Connected devices are better protected from cyberattacks and less likely to be compromised by errors thanks to the new TPM 2.0 specification from the Trusted Computing Group (TCG). Manufacturers attach a Trusted Platform Module (TPM) to a device to help…
Category: Help Net Security
Who handles what? Common misconceptions about SaaS security responsibilities
In this Help Net Security interview, James Dolph, CISO at Guidewire, addresses common misconceptions about security responsibilities in cloud environments, particularly in SaaS, and how these misunderstandings can lead to security risks. What common misconceptions do you encounter about the…
Top cybersecurity books for your holiday gift list
The holiday season is approaching, and with it, the tradition of gift-giving. For professionals and enthusiasts alike, a well-chosen book can provide both knowledge and inspiration. To help with ideas on what to give, we’ve compiled a list of cybersecurity…
What makes for a fulfilled cybersecurity career
In this Help Net Security video, Richard Hummel, NETSCOUT’s Director of Threat Intelligence, talks about his journey into cybersecurity and offers insight for those that are interested in pursuing it as a career. The post What makes for a fulfilled…
Businesses plagued by constant stream of malicious emails
36.9% of all emails received by businesses (20.5 billion) in 2024 were unwanted, according to Hornetsecurity’s analysis of 55.6+ billion emails processed through their security services between November 1, 2023 and October 31, 2024 – and 2.3% of those contained…
Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448)…
Resecurity introduces AI-powered GSOC at NATO Edge 2024
Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC) during NATO Edge 2024, the NATO Communications and Information Agency’s flagship conference. This year’s event, held from December 3 to 5, emphasized emerging technologies in…
Windows, macOS users targeted with crypto-and-info-stealing malware
Downloading anything from the internet is a gamble these days: you might think that you are downloading an innocuous app from a legitimate firm but thanks to clever misuse of AI and some social engineering, you can end up with…
Echoworx enhances secure access to encrypted messages
Echoworx announced the addition of 2-Step Verification (2SV) when using OAuth and Passkeys for authentication for encrypted messages. This latest enhancement offers organizations an additional layer of security, addressing the growing demand for identity-first security measures during a time of…
How to choose secure, verifiable technologies?
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published a guidance document titled Choosing Secure and Verifiable Technologies, compiled to assist organizations in making informed decisions when procuring software (proprietary or open source), hardware (e.g., IoT devices),…
December 2024 Patch Tuesday forecast: The secure future initiative impact
It seems like 2024 just started, but the final Patch Tuesday of the year is almost here! In retrospect, it has been a busy year with continued Windows 11 releases, the new Server 2025 release, and all the patches we’ve…
Building a robust security posture with limited resources
In this Help Net Security interview, Gareth Lindahl-Wise, CISO at Ontinue, discusses how business leaders can align innovation with cybersecurity, tackle the risks posed by legacy systems, and build defenses for startups. Lindahl-Wise also highlights collaboration and strategic planning as…
Teenagers leading new wave of cybercrime
Global data breaches show no signs of slowing down as this year has already exceeded 2023 in the number of data breaches and consumers impacted, according to Experian. Younger cybercriminals on the rise Today, the world of cyber hacking is…
New infosec products of the week: December 6, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Datadog, Fortinet, Radiant Logic, Sweet Security, Tenable, and Veza. FortiAppSec Cloud simplifies web application security management With FortiAppSec Cloud, customers have deep visibility and control…
GenAI makes phishing attacks more believable and cost-effective
GenAI is a powerful tool that can be used by security teams to protect organizations, however, it can also be used by malicious actors, making phishing-related attacks a growing and concerning threat vector, according to Ivanti. Ivanti’s research revealed that…
Law enforcement shuts down Manson Market cybercrime marketplace
Europol has supported the dismantling of a sophisticated criminal network responsible for facilitating large-scale online fraud. In an operation led by the Hanover Police Department (Polizeidirektion Hannover) and the Verden Public Prosecutor’s Office (Staatsanwaltschaft Verden) in Germany, and supported by…
Mitek Digital Fraud Defender combats AI generated fraud
Mitek announced Digital Fraud Defender (DFD), an advanced, multi-layered solution to safeguard digital identity verification processes against sophisticated AI-enabled fraud tactics. Designed for financial institutions, fintech, online gaming providers, and enterprises requiring remote identity verification, the new suite addresses the…
Bitdefender GravityZone XDR enhancements protect business data stored in the cloud
Bitdefender announced enhancements to its GravityZone XDR platform with the addition of its new Business Applications sensor, designed to protect corporate data hosted and stored in cloud-based productivity and collaboration applications. The sensor will initially support Atlassian cloud applications including…
Mitel MiCollab zero-day and PoC exploit unveiled
A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr researcher Sonny Macdonald has disclosed, and followed up by releasing a proof-of-concept (PoC) exploit that chains together this zero-day file…
Netography introduces AI-powered ransomware detection capabilities
Netography announced new ransomware detection capabilities that enable organizations to respond to malicious activity in real-time before it disrupts operations or threatens business continuity. These AI-powered enhancements enable Fusion customers to close the network observability and security gaps caused by…
Middesk Address Risk Insights strengthens onboarding processes
Middesk introduced Address Risk Insights, a critical new addition to its core Know Your Business (KYB) product Verify and its recently introduced risk scoring Signal product. A first for the KYB space, Address Risk Insights helps companies assess the risk…
8 US telcos compromised, FBI advises Americans to use encrypted communications
FBI and Cybersecurity and Infrastructure Security Agency (CISA) officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors that have – and will – burrow into the networks and systems of US…
8+ US telcos compromised, FBI advises Americans to use encrypted communications
FBI and Cybersecurity and Infrastructure Security Agency (CISA) officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors that have – and will – burrow into the networks and systems of US…
SurePath AI Discover classifies AI use by intent and detects sensitive data violations
SurePath AI launched SurePath AI Discover, a new offering that provides visibility into a company’s employee use of public AI services. By classifying AI use by intent and identifying sensitive data violations, companies can better understand the volume, use case,…
The Ultimate Guide to the CCSP
Even the brightest minds benefit from guidance on the journey to success. The Ultimate Guide to the CCSP covers everything you need to know about the world’s leading cloud security certification. Learn how CCSP – and ISC2 – can help…
LogicGate helps organizations quantify the value of GRC programs
LogicGate introduced the Governance, Risk, and Compliance (GRC) Program Value Realization Tool, available to customers through the Risk Cloud platform. This new tool provides visibility into the financial value of GRC by automatically tracking key program initiatives in real-time. These…
Tenable Patch Management prevents problematic updates
Tenable released Tenable Patch Management, an autonomous patch solution built to close vulnerability exposures in a unified solution. A strategic partnership and integration with Adaptiva, a global leader in autonomous endpoint management, provides the foundation of the solution. Vulnerability remediation…
Preparing for Q-day: The essential role of cloud migration in securing enterprise data
As the era of quantum computing draws closer, businesses face a new and unprecedented threat to data security: “Q-day.” This looming turning point—when quantum machines can break traditional encryption with ease—has the potential to upend cybersecurity, rendering current encryption ineffective.…
Building trust in tokenized economies
As the tokenized economy expands, the digital landscape is reshaped by decentralized systems and new forms of asset ownership. In this Help Net Security video, Jeremy Bradley, COO of Zama, explores the emerging privacy-preserving technologies that can help solve this…
How the Shadowserver Foundation helps network defenders with free intelligence feeds
In this Help Net Security interview, Piotr Kijewski, CEO of The Shadowserver Foundation, discusses the organization’s mission to enhance internet security by exposing vulnerabilities, malicious activity, and emerging threats. Kijewski explains the foundation’s automated efforts to track and disrupt cybercrime,…
Solana’s popular web3.js library backdoored in supply chain compromise
A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player supply chain compromise, this attack was reportedly made possible due to compromised (phished)…
How widespread is mercenary spyware?
A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results of the hunt Earlier this year, iVerify added a threat…
AttackIQ Flex 3.0 empowers security teams to take control of their detection strategies
AttackIQ announced AttackIQ Flex 3.0, agentless security control validation that integrates natively with Splunk to deliver a fully seamless user experience. A growing need for efficient and accurate threat detection As cyber threats grow more sophisticated, organizations are struggling to…
FortiAppSec Cloud simplifies web application security management
Fortinet announced FortiAppSec Cloud, a new cloud-delivered platform that integrates key web application security and performance management tools into a single offering. The platform streamlines web and API security, advanced bot defense, and global server load balancing, among other capabilities,…
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)
Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for enterprises. CVE-2024-8785 and the PoC exploit CVE-2024-8785 stems from the incorrect use of a privileged…
Product showcase: Securing Active Directory passwords with Specops Password Policy
Password policies are a cornerstone of cybersecurity for any organization. A good password policy ensures every end user has a strong and unique password, significantly reducing the risk of unauthorized access and data breaches. These policies not only protect sensitive…
How widespread is mercenary spyware? More than you think
A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results of the hunt Earlier this year, iVerify added a “Mobile…
Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)
Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. The vulnerabilities Veeam Service Provider Console is a cloud-enabled platform that allows…
Whitepaper: 9 traits of effective cybersecurity leaders of tomorrow
The cyber world needs your expertise. But the security leaders of tomorrow require a broad set of skills that job experience alone does not arm you with. What do today’s organizations demand? And how can you acquire the technical and…
Police takes down Matrix encrypted chat service used by criminals
A joint investigation team involving French and Dutch authorities has taken down Matrix, yet another end-to-end encrypted chat service created by criminals. Matrix (Source: Dutch Police) The Matrix encrypted chat service Matrix – also know as Mactrix, Totalsec, X-quantum, and…
N2WS platform enhancements improve restore time for enterprises and MSPs
N2WS has unveiled new enhancements to its cloud-native backup and disaster recovery (BDR) platform. These updates empower enterprises and managed service providers (MSPs) to address the growing threats of ransomware and other malicious attacks while cutting operational costs, streamlining cross-cloud…
Phishers send corrupted documents to bypass email security
Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last week about email campaigns luring users with promises of payments, benefits and end-of-the-year…
Sweet Security helps organizations protect their cloud environments
Sweet Security introduces unified Cloud Native Detection and Response platform, designed to transform the way organizations protect their cloud environments in real time. Sweet’s platform integrates the capabilities of Application Detection and Response (ADR), Cloud Detection and Response (CDR), and…
Push Security introduces verified stolen credentials detection capability
Push Security unveiled verified stolen credentials detection capability, a new feature designed to reshape how security teams combat identity threats. By analyzing threat intelligence (TI) on stolen credentials and comparing it against active credentials in customer environments, the Push platform…
US government, energy sector contractor hit by ransomware
ENGlobal, a Texas-based engineering and automation contractor for companies in the energy sector, has had its data encrypted by attackers. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. The preliminary investigation has revealed that…
Thales Data Risk Intelligence identifies risks to sensitive data
Thales launched Data Risk Intelligence, an Imperva Data Security Fabric (DSF) solution that proactively addresses the risks to data wherever it resides. This is the first solution uniting the risk and threat identification capabilities of the Imperva Data Security Fabric…
Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams
Nextcloud has unveiled Nextcloud Talk, an open-source alternative to Microsoft Teams. It’s a privacy-compliant collaboration platform for hybrid teams that gives companies complete control over their data. Nextcloud Talk collaboration software delivers highly secure, GDPR-compliant communication while providing all the…
Treat AI like a human: Redefining cybersecurity
In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professionals use AI tools. He discusses how this shift encourages a more collaborative approach while acknowledging AI’s…
Cybersecurity jobs available right now: December 3, 2024
Application Security Engineer TE Connectivity | USA | Remote – View job details As an Application Security Engineer, you will design, develop, and implement a robust Application Security program. Create and maintain application security policies, standards, and procedures. Participate in…
Best practices for staying cyber secure during the holidays
In this Help Net Security video, Sean Tufts, managing partner for critical infrastructure and operational technology at Optiv, discusses best practices for keeping businesses secure amidst a barrage of threats during the holiday season. Pause large changes in your security…
The shocking speed of AWS key exploitation
It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them. Clutch Security researchers performed a test to…
Datadog Cloud SIEM accelerates security investigations
Datadog announced its modern approach to Cloud SIEM, which doesn’t require dedicated staff or specialized teams to activate the solution. This approach makes it easy for teams to onboard, de-risk migrations and democratize security practices while disrupting traditional models, which…
AWS offers incident response service
Amazon Web Services (AWS) has launched a new service to help organizations prepare for and recover from ransomware attacks, account takeovers, data breaches, and other security events: AWS Security Incident Response (SIR). Creating a case (Source: AWS) AWS Security Incident…
Veracode unveils innovations for secure software development
Veracode announced innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem. The latest enhancements in Veracode Fix and Veracode Risk Manager, formerly known as Longbow Security, give developers the ability to build software,…
Radiant Logic provides continuous identity hygiene assessments via real-time streaming data
Radiant Logic announces the expansion of its central intelligence hub solution, RadiantOne, to now include Identity Observability. Building on the identity security foundation of Identity Data Management and Identity Analytics, Identity Observability allows the world’s most complex organizations to access…
Skyflow protects sensitive data flowing in and out of AI agents
Skyflow unveiled new capabilities for Agentic AI. These allow enterprises to build and deploy AI agents with a security and privacy trust layer with features that include protecting sensitive data flowing in and out of AI agents, auditing & logging,…
$400M seized, 5,500 arrested in global operation targeting cyber fraud
A coordinated international operation involving law enforcement agencies from 40 countries led to the arrest of over 5,500 individuals linked to financial crimes and the confiscation of more than $400 million in virtual assets and government-backed currencies. Officers in Nigeria…
5 reasons to double down on network security
Cybersecurity programs have evolved significantly over the past few decades. The advent of cloud computing shattered the conventional corporate perimeter, forcing organizations to update their defense strategies. Today, with the rise of work-from-anywhere and bring-your-own-device (BYOD) policies as well as…
How AI is transforming human risk management
While human error has always posed a cybersecurity risk, AI and emerging tech are playing an evolving role in Human Risk Management – uncovering new needs, challenges, and pain points. In this Help Net Security video, Bret Fund, SVP and…
Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges
In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that involves the…
Data scientists create tool to spot fake images
Pixelator v2 is a tool to spot fake images. It uses a new combination of image veracity techniques with capability beyond what can be seen by the human eye. It can identify subtle differences in images with greater accuracy than…
Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Researchers reveal exploitable flaws in corporate VPN clients Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate…
The effect of compliance requirements on vulnerability management strategies
In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing vulnerabilities and addressing patching delays. Carter also covers compliance requirements and how automation can streamline vulnerability management processes. Why…
Modernizing incident response in the AI era
In this Help Net Security video, Gourav Nagar, Director of Information Security at Bill, discusses modernizing incident response in the era of AI and the cloud: Why this issue is important for organizations looking to stay ahead of rapidly evolving…
AI-based tools designed for criminal activity are in high demand
Multiple regional conflicts, such as Russia’s continued invasion of Ukraine and the Israel-Hamas conflict, have resulted in a surge in cyberattacks and hacktivist activities, according to Trellix. AI-driven ransomware boosts cybercrime tactics The research examines an increasingly complex ransomware ecosystem…
Infosec products of the month: November 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Absolute, Arkose Labs, Atakama, BlackFog, Eurotech, HiddenLayer, Hornetsecurity, Nirmata, Radware, Rakuten Viber, Symbiotic Security, Tanium, and Vectra AI. Tanium Cloud Workloads provides visibility and protection…
Zyxel Networks SecuPilot simplifies threat analysis and reporting
Zyxel Networks has launched SecuPilot, an AI assistant feature within its SecuReporter Cloud Analytics Service. By leveraging advanced generative AI, SecuPilot enables IT professionals to access actionable network insights, allowing them to identify and respond to security threats. Cut through…
How the role of observability is changing within organizations
In this Help Net Security video, Nic Benders, Chief Technical Strategist at New Relic, discusses the key findings of a recent 2024 Observability Forecast report. The annual survey of 1,700 technology professionals across 16 countries reveals that: IT outages can…
Why cybersecurity leaders trust the MITRE ATT&CK Evaluations
In today’s dynamic threat landscape, security leaders are under constant pressure to make informed choices about which solutions and strategies they employ to protect their organizations. The “MITRE Engenuity ATT&CK Evaluations: Enterprise” stand out as an essential resource for cybersecurity decision…
VPN vulnerabilities, weak credentials fuel ransomware attacks
Attackers leveraging virtual private network (VPN) vulnerabilities and weak passwords for initial access contributed to nearly 30% of ransomware attacks, according to Corvus Insurance. According to the Q3 report, many of these incidents were traced to outdated software or VPN…
Crypto companies are losing ground to deepfake attacks
The crypto sector stands out as the only surveyed industry where deepfake fraud surpasses traditional document fraud in prevalence, according to Regula. Crypto companies suffer significant losses from fraud The study finds that 57% of crypto companies report audio deepfake…
Ransomware payments are now a critical business decision
Despite the efforts of law enforcement agencies to stop and bring to justice those responsible for ransomware attacks, the situation is not improving. While authorities do not recommend making a ransomware payment, some companies are forced to make that choice…
Cybercriminals used a gaming engine to create undetectable malware loader
Threat actors are using an ingenious new way for covertly delivering malware to a wide variety of operating systems and platforms: they have created a malware loader that uses Godot Engine, an open-source game engine. The loader – dubbed GodLoader…
ESET researchers analyze first UEFI bootkit for Linux systems
ESET Research has discovered the first UEFI bootkit designed for Linux systems, named Bootkitty by its creators. Researchers believe this bootkit is likely an initial proof of concept, and based on ESET telemetry, it has not been deployed in the…
QScanner: Linux command-line utility for scanning container images, conducting SCA
QScanner is a Linux command-line utility tailored for scanning container images and performing Software Composition Analysis (SCA). It is compatible with diverse container orchestration systems, container runtimes, and operating systems. QScanner features Instant console results: Scan for vulnerabilities and receive…
Choosing the right secure messaging app for your organization
In this Help Net Security interview, Liad Shnell, CTO at Rakuten Viber, discusses what organizations should look for in secure messaging apps, including encryption, privacy standards, and ease of integration. Shnell also covers the need for a multi-layered approach to…
Supply chain managers underestimate cybersecurity risks in warehouses
32% of warehouse respondents report that social engineering is one of the most-used entry points in warehouse cyberattacks – tied with software vulnerabilities (32%) and followed by devices (19%), according to Ivanti. Cyberattacks on warehouses threaten supply chain stability As…
Zero-day data security
In this Help Net Security video, Carl Froggett, CIO of Deep Instinct, discusses the complexities of modern cloud architectures and why current defenses are falling short. He talks about the rise of zero-day data security and the need for organizations…
Hottest cybersecurity open-source tools of the month: November 2024
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. ScubaGear ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for…
Researchers reveal exploitable flaws in corporate VPN clients
Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. CVE-2024-5921 CVE-2024-5921 affects various versions of Palo Alto’s GlobalProtect App…
Authorities disrupt major cybercrime operation, 1000+ suspects arrested
Authorities across 19 African countries have arrested 1,006 suspects and dismantled 134,089 malicious infrastructures and networks thanks to a joint operation by INTERPOL and AFRIPOL against cybercrime. Results of the operation (Source: INTERPOL) Operation Serengeti Operation Serengeti (2 September –…
Starbucks, grocery stores impacted by Blue Yonder ransomware attack
Supply chain management SaaS vendor Blue Yonder announced on November 21 that it experienced a ransomware attack that impacted its managed services hosted environment. “Since learning of the incident, the Blue Yonder team has been working diligently together with external…
Commvault Clumio Backtrack helps recover data from errors, accidents, or cyberattacks
Commvault announced Clumio Backtrack, a new capability that will enable enterprises to use automation to rapidly revert objects – or pieces of data – stored in Amazon Simple Storage Service (Amazon S3) to a specific version at a specific point…
Black Friday shoppers targeted with thousands of fraudulent online stores
Building fake, fraudulent online stores has never been easier: fraudsters are registering domain names for a pittance, using the SHOPYY e-commerce platform to build the websites, and leveraging large language models (LLMs) to rewrite existing product listings to perfect their…
RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Scheduler, as zero-days earlier this year. “Chaining together two zero-day vulnerabilities armed RomCom…
CampusGuard Central empowers organizations to manage PCI DSS compliance
CampusGuard announced CampusGuard Central, its dynamic customer compliance portal. CampusGuard Central empowers organizations to manage PCI DSS compliance across their enterprise with a single, user-friendly tool. Central’s latest release includes the following enhancements: Updated user interface: Hide or expand the…
Bitwarden enhances inline autofill features to simplify account creation
Bitwarden further strengthened inline autofill capabilities within its browser extension. Users can easily generate and autofill strong, unique passwords for new accounts directly from the inline autofill menu. This update eliminates the need for manual password creation, making account management…
How to recognize employment fraud before it becomes a security issue
The combination of remote work, the latest technologies, and never physically meeting your employees has made it very easy for job applicants to mask their true identities from their employer and commit employment fraud. Motivations for this type of fraud…
Practical strategies to build an inclusive culture in cybersecurity
In this Help Net Security interview, Alona Geckler, Chief of Staff, SVP of Business Operations at Acronis, shares her insights on the diversity environment in the cybersecurity and IT industries. She discusses the progress made over the past two decades,…
Cybersecurity jobs available right now: November 26, 2024
Application Security Engineer Agoda | UAE | Hybrid – View job details As an Application Security Engineer, you will develop and design application-level security controls and standards. Perform application security design reviews against new products and services. Track and prioritize…
Domain security posture of Forbes Global 2000 companies
In this Help Net Security video, Vincent D’Angelo, Global Director of Corporate Development and Strategic Alliances with CSC, analyzes the domain security of the Forbes Global 2000. CSC’s 2024 Domain Security Report analyzes the highest and lowest-performing industries based on…
Faraway Russian hackers breached US organization via Wi-Fi
Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network. The repeated attacks Volexity, a…
Microsoft asks Windows Insiders to try out the controversial Recall feature
Participants of the Windows Insider Program that have a Qualcomm Snapdragon-powered Copilot+ PC can now try out Recall, the infamous snapshot-taking, AI-powered feature that was met with much criticism when it was unveiled earlier this year. “We heard your feedback…
Wireshark 4.4.2: Security updates, bug fixes, updated protocol support
Wireshark, the popular network protocol analyzer, has reached version 4.4.2. It is used for troubleshooting, analysis, development and education. The following vulnerabilities have been fixed: wnpa-sec-2024-14 FiveCo RAP dissector infinite loop. wnpa-sec-2024-15 ECMP dissector crash. Updated protocol support: ARTNET, ASN.1…
AI Kuru, cybersecurity and quantum computing
As we continue to delegate more infrastructure operations to artificial intelligence (AI), quantum computers are advancing towards Q-day (i.e., the day when quantum computers can break current encryption methods). This could compromise the security of digital communications, as well as…
Overcoming legal and organizational challenges in ethical hacking
In this Help Net Security interview, Balázs Pózner, CEO at Hackrate, discusses the essential technical skills for ethical hackers and how they vary across different security domains. He explains how AI and machine learning enhance ethical hacking by streamlining vulnerability…
Assessing AI risks before implementation
In this Help Net Security video, Frank Kim, SANS Institute Fellow, explains why more enterprises must consider many challenges before implementing advanced technology in their platforms. Without adequately assessing and understanding the risks accompanying AI integration, organizations will not be…
Deploy a SOC using Kali Linux in AWS
The Kali SOC in AWS project enables the deployment of a Security Operations Center (SOC) in AWS, utilizing the Kali Linux toolset for purple team activities. This environment is ideal for honing skills in security operations, threat detection, incident response,…
Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 2,000 Palo Alto Networks devices compromised in latest attacks Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days…
SentinelOne AI-SPM detects misconfigurations and vulnerabilities in AI applications
SentinelOne announced new AI security posture management (AI-SPM) capabilities to protect and secure the use of AI services in the workplace. Built on SentinelOne’s Singularity cybersecurity platform, the new offering will expand SentinelOne’s top-rated Singularity Cloud Security portfolio to give…