Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a vulnerability stemming from missing authentication for a critical function in FortiManager’s fgfmd daemon. Remote, unauthenticated attackers…
Category: Help Net Security
Nucleus Security unveils POAM Process Automation for federal agencies
Nucleus Security announced Nucleus POAM Process Automation, a comprehensive solution for federal agencies and their vendors to streamline risk management and automate their Plan of Action and Milestones (POA&M) process. This solution overcomes error-prone and labor-intensive manual processes by automating…
F5 BIG-IP Next for Kubernetes reduces the complexity of AI deployments
F5 announced BIG-IP Next for Kubernetes, an AI application delivery and security solution that equips service providers and large enterprises with a centralized control point to accelerate, secure, and streamline data traffic that flows into and out of large-scale AI…
Enhancing national security: The four pillars of the National Framework for Action
In this Help Net Security interview, John Cohen, Executive Director, Program for Countering Hybrid Threats at the Center for Internet Security, discusses the four pillars of the National Framework for Action, emphasizing how these measures can combat the exploitation of…
What’s more important when hiring for cybersecurity roles?
When building a cybersecurity team, you likely asked yourself, “Should I focus on certifications or real-world skills?” And since you rarely encounter entry-level candidates who can hit the ground running, naturally, you’d consider a candidate with both. But that’s not…
Facing the uncertainty of cyber insurance claims
Cyber insurance is vital for companies mitigating cyber risks, but the industry still encounters significant challenges, including shifting policy requirements and uncertainty around coverage in the event of an incident. As cyberattacks continue to cause problems for organizations worldwide, it’s…
How to enable Safe Browsing in Google Chrome on Android
To safeguard your data, Google Chrome uses Safe Browsing to protect you from: harmful websites and extensions, malicious or intrusive advertisements, malware, phishing attacks, and social engineering threats. Safe Browsing scans and evaluates websites to identify potentially harmful sites, which…
AI and deepfakes fuel phishing scams, making detection harder
AI impersonation is now the hardest vector for cybersecurity professionals to protect companies against, according to Teleport. The study, which surveyed 250 senior US and UK decision-makers, shows that social engineering remains one of the top tactics cybercriminals use to…
Cofense improves visibility of dangerous email-based threats
Cofense released new AI-driven spam reduction capabilities to its Phishing Detection and Response (PDR) platform. These enhancements reduce workload so SOC analysts can concentrate on genuine threats that could quickly harm an organization’s revenue or reputation. “As phishing attacks continue…
Cofense improves visibility of dangerous email-based threats
Cofense released new AI-driven spam reduction capabilities to its Phishing Detection and Response (PDR) platform. These enhancements reduce workload so SOC analysts can concentrate on genuine threats that could quickly harm an organization’s revenue or reputation. “As phishing attacks continue…
ESET HOME Security enhancements strengthen protection against AI-driven threats
ESET announced its upgraded consumer offering, ESET HOME Security, with new features, such as ESET Folder Guard and Multithread Scanning. These enhancements to ESET HOME Security, as an all-in-one solution for consumers, correspond to the increasing number of advanced, automated, and…
Reality Defender secures $33 million to enhance AI detection capabilities
Reality Defender announced that its Series A fundraising has been expanded, securing a total of $33 million in capital investment. The expanded fundraising round was led by Illuminate Financial, with additional participation from Booz Allen Ventures, IBM Ventures, the Jefferies…
Cohesity Gaia brings the power of generative AI to enterprise data
Cohesity introduced a patent-pending visual data exploration capability to Cohesity Gaia, its AI-powered search assistant launched earlier this year. By providing customers with a visual categorization of the themes across documents and files within a data set, the visual data…
Stream.Security raises $30 million to boost cloud security
Stream.Security closed a $30 million Series B funding round led by U.S. Venture Partners, with participation from new investors, Citi Ventures, and existing investors, Energy Impact Partners (EIP), Cervin Ventures, TLV Partners, and Glilot Capital Partners VC. This new round…
Effective strategies for measuring and testing cyber resilience
In this Help Net Security interview, Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), discusses the emerging cyber threats and strategies organizations can use to increase cyber resilience. He emphasizes basic cyber hygiene, security awareness…
Argus: Open-source information gathering toolkit
Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of powerful modules, enabling the exploration of networks, web applications, and security configurations. Argus offers a collection of tools categorized into…
Evolving cloud threats: Insights and recommendations
Recently, IBM X-Force released its 2024 Cloud Threat Landscape Report. This uses incident data and insights to reveal how attackers successfully compromise organizations by leveraging adversary-in-the-middle (AITM) attacks to bypass multi-factor authentication (MFA). This often leads to business email compromise…
Cybersecurity jobs available right now: October 23, 2024
Cybersecurity Engineer Texas Instruments | USA | On-site – View job details As a Cybersecurity Engineer, you will design, implement and maintain cybersecurity controls for security tools to help drive zero trust and secure by design principles across complex environments.…
Most women in IT work overtime to advance in their careers
As a historically male-dominated industry, many IT companies have been described as having limited career development opportunities for female employees, according to Acronis. Issues like lack of mentorship, inadequate policies for work-life balance, and sometimes even a culture of exclusion…
Cranium Detect AI accelerates AI governance
Cranium launched Detect AI, an AI discovery tool at scale. With this launch, Cranium is extending its platform capabilities to include visibility and access across an organization’s AI instances, which enables security and compliance teams to uncover and label all…
SailPoint Machine Identity Security reduces the risk associated with unmanaged machine identities
SailPoint launched SailPoint Machine Identity Security, a new Identity Security Cloud product. SailPoint Machine Identity Security is a dedicated product built specifically for machine accounts such as service accounts and bots. Built on SailPoint Atlas, Machine Identity Security unifies the…
Kusari helps organizations gain visibility into their software
By ingesting Software Bill of Materials (SBOM) data – a list of all software components – the Kusari platform presents a timeline of the software to identify where impacts are likely to surface. In creating a single source of truth,…
IBM Guardium Data Security Center protects hybrid cloud and AI
As hybrid cloud-, AI-, and quantum-related risks upend the traditional data security paradigm, IBM is launching IBM Guardium Data Security Center – allowing organizations to protect data in any environment, throughout its full lifecycle, and with unified controls. IBM Guardium Data…
Packet Capture cStor 200S enables organizations to capture, analyze, and optimize network traffic
cPacket Networks launched Packet Capture cStor 200S, the latest addition to its Packet Capture and analytics portfolio. Engineered to meet the escalating demands of enterprise data centers, high-frequency trading platforms, and mission-critical networks, the Packet Capture cStor 200S delivers 200Gbps…
VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)
Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by zbl…
Palo Alto Networks extends security into harsh industrial environments
The convergence of IT and operational technology (OT) and the digital transformation of OT have created new opportunities for innovation and efficiency in critical Industrial Automation and Control Systems. However, these advancements also broaden the potential attack surface, making it…
Ivanti Neurons for App Control strengthens endpoint security
Ivanti introduced Ivanti Neurons for App Control, which safeguards devices from unauthorized applications. In addition, Ivanti released new analytics in the Ivanti Neurons platform and new features for Ivanti Neurons for Patch Management to enhance security and ensure compliance. With…
Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)
Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and…
Fastly DDoS Protection blocks malicious traffic
Fastly released Fastly DDoS Protection to provide automatic protection from Layer 7 and other application-level DDoS attacks. With a click of a button, organizations can enable Fastly DDoS Protection to automatically shield their applications and APIs against highly disruptive data…
IT security and government services: Balancing transparency and security
Government information technology leaders find themselves at a challenging balance point: On one end of the scale are increasing threats from cyber actors, bolstered by advanced technology like artificial intelligence (AI); on the other end is a longstanding commitment to…
Phishing scams and malicious domains take center stage as the US election approaches
Phishing scams aimed at voters, malicious domain registrations impersonating candidates, and other threat activity designed to exploit unassuming victims take center stage as the US election approaches, according to Fortinet. “As the 2024 US presidential election approaches, it’s critical to…
Myths holding women back from cybersecurity careers
In this Help Net Security interview, Dr Kathryn Jones, Head of School, Computer Science and Informatics at Cardiff University, discusses the challenges and misconceptions that deter women from pursuing careers in cybersecurity. Dr Jones also outlines the diverse skills, mentorship,…
Hackers are finding new ways to leverage AI
AI adoption and integration has continued its rapid momentum within the hacking community, according to Bugcrowd. Nevertheless, it continues to pose both benefits and unfortunate cyber risks. This year’s report revealed a significant shift in the perceived value of AI…
Whitepaper: Securing GenAI
The ultimate guide to AI security: key AI security risks, vulnerabilities and strategies for protection. 61% of companies use AI, but few secure it. This whitepaper covers the key AI risks being overlooked from LLMs to RAG. Inside the Securing…
Fortinet releases patches for undisclosed critical FortiManager vulnerability
In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. Security updates are trickling out The company, which is known for pushing…
Graylog enables organizations to make more informed decisions about their security posture
Graylog unveiled significant security advancements to drive smarter, faster, and more cost-efficient security operations. The company’s latest capabilities include advanced data routing, asset-based risk scoring, and AI-generated investigation reports. These enhancements, and many others in the Fall 2024 release, help…
Ataccama ONE v15.3 empowers data teams to monitor, manage, and utilize data
Ataccama announced Ataccama ONE v15.3, an update to its data management platform that significantly increases the ROI for customers. Ataccama ONE v15.3 empowers data teams to monitor, manage, and utilize data to enhance security and compliance and expand their customer…
The Internet Archive breach continues
Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that…
Building secure AI with MLSecOps
In this Help Net Security interview, Ian Swanson, CEO of Protect AI, discusses the concept of “secure AI by design.” By adopting frameworks like Machine Learning Security Operations (MLSecOps) and focusing on transparency, organizations can build resilient AI systems that…
Evolving cybercriminal tactics targeting SMBs
A recent Todyl report revealed a 558% increase in BEC (Business Email Compromise), AiTM (Adversary-in-the-Middle), and ATO (Account Takeover) attacks in 2024. In this Help Net Security video, David Langlands, Chief Security Officer at Todyl, discusses these evolving cyber threats.…
Should the CISOs role be split into two functions?
84% of CISOs believe the role needs to be split into two functions – one technical and one business-focused, to maximize security and organizational resilience, according to Trellix. Regulatory demands pose a growing challenge for CISOs The research reveals insights…
Aranya: Open-source toolkit to accelerate secure by design concepts
SpiderOak launched its core technology platform as an open-source project called Aranya. This release provides the same level of security as the company’s platform, which is already in use by the Department of Defense. The Aranya project marks a turning…
Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote…
Microsoft lost some customers’ cloud security logs
Microsoft has lost several weeks of cloud security logs that its customers rely on to spot cyber intrusions. What happened As reported by Business Insider earlier this month, Microsoft privately notified affected customers of this incident and told them the…
Israeli orgs targeted with wiper malware via ESET-branded emails
Attackers have tried to deliver wiper malware to employees at organizations across Israel by impersonating cybersecurity company ESET via email. The phishing email The attack took the form of a phishing email ostensibly sent by the “Eset Advanced Threat Defense…
Arrested: USDoD, Anonymous Sudan, SEC X account hacker
Law enforcement agencies have arrested suspects involved in cyber attacks claimed by USDoD and Anonymous Sudan, as well as a person involved in the hacking of SEC’s X (Twitter) account. USDoD On Wednesday, the Brazilian federal police (Policia Federal) arrested…
CyCognito expands automated testing capabilities
CyCognito announced several enhancements to its CyCognito Automated Security Testing (AST) product, a module in the CyCognito platform built for automated exposure validation and security testing. These additions speed the configuration of automated testing for AWS cloud environments, provide enhanced data…
Despite massive security spending, 44% of CISOs fail to detect breaches
Despite global information security spending projected to reach $215 billion in 2024, 44% of CISOs surveyed reported they were unable to detect a data breach in the last 12 months using existing security tools, according to Gigamon. Blind spots undermine…
What to do if your iPhone or Android smartphone gets stolen?
A lost, stolen, or compromised smartphone today means we are in serious trouble. Most people have everything related to their personal and professional lives stored on their phones, a fact that criminals are well aware of. Cybersecurity risks resulting from…
Cybercrime’s constant rise is becoming everyone’s problem
Cybercrime in recent years shows no signs of slowing down, with phishing attacks surging and ransomware tactics becoming more advanced, forcing organizations to constantly adapt their defenses. The rise of deepfake technology, especially in creating realistic audio impersonations, poses new…
New infosec products of the week: October 18, 2024
Here’s a look at the most interesting products from the past week, featuring releases from ExtraHop, GitGuardian, Nametag, Okta, Rubrik, and Sectigo. GitGuardian Visual Studio Code extension helps developers protect their sensitive information GitGuardian’s new Visual Studio Code extension brings…
Fake Google Meet pages deliver infostealers
Users of the Google Meet video communication service have been targeted by cyber crooks using the ClickFix tactic to infect them with information-stealing malware. Fake Google Meet video conference page with malicious ClickFix pop-up (Source: Sekoia) “The ClickFix tactic deceives…
The role of compromised cyber-physical devices in modern cyberattacks
Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution Architect with Trend Micro, believes that getting a better understanding of attackers’ infrastructure leads to a better understanding of the…
Cognizant Neuro Cybersecurity enhances threat detection and response
Cognizant announced the debut of Cognizant Neuro Cybersecurity, a new addition to Cognizant’s Neuro suite of platforms, designed to amplify cybersecurity resilience by integrating and orchestrating point cybersecurity solutions across the enterprise. Sophisticated threat actors, hybrid workforces, and the complexity…
MongoDB Queryable Encryption now supports range queries on encrypted data
MongoDB Queryable Encryption allows customers to securely encrypt sensitive application data and store it in an encrypted format within the MongoDB database. It also enables direct equality and range queries on the encrypted data without the need for cryptographic expertise.…
GhostStrike: Open-source tool for ethical hacking
GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments. “I…
How NIS2 will impact sectors from healthcare to energy
In this Help Net Security interview, Mick Baccio, Global Security Advisor at Splunk SURGe, discusses the far-reaching implications of the NIS2 Directive beyond traditional IT security. He explains how NIS2 will fundamentally change cybersecurity governance, making it a core aspect…
AI data collection under fire
A recent Cohesity report found that consumers are highly concerned about the information companies collect from them – especially when it`s used for artificial intelligence – with consumers prepared to punish companies by switching providers for any loss of trust.…
Why companies are struggling to keep up with SaaS data protection
While businesses increasingly rely on SaaS tools, many leaders are not fully confident in their ability to safeguard their data, according to Keepit. Growing concerns over SaaS data protection According to the survey, while 28% of respondents expressed high confidence…
Okta helps protect business before, during and after authentication
Okta announced new Workforce Identity Cloud capabilities to address top security challenges such as unmanaged SaaS service accounts, governance risks, and identity verification. As part of a unified approach, these innovations help protect business before, during and after authentication, providing…
ExtraHop RevealX enhancements accelerate investigation workflows
ExtraHop unveiled new network-based file analysis capabilities in ExtraHop RevealX to detect malware, combat ransomware, and help prevent data loss. According to the 2024 Global Ransomware Trends Report, organizations experience an average of eight ransomware incidents per year. To carry…
Defenders must adapt to shrinking exploitation timelines
A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the…
Product showcase: Secure and scale your network with NordLayer’s advanced security solutions
Cybersecurity threats have become increasingly prevalent and sophisticated in recent years, posing significant risks to businesses of all sizes. In 2023, there were 3,122 data breaches affecting approximately 349 million victims, highlighting the urgent need for robust network security solutions…
Lookout offers protection against social engineering and executive impersonation attacks
Lookout announced new features for its Mobile Threat Defense (MTD) solution, Lookout Mobile Endpoint Security. These advancements provide comprehensive protection against two fast-growing advanced social engineering tactics: smishing (SMS phishing) and executive impersonation fraud texts. Lookout offers a defense-in-depth approach…
Akamai launches Behavioral DDoS Engine for App & API Protection
Akamai has unveiled the availability of its Behavioral DDoS Engine for the App & API Protector solution. This new capability leverages machine learning for automatic, proactive protection against application-layer DDoS attacks. Behavioral DDoS Engine offers advanced detection and mitigation by…
Android 15 unveils new security features to protect sensitive data
Android 15 brings enhanced security features to protect your sensitive health, financial, and personal data from theft and fraud. It also introduces productivity improvements for large-screen devices and updates to apps like the camera, messaging, and passkeys. Android theft protection…
Swift launches AI-powered fraud detection service
Swift announced that it is rolling out new AI-enhanced fraud detection to help the global payments industry step up its defence as bad actors grow increasingly sophisticated. Available from January 2025, the service is the result of extensive collaboration with…
Netskope extends data security with DSPM capabilities
Netskope announced new enhancements to the Netskope One platform, extending the company’s data protection solutions to include integrated data security posture management (DSPM) capabilities. Modern data protection continues to be a top priority for organizations as they optimize hybrid work…
Akeyless unveils Unified Secrets and Machine Identity Platform
Akeyless announced its Unified Secrets and Machine Identity Platform, designed to address the leading cause of breaches—compromised identity credentials. Organizations are more exposed than ever as machine identities far outnumber human identities. High-profile breaches in 2024 demonstrate the risks of…
Rubrik DSPM for Microsoft 365 Copilot reduces the risk of sensitive data exposure
As organizations and their volume of Microsoft 365 data grow, protecting sensitive data and managing access has become even more important. The need for strong security and governance practices is only intensified as more organizations leverage powerful AI tools like…
Arcserve UDP 10 accelerates disaster recovery processes
Arcserve launched Arcserve UDP 10, providing customers with an intuitive, flexible, and affordable way to address their critical data security and business continuity challenges. Arcserve UDP 10 is a unified data protection solution that offers backup, replication, high availability, and…
Resilience over reliance: Preparing for IT failures in an unpredictable digital world
No IT system — no matter how advanced – is completely immune to failure. The promise of a digital ring of steel may sound attractive, but can it protect you against hardware malfunctions? Software bugs? Unexpected environmental conditions? Cybersecurity threats?…
Strengthening Kubernetes security posture with these essential steps
In this Help Net Security interview, Paolo Mainardi, CTO at SparkFabrik, discusses comprehensive strategies to secure Kubernetes environments from development through deployment. He focuses on best practices, automation, and continuous monitoring. Many security risks in Kubernetes originate from vulnerable container…
Cybersecurity jobs available right now: October 16, 2024
Application Security Engineer Cognism | France | Hybrid – View job details As an Application Security Engineer, you will conduct in-depth security assessments of web applications, identifying vulnerabilities using automated tools (e.g., SAST, DAST) and manual techniques. You will analyze…
Unlocking the value of AI-powered identity security
While most organizations are still in the early horizons of their identity security journey, those who achieve maturity are seeing disproportionately higher returns for every dollar spent, according to SailPoint. Identity security adoption still in early stages The value of…
Attackers deploying red teaming tool for EDR evasion
Threat actors are leveraging the open-source EDRSilencer tool to evade endpoint detection and response systems, Trend Micro researchers have noticed. About EDRSilencer The software, which is intended for red teaming, is being abused to “silence” EDR solutions. It works by…
Bitdefender Scam Copilot detects and combats online scams
Bitdefender launched Scam Copilot, an advanced technology platform powered by AI and designed to detect and fight scams along with fraud attempts across devices including computers, tablets, and mobile phones. The platform has been integrated into several Bitdefender digital life…
Data Zoo ID Fraud & Risk Signals enhances fraud detection
Data Zoo launched its latest service, ID Fraud & Risk Signals. This new solution is designed to enhance customer identification and Know Your Customer (KYC) processes by providing deeper insights into fraud detection and risk assessment, helping businesses stay at…
Nametag Deepfake Defense blocks AI-powered impersonation threats
More than 50% of executives expect deepfake attacks to increase over the next 12 months, but only 7% report using new technologies to detect deepfakes. Meanwhile, researchers are repeatedly demonstrating how AI-generated ID documents, selfie photos, and videos can successfully…
Secuvy unveils features designed to improve data security
Secuvy released several new features designed to enhance data security, mitigate insider threats, and streamline privacy operations. These innovations strengthen Secuvy’s capabilities in compliance, risk management, data leakage prevention, and secure collaboration, further empowering organizations to protect their critical data…
Cato DEM helps IT teams overcome network performance problems
Cato Networks expanded the Cato SASE Cloud Platform by introducing Cato Digital Experience Monitoring (DEM). This announcement is the third major expansion to the Cato SASE Cloud Platform in 2024, following the additions of extended detection and response (XDR) and…
Sectigo SiteLock 2.0 simplifies website protection for SMBs
Sectigo announced SiteLock 2.0, a major upgrade to SiteLock, its website security and protection platform. SiteLock 2.0 is designed to simplify website protection for small to medium-sized businesses (SMBs). At the core of SiteLock 2.0 is Site Health, a new,…
87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)
Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it’s being leveraged by attackers in the wild. The Shadowserver…
Calix enhances SmartHome to improve protection for residential subscribers
Calix announced significant updates to Calix SmartHome that will help broadband service providers (BSPs) meet every home internet need with enhanced security and comprehensive offerings. These SmartHome innovations make it easier for BSPs to support the growing demands of residential…
Netwrix appoints Grady Summers as CEO
Netwrix announced that Grady Summers has been appointed CEO effective immediately. Summers succeeds Steve Dickson, who has successfully led the company through record growth during his six-year tenure. Under Dickson’s leadership, Netwrix achieved significant growth and value creation. Since joining…
The NHI management challenge: When employees leave
An employee is exiting your organization. Regardless of the terms of departure, an ex-staffer has the potential when they leave or change roles to impact a wide range of non-human identities, digital credentials, and other secrets. Those secrets include the…
How nation-states exploit political instability to launch cyber operations
In this Help Net Security interview, Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry, discusses the impact of geopolitical tensions on the frequency and sophistication of cyberattacks. He explains how nation-states and politically motivated groups exploit unrest…
The dark side of API security
APIs are the backbone of digital transformation efforts, connecting applications across organizations, so their security is of the utmost importance. In this Help Net Security video, Lori MacVittie, a Distinguished Engineer at F5, discusses the current state of API security.…
Data breaches trigger increase in cyber insurance claims
Cyber claims have continued their upwards trend over the past year, driven in large part by a rise in data and privacy breach incidents, according to Allianz. Cyber claims frequency exceeds €1 million The frequency of large cyber claims (>€1…
How to create verification codes in Apple Passwords app
Starting with iOS 18, iPadOS 18, macOS Sequoia, and visionOS 2, the Apple Passwords app enables you to manage your passwords, passkeys, and verification codes. For websites and apps that support two-factor (2FA) or multi-factor authentication (MFA), the Passwords app…
OneSpan strenghtens banking security with phishing-resistant authentication
OneSpan announced an innovation in phishing-resistant transaction security, VISION FX. This new solution combines OneSpan’s patented CRONTO transaction signing with FIDO2 protocols that strengthen protection against phishing and account takeover threats (ATO), setting a standard for banking security. Merging both…
Ridge Security delivers enhanced capabilities for web application security
Ridge Security released RidgeBot 5.0, a substantial upgrade to its automated penetration testing platform. This release introduces AI-driven Web API testing, expanded vulnerability management integrations, and an upgraded operating system. RidgeBot 5.0 is an automated penetration testing platform to support…
Rancher Government Solutions introduces Harvester Government
Rancher Government Solutions launched Harvester Government, the first fully compliant, out-of-the-box Hyperconverged Infrastructure (HCI) solution tailored specifically for US Government and Military operations. Designed to meet the strict security standards required for government use cases, Harvester Government offers a pre-hardened…
GitGuardian Visual Studio Code extension helps developers protect their sensitive information
Stolen credentials remain the most common cause of a data breach. Various methods exist to prevent such breaches, and the most effective ones will have the least impact on developer productivity while catching issues as early as possible in the…
The quantum dilemma: Game-changer or game-ender
If someone told you five years ago that you could pose questions to an AI agent about the most vexing issues in science and it could answer back swiftly and meaningfully, you would’ve thought they were joking. But AI has…
CIOs want a platform that combines AI, networking, and security
While AI has captured the attention of the technology industry, the majority of CIOs and senior IT leaders are primarily focused on the convergence of networking and security, according to Extreme Networks. The survey, fielded in July and August 2024,…
CISSP and CompTIA Security+ lead as most desired security credentials
33.9% of tech professionals report a shortage of AI security skills, particularly around emerging vulnerabilities like prompt injection, according to O’Reilly. This highlights the need for specialized training as AI adoption continues to accelerate across industries. Critical skills gaps emerging…
CISOs’ strategies for managing a growing attack surface
In this Help Net Security interview, Rickard Carlsson, CEO at Detectify, discusses the evolution of attack surface management in the context of remote work and digital transformation. Carlsson highlights the challenges CISOs face today, including maintaining visibility and managing compliance…
Breaking down the numbers: Q3 2024 cybersecurity funding activity recap
We present a list of selected cybersecurity companies that received funding during the third quarter of 2024 (Q3 2024). Apono October | 15.5 million Apono has raised $15.5 million in a Series A funding led by New Era Capital Partners,…
Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two…