Fortinet announced the expansion of GenAI capabilities across its product portfolio with the launch of two new integrations with FortiAI, Fortinet’s AI-powered security assistant that uses GenAI to guide, simplify, and automate security analyst activities. “Our commitment to AI innovation…
Category: Help Net Security
Malwarebytes acquires AzireVPN to boost security for customers
Malwarebytes announced the acquisition of AzireVPN, a renowned privacy-focused VPN provider. Malwarebytes has long been a defender of user privacy through its portfolio of consumer solutions, including Malwarebytes Privacy VPN and its free ad and scam blocker web extension Malwarebytes…
Drawbridge simplifies cyber governance for alternative investment firms
Drawbridge is debuting a real-time executive summary of a manager’s cyber risk program. The aim is to enable alternative investment managers (alts managers) to strengthen executive confidence in their firm’s cyber posture by working with their Drawbridge cybersecurity experts. General…
AudioEye Accessibility Protection Status identifies high-impact areas for improvement
AudioEye launched Accessibility Protection Status, a new benchmark in digital accessibility compliance that empowers businesses to achieve better transparency, clarity, and control over their digital accessibility efforts. With a more accurate representation of accessibility efforts beyond arbitrary numerical scores, the…
Industrial companies in Europe targeted with GuLoader
A recent spear-phishing campaign targeting industrial and engineering companies in Europe was aimed at saddling victims with the popular GuLoader downloader and, ultimately, a remote access trojan that would permit attackers to steal information from and access compromised computers whenever…
North Korean hackers employ new tactics to compromise crypto-related businesses
North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, phishing emails seemingly containing helpful information on risks related to the rise of the price of Bitcoin have been…
Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418)
Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) affecting its Ultra-Reliable Wireless Backhaul (URWB) Access Points that can be exploited via a HTTP requests and allows complete compromise of the devices. There are no workarounds to address this flaw,…
Zywave enhances Cyber Quoting to provide insight into coverage limit adequacy and potential loss gaps
Zywave announced an enhancement to its Cyber Quoting solution with the addition of embedded benchmarking. Brokers can now leverage industry data and loss profiles from similar organizations to provide their clients with more sophisticated insight into coverage limit adequacy and…
AWS security essentials for managing compliance, data protection, and threat detection
AWS offers a comprehensive suite of security tools to help organizations manage compliance, protect sensitive data, and detect threats within their environments. From AWS Security Hub and Amazon GuardDuty to Amazon Macie and AWS Config, each tool is vital in…
How AI will shape the next generation of cyber threats
In this Help Net Security interview, Buzz Hillestad, CISO at Prismatic, discusses how AI’s advancement reshapes cybercriminal skillsets and lowers entry barriers for potential attackers. Hillestad highlights that, as AI tools become more accessible, organizations must adapt their defenses to…
Consumer privacy risks of data aggregation: What should organizations do?
In September 2024, the Federal Trade Commission (FTC) released an eye-opening report that digs into the data habits of nine major tech giants, including Amazon (Twitch), ByteDance (TikTok), Discord, Facebook, Reddit, Snap, Twitter, WhatsApp, and YouTube. The findings reveal extensive,…
Atakama introduces DNS filtering designed for MSPs
Atakama announced the latest expansion of its Managed Browser Security Platform, introducing DNS filtering explicitly designed for Managed Service Providers (MSPs). This new feature enables comprehensive in-browser and network-level filtering, providing a full-spectrum DNS solution that secures browsers and entire…
All Google Cloud users will have to enable MFA by 2025
Google has announced that, by the end of 2025, multi-factor authentication (MFA) – aka 2-step verification – will become mandatory for all Google Cloud accounts. “Given the sensitive nature of cloud deployments — and with phishing and stolen credentials remaining…
GoZone ransomware accuses and threatens victims
A new ransomware dubbed GoZone is being leveraged by attackers that don’t seem to be very greedy: they are asking the victims to pay just $1,000 in Bitcoin if they want their files decrypted. The GoZone HTML ransom note (Source:…
Authlete 3.0 empowers organizations to improve how they issue and manage user credentials
Authlete launched Authlete 3.0, offering support for OpenID for Verifiable Credential Issuance (OID4VCI). This new capability empowers organizations—including governments, financial institutions, and educational establishments—to revolutionize how they issue and manage user credentials. With the introduction of Authlete 3.0, Authlete now…
Symbiotic provides developers with real-time feedback on potential security vulnerabilities
Symbiotic Security launched a real-time security for software development that combines detection and remediation with just-in-time training – incorporating security testing and training directly into the development process without breaking developers’ workflows. Backed with $3 million of seed funding from…
The cybersecurity gender gap: How diverse teams improve threat response
In this Help Net Security interview, Julie Madhusoodanan, Head of CyberSecurity at LinkedIn, discusses how closing the gender gap could enhance cybersecurity’s effectiveness in combating emerging threats. With women still underrepresented in cybersecurity roles, she emphasizes how diverse teams bring…
Osmedeus: Open-source workflow engine for offensive security
Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists. Osmedeus key features Speed up your recon process Organize…
Key cybersecurity predictions for 2025
In this Help Net Security video, Chris Gibson, CEO at FIRST, discusses the evolving threat landscape and provides a unique take on where data breaches and cyber attacks will be in 2025. The post Key cybersecurity predictions for 2025 appeared…
Identity-related data breaches cost more than average incidents
Identity-related data breaches are more severe and costly than run-of-the-mill incidents, according to RSA. 40% of respondents reported an identity-related security breach. Of those, 66% reported it as a severe event that affected their organization. 44% estimated that the total…
Beware of phishing emails delivering backdoored Linux VMs!
Unknown attackers are trying to trick Windows users into spinning up a custom Linux virtual machine (VM) with a pre-configured backdoor, Securonix researchers have discovered. The campaign The attack began with a phishing email, they believe, but they weren’t able…
Lumifi acquires Critical Insight to boost incident response capabilities
Lumifi announces the acquisition of Critical Insight, marking its third acquisition in 13 months. This strategic move expands Lumifi’s service offerings and strengthens its presence in the healthcare and critical infrastructure cybersecurity sector. The acquisition adds to Lumifi’s existing offerings,…
Google patches actively exploited Android vulnerability (CVE-2024-43093)
Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework. The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093) Qualcomm patched CVE-2024-43047…
Report: Voice of Practitioners 2024 – The True State of Secrets Security
In this study, GitGuardian and CyberArk reveal the stark reality of secrets management across 1,000 organizations. With 79% experiencing secrets leaks and an average remediation time of 27 days, the findings expose critical gaps between security confidence and reality. Learn…
BigID DSPM Starter App enhances data security posture for Snowflake customers
BigID launched Data Security Posture Management (DSPM) Starter App, built natively in Snowflake and using the Snowflake Native App Framework. BigID’s DSPM Starter App will be available via Snowflake Marketplace and provide rapid data discovery and classification assessment natively in…
Open-source software: A first attempt at organization after CRA
The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized by…
Maximizing security visibility on a budget
In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond basic visibility to understand device behavior and risk—is…
AI learning mechanisms may lead to increase in codebase leaks
The proliferation of non-human identities and the complexity of modern application architectures has created significant security challenges, particularly in managing sensitive credentials, according to GitGuardian. Based on a survey of 1,000 IT decision-makers in organizations with over 500 employees across…
Cybersecurity jobs available right now: November 5, 2024
Application Security Engineer MassMutual | USA | Hybrid – View job details As an Application Security Engineer, you will conduct in-depth security assessments, including vulnerability scanning, and code reviews. Ensure secure coding practices are followed, and security controls are incorporated…
Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)
Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-2024-10443 was discovered by Rick de Jager, a security researcher at Midnight…
IRISSCON 2024 to address AI’s dual impact on cybersecurity
The IRISSCERT Cyber Crime Conference (IRISSCON) returns on November 6th at the Aviva Stadium, where global cybersecurity leaders will explore AI’s revolutionary role in defending against and contributing to cyber threats. As Ireland’s longest-standing cybersecurity conference, IRISSCON 2024 will dive…
Hiring guide: Key skills for cybersecurity researchers
In this Help Net Security interview, Rachel Barouch, an Organizational Coach for VCs and startups and a former VP HR in both a VC and a Cybersecurity startup, discusses the dynamics of cybersecurity researchers and team-building strategies. She highlights that…
Cybersecurity in crisis: Are we ready for what’s coming?
In this Help Net Security video, James Edgar, CISO at Corpay, reveals insights into cybersecurity health, concerns, challenges, and other considerations for building a solid defense program. Key insights revealed in Corpay’s 2024 State of Business Cybersecurity Report: 67% of…
Whispr: Open-source multi-vault secret injection tool
Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information. Whispr…
Strong privacy laws boost confidence in sharing information with AI
53% of consumers report being aware of their national privacy laws, a 17-percentage point increase compared to 2019, according to Cisco. Informed consumers are also much more likely to feel their data is protected (81%) compared to those who are…
Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patching problems: The “return” of a Windows Themes spoofing vulnerability Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s…
50% of financial orgs have high-severity security flaws in their apps
Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt, according to Veracode. Financial sector apps…
How open-source MDM solutions simplify cross-platform device management
In this Help Net Security interview, Mike McNeil, CEO at Fleet, talks about the security risks posed by unmanaged mobile devices and how mobile device management (MDM) solutions help address them. He also discusses employee resistance to MDM and how…
OpenPaX: Open-source kernel patch that mitigates memory safety errors
OpenPaX is an open-source kernel patch that mitigates common memory safety errors, re-hardening systems against application-level memory safety attacks using a simple Linux kernel patch. It’s available under the same GPLv2 license terms as the Linux kernel. “We are pleased…
Threat actors are stepping up their tactics to bypass email protections
Although most organizations use emails with built-in security features that filter out suspicious messages, criminals always find a way to bypass these systems. With the development of AI technology, phishing is becoming increasingly difficult to recognize, allowing them to circumvent…
Infosec products of the month: October 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Balbix, BreachLock, Commvault, Dashlane, Data Theorem, Edgio, ExtraHop, Fastly, Frontegg, GitGuardian, IBM, Ivanti, Jumio, Kusari, Legit Security, Metomic, Nametag, Neon, Nucleus Security, Okta, Qualys,…
Sophos mounted counter-offensive operation to foil Chinese attackers
Sophos conducted defensive and counter-offensive operation over the last five years with multiple interlinked nation-state adversaries based in China targeting perimeter devices, including Sophos Firewalls. Espionage campaigns tied to Chinese hacking groups The attackers used a series of campaigns with…
Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups
A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect their wallets, TradingView has reported. The pop-up (Source: Lottie Player…
Google on scaling differential privacy across nearly three billion devices
In this Help Net Security interview, Miguel Guevara, Product Manager, Privacy Safety and Security at Google, discusses the complexities involved in scaling differential privacy technology across large systems. He emphasizes the need to develop secure, private, and user-controlled products while…
Cynet enables 426% ROI in Forrester Total Economic Impact Study
Cost savings and business benefits were quantified in “The Total Economic Impact of Cynet All-in-One Security,” a commissioned study conducted by Forrester Consulting on behalf of Cynet in October 2024. The Total Economic Impact Study framework helps organizations understand the…
North Korean hackers pave the way for Play ransomware
North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo Alto Networks) The attack…
Claro Enterprise Solutions helps organizations identify vulnerabilities within Microsoft 365
Claro Enterprise Solutions launched Collaboration Security Management solution. This comprehensive service addresses critical security challenges related to file sharing, data loss events, or unknown shadow users, faced by organizations using Microsoft 365. As remote and hybrid work models become the…
IoT needs more respect for its consumers, creations, and itself
Yet again, connected devices are in the news for all the wrong reasons. In October, security researchers found that robot vacuums from Chinese company, Ecovacs, can be compromised via a backdoor. In one case, hackers gained control over the device…
How agentic AI handles the speed and volume of modern threats
In this Help Net Security interview, Lior Div, CEO at Seven AI, discusses the concept of agentic AI and its application in cybersecurity. He explains how it differs from traditional automated security systems by offering greater autonomy and decision-making capabilities.…
99% of CISOs work extra hours every week
The most common challenge for CISOs is resource constraints: not enough staff, budget or technology to support the security program needed or meet compliance requirements, according to DirectDefense. Cybersecurity industry faces ongoing talent shortage The World Economic Forum claims there’s…
Why cyber tools fail SOC teams
A recent Vectra AI report highlights a growing distrust of threat detection tools. 47% of respondents note they do not trust their tools to work the way they need them to. Moreover, 60% of SOC practitioners say security vendors flood…
XM Cyber Vulnerability Risk Management boosts prioritization with actual impact analysis
XM Cyber launched its innovative Vulnerability Risk Management (VRM) solution, extending its Continuous Exposure Management Platform. This new approach to vulnerability management empowers organizations to see through the fog of false positives left behind by legacy vulnerability assessment tools and…
Immuta Data Marketplace automates data access workflows
Immuta announced an expansion of its platform with the launch of a new Data Marketplace solution to power fast and safe internal data sharing. Fueling a data marketplace that is owned and managed by the customer, the Immuta Platform enables…
Neon Authorize: Granular access controls at the database layer
Neon, the serverless Postgres database built for developers, launched Neon Authorize. It enables developers to manage permissions and access controls with ease. This new offering leverages Postgres RLS (Row-Level Security) – a Postgres primitive that protects data from malicious actors…
Ransomware hits web hosting servers via vulnerable CyberPanel instances
A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX and other ransomware. The PSAUX ransom note (Source: LeakIX) The CyberPanel vulnerabilities CyberPanel…
Product showcase: Shift API security left with StackHawk
With the proliferation of APIs, and the speed at which AI functionality is helping fuel innovation, a strategic approach for securing APIs is no longer a nice to have, it’s a criticality. Without a proactive approach, your APIs could become…
Russian hackers deliver malicious RDP configuration files to thousands
Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protocol (RDP) configuration file. “Based…
Kaseya 365 User helps MSPs to protect user data
Kaseya announced Kaseya 365 User, joining Kaseya 365 Endpoint which launched in April 2024. Kaseya 365 User gives managed service providers (MSPs) the ability to help their customers prevent, respond to and recover from threats to user identity and security.…
Seclore secures sensitive intellectual property and data in CAD files
Seclore announced the extension of its Seclore Enterprise Digital Rights Management (EDRM) capabilities to support neutral or interoperable computer-aided design (CAD) files for industries that create, manage, and share intellectual property (IP). The support for neutral CAD files creates better…
Simplifying decentralized identity systems for everyday use
In this Help Net Security interview, Carla Roncato, VP of Identity at WatchGuard Technologies, discusses how companies can balance privacy, security, and usability in digital identity systems. She emphasizes modern techniques like biometrics and passkeys to replace knowledge-based authentication methods…
Risk hunting: A proactive approach to cyber threats
Cybersecurity is an overly reactive industry. Too often we act like firefighters, rushing from blaze to blaze, extinguishing flames hoping to keep the damage to a minimum, rather than fire suppression experts designing environments that refuse to burn. Just consider…
6 key elements for building a healthcare cybersecurity response plan
Medical practices remain vulnerable to cyberattacks, with over a third unable to cite a cybersecurity incident response plan, according to Software Advice. This gap exposes healthcare providers to risks of patient data breaches, HIPAA violations, financial penalties, and patient safety…
US charges suspected Redline infostealer developer, admin
The identity of a suspected developer and administrator of the Redline malware-as-a-service operation has been revealed: Russian national Maxim Rudometov. Infrastructure takedown As promised on Monday when they announced the disruption of the Redline and Meta infostealer operations, law enforcement…
The Cloud Latency Map measures latency across 100+ cloud regions
Kentik launched The Cloud Latency Map, a free public tool allowing anyone to explore the latencies measured between over 100 cloud regions worldwide. Users can identify recent changes in latencies globally between various public clouds and data center regions for…
Securiti Gencore AI accelerates GenAI adoption in the enterprise
Securiti released Gencore AI, a holistic solution to easily build safe, enterprise-grade GenAI systems, copilots and AI agents. This new solution accelerates GenAI adoption in the enterprise by making it easy to build unstructured and structured data + AI pipelines…
Aviatrix unveils features to simplify network security management
Aviatrix unveiled new features and functionality designed to fill critical cloud network security gaps in cloud environments. With its latest software release and introduction of new features, including the Hybrid Cloud Transit and Distributed Cloud Firewall (DCF) integration with enhanced…
Zenity raises $38 million to secure agentic AI
Zenity announced they have received $38 million in Series B funding co-led by Third Point Ventures and DTCP, pushing the total capital raised to over $55 million. It follows the recent strategic investment by Microsoft’s venture arm, M12, with strong…
Phishers reach targets via Eventbrite services
Crooks are leveraging the event management and ticketing website Eventbrite to deliver their phishing emails to potential targets. “Since July, these attacks have increased 25% week over week, resulting in a total growth rate of 900%,” Perception Point researchers say.…
Corero CORE turns isolated security events into actionable intelligence
Corero Network Security launched a new cloud-based availability protection platform, CORE. CORE by Corero Network Security is a cloud-based availability protection platform designed to seamlessly enhance a company’s existing security infrastructure. It delivers advanced defense, leveraging existing infrastructure, offering flexibility…
Akamai strenghtens protection against account abuse
Akamai launched new capabilities to its Account Protector security solution. These enhancements are designed to safeguard user accounts against abuse throughout their entire lifecycle and provide advanced protection against account opening abuse, account takeover attacks, and other attack schemes. The…
Patching problems: The “return” of a Windows Themes spoofing vulnerability
Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes file still affects Microsoft’s operating system, 0patch researchers have discovered. The path to discovery The story starts…
PIXM protects MSPs from credential theft and phishing attacks
PIXM Security launched its new Managed Service Provider (MSP) program for zero-day phishing protection. With over 500,000 end users already protected, PIXM shields MSPs and their customers from credential theft and zero-day phishing attacks that can lead to malware and…
Inside console security: How innovations shape future hardware protection
In this Help Net Security interview, security researchers Specter and ChendoChap discuss gaming consoles’ unique security model, highlighting how it differs from other consumer devices. They also share their thoughts on how advancements in console security could shape future consumer…
Cybersecurity jobs available right now: October 29, 2024
API Gateway Security Engineer Ness Technologies | Israel | Hybrid – View job details As an API Gateway Security Engineer, you will be responsible for managing and implementing API Gateway solutions with a strong focus on information security. Your responsibilities…
OT PCAP Analyzer: Free PCAP analysis tool
EmberOT’s OT PCAP Analyzer, developed for the industrial security community, is a free tool providing a high-level overview of the devices and protocols in packet capture files. “The OT PCAP Analyzer was designed specifically with critical OT environments in mind.…
The state of password security in 2024
In this Help Net Security video, John Bennett, CEO at Dashlane, discusses their recent Global Password Health Score Report, detailing the global state of password health and hygiene. Poor security habits like password reuse remain widespread. With passwordless technologies like…
Trust and risk in the AI era
55% of organizations say the security risks for their business have never been higher, according to Vanta. Yet the average company only dedicates 11% of its IT budget to security — far from the ideal allocation of 17%, according to…
Black Basta operators phish employees via Microsoft Teams
Black Basta ransomware affiliates are still trying to trick enterprise employees into installing remote access tool by posing as help desk workers, now also via Microsoft Teams. Phishing via MS Teams Earlier this year, Rapid7 warned about Black Basta using…
Armis raises $200 million to fuel growth strategy
Armis announced the close of a $200 million Series D round of investment, increasing its total company valuation to a new high of $4.2 billion. Armis’ latest funding round was led by both top-tier investors General Catalyst and Alkeon Capital,…
Police hacks, disrupts Redline, Meta infostealer operations
The Dutch National Police, along with partner law enforcement agencies, has disrupted the operation of the Redline and Meta infostealers and has collected information that may unmask users who paid to leverage the infamous malware. Screenshot of the Redline License…
Entrust helps banks fight fraud during account opening
Entrust announced an all-in-one consumer banking platform that allows banks and credit unions to provide high-assurance security throughout the customer lifecycle – from account opening to financial credential issuance to on-going, everyday transactions and interactions. The solution integrates leading AI-driven…
ExtremeCloud Universal ZTNA enhancements boost visibility and security
Extreme Networks introduced new features within ExtremeCloud Universal Zero Trust Network Access (ZTNA), an identity-based network access solution. Universal ZTNA unifies cloud Network Access Control and ZTNA in a single, easy-to-use SaaS offering, with one zero trust policy engine for…
Jumio Liveness detects various sophisticated spoofing attacks
Jumio unveiled Jumio Liveness, an enhanced, in-house technology designed to address increasingly sophisticated fraud tactics. This solution expands beyond traditional presentation attacks, such as paper or screen copies, and employs sophisticated AI models to block advanced threats like injection attacks…
Filigran raises $35 million to drive global expansion
Filigran announces the completion of its $35 million Series B fundraise, led by global software investor Insight Partners, with continued support from existing investors Accel and Moonfire. This new round of funding comes just months after the company’s $16 million…
A good cyber leader prioritizes the greater good
In the war against malicious cyber activity, it’s time for security vendors to step in – and it’s not how you might think. CISA Director Jen Easterly put it right at this year’s Black Hat conference: “We got ourselves into…
How isolation technologies are shaping the future of Kubernetes security
In this Help Net Security interview, Emily Long, CEO at Edera, discusses the most common vulnerabilities in Kubernetes clusters and effective mitigation strategies. Long shares insights on emerging isolation technologies that could enhance Kubernetes security and better protect containerized environments.…
Fraudsters revive old tactics mixed with modern technology
Threat actors continue to probe the payments ecosystem for vulnerabilities and were successful in conducting fraud schemes affecting multiple financial institutions, technologies, and processes, according to Visa. The resurgence of physical theft Scammers are going back to basics with an…
Adversarial groups adapt to exploit systems in new ways
In this Help Net Security video, Jake King, Head of Threat & Security Intelligence at Elastic, discusses the key findings from the 2024 Elastic Global Threat Report. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike and…
Top 10 strategic technology trends shaping the future of business
The ethical and responsible use of technology is fast becoming part of the mandate for CIOs, as organizations balance the need for progress with the protection of stakeholders’ trust and well-being, according to Gartner. “This year’s top strategic technology trends…
Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Fortinet releases patches for publicly undisclosed critical FortiManager vulnerability In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix…
SEC fines tech companies for misleading SolarWinds disclosures
The Securities and Exchange Commission charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with making materially misleading disclosures regarding cybersecurity risks and intrusions. The SEC also…
Exploited: Cisco, SharePoint, Chrome vulnerabilities
Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few days, Cisco has released fixes for a slew of vulnerabilities affecting…
Proof Verify reduces false positives and improves fraud detection accuracy
Proof launched Verify, a live face-to-face experience that delivers high-level assurance with identity verification performed in the presence of an agent, reducing the risk of fraudulent activities such as deepfakes by ensuring that users are legitimate. Organizations and consumers alike…
Concentric AI raises $45 million to expand go-to-market strategies
Concentric AI has secured financing of $45 million in a Series B round, bringing the company’s total funding to more than $67 million. The funding round was led by Top Tier Capital Partners and HarbourVest Partners. CyberFuture, a global CISO…
AuthenticID360 blocks AI-generated IDs during digital onboarding
AuthenticID released AuthenticID360, its new holistic identity verification platform. AuthenticID360 delivers robust verification and risk signaling capabilities, including a 2-second response time for identity transactions. A unified solution for comprehensive identity verification and risk scoring AuthenticID360 combines ID verification, biometric…
Achieving peak cyber resilience
Climbing Mount Everest isn’t a feat for the faint hearted. Extreme weather, dangerous terrain and acclimatization requirements make the trek challenging for even the most experienced climbers. It’s estimated that the expedition takes more than two months, on average. That’s…
How to fend off a quantum computer attack
In this Help Net Security video, IEEE member Marc Lijour explains quantum computing and offers insight into how to fend off a quantum computer attack. The post How to fend off a quantum computer attack appeared first on Help Net…
The future of cyber insurance: Meeting the demand for non-attack coverage
In this Help Net Security interview, Michael Daum, Head of Global Cyber Claims for Allianz Commercial, discusses the significant rise in cyber claims in 2024, driven by an increase in data breaches and ransomware attacks. Daum highlights the need for…
New infosec products of the week: October 25, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Fastly, IBM, Ivanti, Kusari, and Nucleus Security. IBM Guardium Data Security Center protects hybrid cloud and AI IBM Guardium Data Security Center provides a common…
Unclear pricing for GRC tools creates market confusion
Due to widely varying government, risk, and compliance (GRC) tool pricing, enterprise risk management (ERM) leaders must understand four different pricing-tier categories of GRC solutions and apply a scoping framework to further estimate likely costs ahead of vendor selection, according…