Category: Help Net Security

TPM 2.0: The new standard for secure firmware

Connected devices are better protected from cyberattacks and less likely to be compromised by errors thanks to the new TPM 2.0 specification from the Trusted Computing Group (TCG). Manufacturers attach a Trusted Platform Module (TPM) to a device to help…

Top cybersecurity books for your holiday gift list

The holiday season is approaching, and with it, the tradition of gift-giving. For professionals and enthusiasts alike, a well-chosen book can provide both knowledge and inspiration. To help with ideas on what to give, we’ve compiled a list of cybersecurity…

What makes for a fulfilled cybersecurity career

In this Help Net Security video, Richard Hummel, NETSCOUT’s Director of Threat Intelligence, talks about his journey into cybersecurity and offers insight for those that are interested in pursuing it as a career. The post What makes for a fulfilled…

Businesses plagued by constant stream of malicious emails

36.9% of all emails received by businesses (20.5 billion) in 2024 were unwanted, according to Hornetsecurity’s analysis of 55.6+ billion emails processed through their security services between November 1, 2023 and October 31, 2024 – and 2.3% of those contained…

Resecurity introduces AI-powered GSOC at NATO Edge 2024

Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC) during NATO Edge 2024, the NATO Communications and Information Agency’s flagship conference. This year’s event, held from December 3 to 5, emphasized emerging technologies in…

Echoworx enhances secure access to encrypted messages

Echoworx announced the addition of 2-Step Verification (2SV) when using OAuth and Passkeys for authentication for encrypted messages. This latest enhancement offers organizations an additional layer of security, addressing the growing demand for identity-first security measures during a time of…

How to choose secure, verifiable technologies?

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published a guidance document titled Choosing Secure and Verifiable Technologies, compiled to assist organizations in making informed decisions when procuring software (proprietary or open source), hardware (e.g., IoT devices),…

Building a robust security posture with limited resources

In this Help Net Security interview, Gareth Lindahl-Wise, CISO at Ontinue, discusses how business leaders can align innovation with cybersecurity, tackle the risks posed by legacy systems, and build defenses for startups. Lindahl-Wise also highlights collaboration and strategic planning as…

Teenagers leading new wave of cybercrime

Global data breaches show no signs of slowing down as this year has already exceeded 2023 in the number of data breaches and consumers impacted, according to Experian. Younger cybercriminals on the rise Today, the world of cyber hacking is…

New infosec products of the week: December 6, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Datadog, Fortinet, Radiant Logic, Sweet Security, Tenable, and Veza. FortiAppSec Cloud simplifies web application security management With FortiAppSec Cloud, customers have deep visibility and control…

Law enforcement shuts down Manson Market cybercrime marketplace

Europol has supported the dismantling of a sophisticated criminal network responsible for facilitating large-scale online fraud. In an operation led by the Hanover Police Department (Polizeidirektion Hannover) and the Verden Public Prosecutor’s Office (Staatsanwaltschaft Verden) in Germany, and supported by…

Mitek Digital Fraud Defender combats AI generated fraud

Mitek announced Digital Fraud Defender (DFD), an advanced, multi-layered solution to safeguard digital identity verification processes against sophisticated AI-enabled fraud tactics. Designed for financial institutions, fintech, online gaming providers, and enterprises requiring remote identity verification, the new suite addresses the…

Mitel MiCollab zero-day and PoC exploit unveiled

A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr researcher Sonny Macdonald has disclosed, and followed up by releasing a proof-of-concept (PoC) exploit that chains together this zero-day file…

Netography introduces AI-powered ransomware detection capabilities

Netography announced new ransomware detection capabilities that enable organizations to respond to malicious activity in real-time before it disrupts operations or threatens business continuity. These AI-powered enhancements enable Fusion customers to close the network observability and security gaps caused by…

The Ultimate Guide to the CCSP

Even the brightest minds benefit from guidance on the journey to success. The Ultimate Guide to the CCSP covers everything you need to know about the world’s leading cloud security certification. Learn how CCSP – and ISC2 – can help…

LogicGate helps organizations quantify the value of GRC programs

LogicGate introduced the Governance, Risk, and Compliance (GRC) Program Value Realization Tool, available to customers through the Risk Cloud platform. This new tool provides visibility into the financial value of GRC by automatically tracking key program initiatives in real-time. These…

Tenable Patch Management prevents problematic updates

Tenable released Tenable Patch Management, an autonomous patch solution built to close vulnerability exposures in a unified solution. A strategic partnership and integration with Adaptiva, a global leader in autonomous endpoint management, provides the foundation of the solution. Vulnerability remediation…

Building trust in tokenized economies

As the tokenized economy expands, the digital landscape is reshaped by decentralized systems and new forms of asset ownership. In this Help Net Security video, Jeremy Bradley, COO of Zama, explores the emerging privacy-preserving technologies that can help solve this…

How widespread is mercenary spyware?

A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results of the hunt Earlier this year, iVerify added a threat…

FortiAppSec Cloud simplifies web application security management

Fortinet announced FortiAppSec Cloud, a new cloud-delivered platform that integrates key web application security and performance management tools into a single offering. The platform streamlines web and API security, advanced bot defense, and global server load balancing, among other capabilities,…

Phishers send corrupted documents to bypass email security

Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last week about email campaigns luring users with promises of payments, benefits and end-of-the-year…

Sweet Security helps organizations protect their cloud environments

Sweet Security introduces unified Cloud Native Detection and Response platform, designed to transform the way organizations protect their cloud environments in real time. Sweet’s platform integrates the capabilities of Application Detection and Response (ADR), Cloud Detection and Response (CDR), and…

US government, energy sector contractor hit by ransomware

ENGlobal, a Texas-based engineering and automation contractor for companies in the energy sector, has had its data encrypted by attackers. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. The preliminary investigation has revealed that…

Treat AI like a human: Redefining cybersecurity

In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professionals use AI tools. He discusses how this shift encourages a more collaborative approach while acknowledging AI’s…

Cybersecurity jobs available right now: December 3, 2024

Application Security Engineer TE Connectivity | USA | Remote – View job details As an Application Security Engineer, you will design, develop, and implement a robust Application Security program. Create and maintain application security policies, standards, and procedures. Participate in…

Best practices for staying cyber secure during the holidays

In this Help Net Security video, Sean Tufts, managing partner for critical infrastructure and operational technology at Optiv, discusses best practices for keeping businesses secure amidst a barrage of threats during the holiday season. Pause large changes in your security…

The shocking speed of AWS key exploitation

It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them. Clutch Security researchers performed a test to…

Datadog Cloud SIEM accelerates security investigations

Datadog announced its modern approach to Cloud SIEM, which doesn’t require dedicated staff or specialized teams to activate the solution. This approach makes it easy for teams to onboard, de-risk migrations and democratize security practices while disrupting traditional models, which…

AWS offers incident response service

Amazon Web Services (AWS) has launched a new service to help organizations prepare for and recover from ransomware attacks, account takeovers, data breaches, and other security events: AWS Security Incident Response (SIR). Creating a case (Source: AWS) AWS Security Incident…

Veracode unveils innovations for secure software development

Veracode announced innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem. The latest enhancements in Veracode Fix and Veracode Risk Manager, formerly known as Longbow Security, give developers the ability to build software,…

5 reasons to double down on network security

Cybersecurity programs have evolved significantly over the past few decades. The advent of cloud computing shattered the conventional corporate perimeter, forcing organizations to update their defense strategies. Today, with the rise of work-from-anywhere and bring-your-own-device (BYOD) policies as well as…

How AI is transforming human risk management

While human error has always posed a cybersecurity risk, AI and emerging tech are playing an evolving role in Human Risk Management – uncovering new needs, challenges, and pain points. In this Help Net Security video, Bret Fund, SVP and…

Data scientists create tool to spot fake images

Pixelator v2 is a tool to spot fake images. It uses a new combination of image veracity techniques with capability beyond what can be seen by the human eye. It can identify subtle differences in images with greater accuracy than…

Modernizing incident response in the AI era

In this Help Net Security video, Gourav Nagar, Director of Information Security at Bill, discusses modernizing incident response in the era of AI and the cloud: Why this issue is important for organizations looking to stay ahead of rapidly evolving…

AI-based tools designed for criminal activity are in high demand

Multiple regional conflicts, such as Russia’s continued invasion of Ukraine and the Israel-Hamas conflict, have resulted in a surge in cyberattacks and hacktivist activities, according to Trellix. AI-driven ransomware boosts cybercrime tactics The research examines an increasingly complex ransomware ecosystem…

Infosec products of the month: November 2024

Here’s a look at the most interesting products from the past month, featuring releases from: Absolute, Arkose Labs, Atakama, BlackFog, Eurotech, HiddenLayer, Hornetsecurity, Nirmata, Radware, Rakuten Viber, Symbiotic Security, Tanium, and Vectra AI. Tanium Cloud Workloads provides visibility and protection…

Zyxel Networks SecuPilot simplifies threat analysis and reporting

Zyxel Networks has launched SecuPilot, an AI assistant feature within its SecuReporter Cloud Analytics Service. By leveraging advanced generative AI, SecuPilot enables IT professionals to access actionable network insights, allowing them to identify and respond to security threats. Cut through…

Why cybersecurity leaders trust the MITRE ATT&CK Evaluations

In today’s dynamic threat landscape, security leaders are under constant pressure to make informed choices about which solutions and strategies they employ to protect their organizations. The “MITRE Engenuity ATT&CK Evaluations: Enterprise” stand out as an essential resource for cybersecurity decision…

VPN vulnerabilities, weak credentials fuel ransomware attacks

Attackers leveraging virtual private network (VPN) vulnerabilities and weak passwords for initial access contributed to nearly 30% of ransomware attacks, according to Corvus Insurance. According to the Q3 report, many of these incidents were traced to outdated software or VPN…

Crypto companies are losing ground to deepfake attacks

The crypto sector stands out as the only surveyed industry where deepfake fraud surpasses traditional document fraud in prevalence, according to Regula. Crypto companies suffer significant losses from fraud The study finds that 57% of crypto companies report audio deepfake…

Ransomware payments are now a critical business decision

Despite the efforts of law enforcement agencies to stop and bring to justice those responsible for ransomware attacks, the situation is not improving. While authorities do not recommend making a ransomware payment, some companies are forced to make that choice…

Zero-day data security

In this Help Net Security video, Carl Froggett, CIO of Deep Instinct, discusses the complexities of modern cloud architectures and why current defenses are falling short. He talks about the rise of zero-day data security and the need for organizations…

Hottest cybersecurity open-source tools of the month: November 2024

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. ScubaGear ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for…

Researchers reveal exploitable flaws in corporate VPN clients

Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. CVE-2024-5921 CVE-2024-5921 affects various versions of Palo Alto’s GlobalProtect App…

CampusGuard Central empowers organizations to manage PCI DSS compliance

CampusGuard announced CampusGuard Central, its dynamic customer compliance portal. CampusGuard Central empowers organizations to manage PCI DSS compliance across their enterprise with a single, user-friendly tool. Central’s latest release includes the following enhancements: Updated user interface: Hide or expand the…

Cybersecurity jobs available right now: November 26, 2024

Application Security Engineer Agoda | UAE | Hybrid – View job details As an Application Security Engineer, you will develop and design application-level security controls and standards. Perform application security design reviews against new products and services. Track and prioritize…

Domain security posture of Forbes Global 2000 companies

In this Help Net Security video, Vincent D’Angelo, Global Director of Corporate Development and Strategic Alliances with CSC, analyzes the domain security of the Forbes Global 2000. CSC’s 2024 Domain Security Report analyzes the highest and lowest-performing industries based on…

Faraway Russian hackers breached US organization via Wi-Fi

Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network. The repeated attacks Volexity, a…

Wireshark 4.4.2: Security updates, bug fixes, updated protocol support

Wireshark, the popular network protocol analyzer, has reached version 4.4.2. It is used for troubleshooting, analysis, development and education. The following vulnerabilities have been fixed: wnpa-sec-2024-14 FiveCo RAP dissector infinite loop. wnpa-sec-2024-15 ECMP dissector crash. Updated protocol support: ARTNET, ASN.1…

AI Kuru, cybersecurity and quantum computing

As we continue to delegate more infrastructure operations to artificial intelligence (AI), quantum computers are advancing towards Q-day (i.e., the day when quantum computers can break current encryption methods). This could compromise the security of digital communications, as well as…

Assessing AI risks before implementation

In this Help Net Security video, Frank Kim, SANS Institute Fellow, explains why more enterprises must consider many challenges before implementing advanced technology in their platforms. Without adequately assessing and understanding the risks accompanying AI integration, organizations will not be…

Deploy a SOC using Kali Linux in AWS

The Kali SOC in AWS project enables the deployment of a Security Operations Center (SOC) in AWS, utilizing the Kali Linux toolset for purple team activities. This environment is ideal for honing skills in security operations, threat detection, incident response,…