Category: Help Net Security

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)

Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a vulnerability stemming from missing authentication for a critical function in FortiManager’s fgfmd daemon. Remote, unauthenticated attackers…

Nucleus Security unveils POAM Process Automation for federal agencies

Nucleus Security announced Nucleus POAM Process Automation, a comprehensive solution for federal agencies and their vendors to streamline risk management and automate their Plan of Action and Milestones (POA&M) process. This solution overcomes error-prone and labor-intensive manual processes by automating…

What’s more important when hiring for cybersecurity roles?

When building a cybersecurity team, you likely asked yourself, “Should I focus on certifications or real-world skills?” And since you rarely encounter entry-level candidates who can hit the ground running, naturally, you’d consider a candidate with both. But that’s not…

Facing the uncertainty of cyber insurance claims

Cyber insurance is vital for companies mitigating cyber risks, but the industry still encounters significant challenges, including shifting policy requirements and uncertainty around coverage in the event of an incident. As cyberattacks continue to cause problems for organizations worldwide, it’s…

How to enable Safe Browsing in Google Chrome on Android

To safeguard your data, Google Chrome uses Safe Browsing to protect you from: harmful websites and extensions, malicious or intrusive advertisements, malware, phishing attacks, and social engineering threats. Safe Browsing scans and evaluates websites to identify potentially harmful sites, which…

AI and deepfakes fuel phishing scams, making detection harder

AI impersonation is now the hardest vector for cybersecurity professionals to protect companies against, according to Teleport. The study, which surveyed 250 senior US and UK decision-makers, shows that social engineering remains one of the top tactics cybercriminals use to…

Cofense improves visibility of dangerous email-based threats

Cofense released new AI-driven spam reduction capabilities to its Phishing Detection and Response (PDR) platform. These enhancements reduce workload so SOC analysts can concentrate on genuine threats that could quickly harm an organization’s revenue or reputation. “As phishing attacks continue…

Cofense improves visibility of dangerous email-based threats

Cofense released new AI-driven spam reduction capabilities to its Phishing Detection and Response (PDR) platform. These enhancements reduce workload so SOC analysts can concentrate on genuine threats that could quickly harm an organization’s revenue or reputation. “As phishing attacks continue…

Stream.Security raises $30 million to boost cloud security

Stream.Security closed a $30 million Series B funding round led by U.S. Venture Partners, with participation from new investors, Citi Ventures, and existing investors, Energy Impact Partners (EIP), Cervin Ventures, TLV Partners, and Glilot Capital Partners VC. This new round…

Effective strategies for measuring and testing cyber resilience

In this Help Net Security interview, Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), discusses the emerging cyber threats and strategies organizations can use to increase cyber resilience. He emphasizes basic cyber hygiene, security awareness…

Argus: Open-source information gathering toolkit

Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of powerful modules, enabling the exploration of networks, web applications, and security configurations. Argus offers a collection of tools categorized into…

Evolving cloud threats: Insights and recommendations

Recently, IBM X-Force released its 2024 Cloud Threat Landscape Report. This uses incident data and insights to reveal how attackers successfully compromise organizations by leveraging adversary-in-the-middle (AITM) attacks to bypass multi-factor authentication (MFA). This often leads to business email compromise…

Cybersecurity jobs available right now: October 23, 2024

Cybersecurity Engineer Texas Instruments | USA | On-site – View job details As a Cybersecurity Engineer, you will design, implement and maintain cybersecurity controls for security tools to help drive zero trust and secure by design principles across complex environments.…

Most women in IT work overtime to advance in their careers

As a historically male-dominated industry, many IT companies have been described as having limited career development opportunities for female employees, according to Acronis. Issues like lack of mentorship, inadequate policies for work-life balance, and sometimes even a culture of exclusion…

Cranium Detect AI accelerates AI governance

Cranium launched Detect AI, an AI discovery tool at scale. With this launch, Cranium is extending its platform capabilities to include visibility and access across an organization’s AI instances, which enables security and compliance teams to uncover and label all…

IBM Guardium Data Security Center protects hybrid cloud and AI

As hybrid cloud-, AI-, and quantum-related risks upend the traditional data security paradigm, IBM is launching IBM Guardium Data Security Center – allowing organizations to protect data in any environment, throughout its full lifecycle, and with unified controls. IBM Guardium Data…

Ivanti Neurons for App Control strengthens endpoint security

Ivanti introduced Ivanti Neurons for App Control, which safeguards devices from unauthorized applications. In addition, Ivanti released new analytics in the Ivanti Neurons platform and new features for Ivanti Neurons for Patch Management to enhance security and ensure compliance. With…

Fastly DDoS Protection blocks malicious traffic

Fastly released Fastly DDoS Protection to provide automatic protection from Layer 7 and other application-level DDoS attacks. With a click of a button, organizations can enable Fastly DDoS Protection to automatically shield their applications and APIs against highly disruptive data…

Myths holding women back from cybersecurity careers

In this Help Net Security interview, Dr Kathryn Jones, Head of School, Computer Science and Informatics at Cardiff University, discusses the challenges and misconceptions that deter women from pursuing careers in cybersecurity. Dr Jones also outlines the diverse skills, mentorship,…

Hackers are finding new ways to leverage AI

AI adoption and integration has continued its rapid momentum within the hacking community, according to Bugcrowd. Nevertheless, it continues to pose both benefits and unfortunate cyber risks. This year’s report revealed a significant shift in the perceived value of AI…

Whitepaper: Securing GenAI

The ultimate guide to AI security: key AI security risks, vulnerabilities and strategies for protection. 61% of companies use AI, but few secure it. This whitepaper covers the key AI risks being overlooked from LLMs to RAG. Inside the Securing…

The Internet Archive breach continues

Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that…

Building secure AI with MLSecOps

In this Help Net Security interview, Ian Swanson, CEO of Protect AI, discusses the concept of “secure AI by design.” By adopting frameworks like Machine Learning Security Operations (MLSecOps) and focusing on transparency, organizations can build resilient AI systems that…

Evolving cybercriminal tactics targeting SMBs

A recent Todyl report revealed a 558% increase in BEC (Business Email Compromise), AiTM (Adversary-in-the-Middle), and ATO (Account Takeover) attacks in 2024. In this Help Net Security video, David Langlands, Chief Security Officer at Todyl, discusses these evolving cyber threats.…

Should the CISOs role be split into two functions?

84% of CISOs believe the role needs to be split into two functions – one technical and one business-focused, to maximize security and organizational resilience, according to Trellix. Regulatory demands pose a growing challenge for CISOs The research reveals insights…

Microsoft lost some customers’ cloud security logs

Microsoft has lost several weeks of cloud security logs that its customers rely on to spot cyber intrusions. What happened As reported by Business Insider earlier this month, Microsoft privately notified affected customers of this incident and told them the…

Arrested: USDoD, Anonymous Sudan, SEC X account hacker

Law enforcement agencies have arrested suspects involved in cyber attacks claimed by USDoD and Anonymous Sudan, as well as a person involved in the hacking of SEC’s X (Twitter) account. USDoD On Wednesday, the Brazilian federal police (Policia Federal) arrested…

CyCognito expands automated testing capabilities

CyCognito announced several enhancements to its CyCognito Automated Security Testing (AST) product, a module in the CyCognito platform built for automated exposure validation and security testing. These additions speed the configuration of automated testing for AWS cloud environments, provide enhanced data…

Cybercrime’s constant rise is becoming everyone’s problem

Cybercrime in recent years shows no signs of slowing down, with phishing attacks surging and ransomware tactics becoming more advanced, forcing organizations to constantly adapt their defenses. The rise of deepfake technology, especially in creating realistic audio impersonations, poses new…

New infosec products of the week: October 18, 2024

Here’s a look at the most interesting products from the past week, featuring releases from ExtraHop, GitGuardian, Nametag, Okta, Rubrik, and Sectigo. GitGuardian Visual Studio Code extension helps developers protect their sensitive information GitGuardian’s new Visual Studio Code extension brings…

Fake Google Meet pages deliver infostealers

Users of the Google Meet video communication service have been targeted by cyber crooks using the ClickFix tactic to infect them with information-stealing malware. Fake Google Meet video conference page with malicious ClickFix pop-up (Source: Sekoia) “The ClickFix tactic deceives…

The role of compromised cyber-physical devices in modern cyberattacks

Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution Architect with Trend Micro, believes that getting a better understanding of attackers’ infrastructure leads to a better understanding of the…

Cognizant Neuro Cybersecurity enhances threat detection and response

Cognizant announced the debut of Cognizant Neuro Cybersecurity, a new addition to Cognizant’s Neuro suite of platforms, designed to amplify cybersecurity resilience by integrating and orchestrating point cybersecurity solutions across the enterprise. Sophisticated threat actors, hybrid workforces, and the complexity…

GhostStrike: Open-source tool for ethical hacking

GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments. “I…

How NIS2 will impact sectors from healthcare to energy

In this Help Net Security interview, Mick Baccio, Global Security Advisor at Splunk SURGe, discusses the far-reaching implications of the NIS2 Directive beyond traditional IT security. He explains how NIS2 will fundamentally change cybersecurity governance, making it a core aspect…

AI data collection under fire

A recent Cohesity report found that consumers are highly concerned about the information companies collect from them – especially when it`s used for artificial intelligence – with consumers prepared to punish companies by switching providers for any loss of trust.…

Okta helps protect business before, during and after authentication

Okta announced new Workforce Identity Cloud capabilities to address top security challenges such as unmanaged SaaS service accounts, governance risks, and identity verification. As part of a unified approach, these innovations help protect business before, during and after authentication, providing…

ExtraHop RevealX enhancements accelerate investigation workflows

ExtraHop unveiled new network-based file analysis capabilities in ExtraHop RevealX to detect malware, combat ransomware, and help prevent data loss. According to the 2024 Global Ransomware Trends Report, organizations experience an average of eight ransomware incidents per year. To carry…

Akamai launches Behavioral DDoS Engine for App & API Protection

Akamai has unveiled the availability of its Behavioral DDoS Engine for the App & API Protector solution. This new capability leverages machine learning for automatic, proactive protection against application-layer DDoS attacks. Behavioral DDoS Engine offers advanced detection and mitigation by…

Swift launches AI-powered fraud detection service

Swift announced that it is rolling out new AI-enhanced fraud detection to help the global payments industry step up its defence as bad actors grow increasingly sophisticated. Available from January 2025, the service is the result of extensive collaboration with…

Netskope extends data security with DSPM capabilities

Netskope announced new enhancements to the Netskope One platform, extending the company’s data protection solutions to include integrated data security posture management (DSPM) capabilities.  Modern data protection continues to be a top priority for organizations as they optimize hybrid work…

Akeyless unveils Unified Secrets and Machine Identity Platform

Akeyless announced its Unified Secrets and Machine Identity Platform, designed to address the leading cause of breaches—compromised identity credentials. Organizations are more exposed than ever as machine identities far outnumber human identities. High-profile breaches in 2024 demonstrate the risks of…

Arcserve UDP 10 accelerates disaster recovery processes

Arcserve launched Arcserve UDP 10, providing customers with an intuitive, flexible, and affordable way to address their critical data security and business continuity challenges. Arcserve UDP 10 is a unified data protection solution that offers backup, replication, high availability, and…

Strengthening Kubernetes security posture with these essential steps

In this Help Net Security interview, Paolo Mainardi, CTO at SparkFabrik, discusses comprehensive strategies to secure Kubernetes environments from development through deployment. He focuses on best practices, automation, and continuous monitoring. Many security risks in Kubernetes originate from vulnerable container…

Cybersecurity jobs available right now: October 16, 2024

Application Security Engineer Cognism | France | Hybrid – View job details As an Application Security Engineer, you will conduct in-depth security assessments of web applications, identifying vulnerabilities using automated tools (e.g., SAST, DAST) and manual techniques. You will analyze…

Unlocking the value of AI-powered identity security

While most organizations are still in the early horizons of their identity security journey, those who achieve maturity are seeing disproportionately higher returns for every dollar spent​, according to SailPoint. Identity security adoption still in early stages The value of…

Attackers deploying red teaming tool for EDR evasion

Threat actors are leveraging the open-source EDRSilencer tool to evade endpoint detection and response systems, Trend Micro researchers have noticed. About EDRSilencer The software, which is intended for red teaming, is being abused to “silence” EDR solutions. It works by…

Bitdefender Scam Copilot detects and combats online scams

Bitdefender launched Scam Copilot, an advanced technology platform powered by AI and designed to detect and fight scams along with fraud attempts across devices including computers, tablets, and mobile phones. The platform has been integrated into several Bitdefender digital life…

Data Zoo ID Fraud & Risk Signals enhances fraud detection

Data Zoo launched its latest service, ID Fraud & Risk Signals. This new solution is designed to enhance customer identification and Know Your Customer (KYC) processes by providing deeper insights into fraud detection and risk assessment, helping businesses stay at…

Secuvy unveils features designed to improve data security

Secuvy released several new features designed to enhance data security, mitigate insider threats, and streamline privacy operations. These innovations strengthen Secuvy’s capabilities in compliance, risk management, data leakage prevention, and secure collaboration, further empowering organizations to protect their critical data…

Netwrix appoints Grady Summers as CEO

Netwrix announced that Grady Summers has been appointed CEO effective immediately. Summers succeeds Steve Dickson, who has successfully led the company through record growth during his six-year tenure. Under Dickson’s leadership, Netwrix achieved significant growth and value creation. Since joining…

The NHI management challenge: When employees leave

An employee is exiting your organization. Regardless of the terms of departure, an ex-staffer has the potential when they leave or change roles to impact a wide range of non-human identities, digital credentials, and other secrets. Those secrets include the…

The dark side of API security

APIs are the backbone of digital transformation efforts, connecting applications across organizations, so their security is of the utmost importance. In this Help Net Security video, Lori MacVittie, a Distinguished Engineer at F5, discusses the current state of API security.…

How to create verification codes in Apple Passwords app

Starting with iOS 18, iPadOS 18, macOS Sequoia, and visionOS 2, the Apple Passwords app enables you to manage your passwords, passkeys, and verification codes. For websites and apps that support two-factor (2FA) or multi-factor authentication (MFA), the Passwords app…

Rancher Government Solutions introduces Harvester Government

Rancher Government Solutions launched Harvester Government, the first fully compliant, out-of-the-box Hyperconverged Infrastructure (HCI) solution tailored specifically for US Government and Military operations. Designed to meet the strict security standards required for government use cases, Harvester Government offers a pre-hardened…

The quantum dilemma: Game-changer or game-ender

If someone told you five years ago that you could pose questions to an AI agent about the most vexing issues in science and it could answer back swiftly and meaningfully, you would’ve thought they were joking. But AI has…

CISOs’ strategies for managing a growing attack surface

In this Help Net Security interview, Rickard Carlsson, CEO at Detectify, discusses the evolution of attack surface management in the context of remote work and digital transformation. Carlsson highlights the challenges CISOs face today, including maintaining visibility and managing compliance…