 senior US and UK decision-makers, shows that social engineering remains one of the top tactics cybercriminals use to…

Read more →

Cofense released new AI-driven spam reduction capabilities to its Phishing Detection and Response (PDR) platform. These enhancements reduce workload so SOC analysts can concentrate on genuine threats that could quickly harm an organization’s revenue or reputation. “As phishing attacks continue…

Read more →

Cofense released new AI-driven spam reduction capabilities to its Phishing Detection and Response (PDR) platform. These enhancements reduce workload so SOC analysts can concentrate on genuine threats that could quickly harm an organization’s revenue or reputation. “As phishing attacks continue…

Read more →

ESET announced its upgraded consumer offering, ESET HOME Security, with new features, such as ESET Folder Guard and Multithread Scanning. These enhancements to ESET HOME Security, as an all-in-one solution for consumers, correspond to the increasing number of advanced, automated, and…

Read more →

Reality Defender announced that its Series A fundraising has been expanded, securing a total of $33 million in capital investment. The expanded fundraising round was led by Illuminate Financial, with additional participation from Booz Allen Ventures, IBM Ventures, the Jefferies…

Read more →

Cohesity introduced a patent-pending visual data exploration capability to Cohesity Gaia, its AI-powered search assistant launched earlier this year. By providing customers with a visual categorization of the themes across documents and files within a data set, the visual data…

Read more →

Stream.Security closed a $30 million Series B funding round led by U.S. Venture Partners, with participation from new investors, Citi Ventures, and existing investors, Energy Impact Partners (EIP), Cervin Ventures, TLV Partners, and Glilot Capital Partners VC. This new round…

Read more →

In this Help Net Security interview, Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), discusses the emerging cyber threats and strategies organizations can use to increase cyber resilience. He emphasizes basic cyber hygiene, security awareness…

Read more →

Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of powerful modules, enabling the exploration of networks, web applications, and security configurations. Argus offers a collection of tools categorized into…

Read more →

Recently, IBM X-Force released its 2024 Cloud Threat Landscape Report. This uses incident data and insights to reveal how attackers successfully compromise organizations by leveraging adversary-in-the-middle (AITM) attacks to bypass multi-factor authentication (MFA). This often leads to business email compromise…

Read more →

Cybersecurity Engineer Texas Instruments | USA | On-site – View job details As a Cybersecurity Engineer, you will design, implement and maintain cybersecurity controls for security tools to help drive zero trust and secure by design principles across complex environments.…

Read more →

As a historically male-dominated industry, many IT companies have been described as having limited career development opportunities for female employees, according to Acronis. Issues like lack of mentorship, inadequate policies for work-life balance, and sometimes even a culture of exclusion…

Read more →

Cranium launched Detect AI, an AI discovery tool at scale. With this launch, Cranium is extending its platform capabilities to include visibility and access across an organization’s AI instances, which enables security and compliance teams to uncover and label all…

Read more →

SailPoint launched SailPoint Machine Identity Security, a new Identity Security Cloud product. SailPoint Machine Identity Security is a dedicated product built specifically for machine accounts such as service accounts and bots. Built on SailPoint Atlas, Machine Identity Security unifies the…

Read more →

By ingesting Software Bill of Materials (SBOM) data – a list of all software components – the Kusari platform presents a timeline of the software to identify where impacts are likely to surface. In creating a single source of truth,…

Read more →

As hybrid cloud-, AI-, and quantum-related risks upend the traditional data security paradigm, IBM is launching IBM Guardium Data Security Center – allowing organizations to protect data in any environment, throughout its full lifecycle, and with unified controls. IBM Guardium Data…

Read more →

cPacket Networks launched Packet Capture cStor 200S, the latest addition to its Packet Capture and analytics portfolio. Engineered to meet the escalating demands of enterprise data centers, high-frequency trading platforms, and mission-critical networks, the Packet Capture cStor 200S delivers 200Gbps…

Read more →

Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by zbl…

Read more →

The convergence of IT and operational technology (OT) and the digital transformation of OT have created new opportunities for innovation and efficiency in critical Industrial Automation and Control Systems. However, these advancements also broaden the potential attack surface, making it…

Read more →

Ivanti introduced Ivanti Neurons for App Control, which safeguards devices from unauthorized applications. In addition, Ivanti released new analytics in the Ivanti Neurons platform and new features for Ivanti Neurons for Patch Management to enhance security and ensure compliance. With…

Read more →

Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and…

Read more →

Fastly released Fastly DDoS Protection to provide automatic protection from Layer 7 and other application-level DDoS attacks. With a click of a button, organizations can enable Fastly DDoS Protection to automatically shield their applications and APIs against highly disruptive data…

Read more →

Government information technology leaders find themselves at a challenging balance point: On one end of the scale are increasing threats from cyber actors, bolstered by advanced technology like artificial intelligence (AI); on the other end is a longstanding commitment to…

Read more →

Phishing scams aimed at voters, malicious domain registrations impersonating candidates, and other threat activity designed to exploit unassuming victims take center stage as the US election approaches, according to Fortinet. “As the 2024 US presidential election approaches, it’s critical to…

Read more →

In this Help Net Security interview, Dr Kathryn Jones, Head of School, Computer Science and Informatics at Cardiff University, discusses the challenges and misconceptions that deter women from pursuing careers in cybersecurity. Dr Jones also outlines the diverse skills, mentorship,…

Read more →

AI adoption and integration has continued its rapid momentum within the hacking community, according to Bugcrowd. Nevertheless, it continues to pose both benefits and unfortunate cyber risks. This year’s report revealed a significant shift in the perceived value of AI…

Read more →

The ultimate guide to AI security: key AI security risks, vulnerabilities and strategies for protection. 61% of companies use AI, but few secure it. This whitepaper covers the key AI risks being overlooked from LLMs to RAG. Inside the Securing…

Read more →

In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. Security updates are trickling out The company, which is known for pushing…

Read more →

Graylog unveiled significant security advancements to drive smarter, faster, and more cost-efficient security operations. The company’s latest capabilities include advanced data routing, asset-based risk scoring, and AI-generated investigation reports. These enhancements, and many others in the Fall 2024 release, help…

Read more →

Ataccama announced Ataccama ONE v15.3, an update to its data management platform that significantly increases the ROI for customers. Ataccama ONE v15.3 empowers data teams to monitor, manage, and utilize data to enhance security and compliance and expand their customer…

Read more →

Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that…

Read more →

In this Help Net Security interview, Ian Swanson, CEO of Protect AI, discusses the concept of “secure AI by design.” By adopting frameworks like Machine Learning Security Operations (MLSecOps) and focusing on transparency, organizations can build resilient AI systems that…

Read more →

A recent Todyl report revealed a 558% increase in BEC (Business Email Compromise), AiTM (Adversary-in-the-Middle), and ATO (Account Takeover) attacks in 2024. In this Help Net Security video, David Langlands, Chief Security Officer at Todyl, discusses these evolving cyber threats.…

Read more →

84% of CISOs believe the role needs to be split into two functions – one technical and one business-focused, to maximize security and organizational resilience, according to Trellix. Regulatory demands pose a growing challenge for CISOs The research reveals insights…

Read more →

SpiderOak launched its core technology platform as an open-source project called Aranya. This release provides the same level of security as the company’s platform, which is already in use by the Department of Defense. The Aranya project marks a turning…

Read more →