Category: Help Net Security

SCCMSecrets is an open-source tool that exploits SCCM policies, offering more than just NAA credential extraction. SCCM policies are a key target for attackers in Active Directory environments, as they can expose sensitive technical information, including account credentials. Attackers may…

Read more →

Application programming interfaces (APIs) are essential to how generative AI (GenAI) functions with agents (e.g., calling upon them for data). But the combination of API and LLM issues coupled with rapid rollouts is likely to see numerous organizations having to…

Read more →

Open source has become the foundation of modern application development, with up to 98% of applications incorporating open-source components and open-source code accounting for 70% or more of the typical application. In this Help Net Security video, Donald Fischer, CEO…

Read more →

Despite the rise in cyber threats, many people do not have a holistic view of security, according to Yubico. The results of the survey uncovered concerning patterns and behaviors when it comes to personal and workplace cybersecurity, including the extensive…

Read more →

In this Help Net Security interview, Joe Baguley, CTO EMEA at Broadcom, shares insights on private AI and its significance in data security. He explains how it helps organizations maintain control over sensitive information while addressing the complexities of compliance…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Windows Server 2025 gets hotpatching option, without reboots Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able…

Read more →

After much hyping and following prematurely leaked information by a third party, security researcher Simone Margaritelli has released details about four zero-day vulnerabilities in the Common UNIX Printing System (CUPS) that can be abused by remote, unauthenticated attackers to achieve…

Read more →

SpyCloud released new hosted automation solution, SpyCloud Connect, which delivers custom-built automation workflows to Information Security (InfoSec) and Security Operations (SecOps) teams. The solution enables rapid automation of SpyCloud’s suite of identity threat protection products with a vast array of…

Read more →

AuditBoard announced extensions to its modern connected risk platform to help teams improve efficiency, foster collaboration, and increase the rigor and intentionality of their GRC management programs. Available immediately, these functionalities include: AuditBoard analytics enhancements include nine new out-of-the-box workflows…

Read more →

Tosint is an open-source Telegram OSINT tool that extracts useful information from Telegram bots and channels. It’s suited for security researchers, investigators, and others who want to gather insights from Telegram sources. Several law enforcement agencies utilize Tosint to gather…

Read more →

IoT devices have become integral to how many organizations operate. From Smart TVs in conference rooms to connected sensors and wireless security cameras, these connected devices are now a fixture in the modern workplace. They also, however, present a real…

Read more →

In this Help Net Security interview, Nadir Izrael, CTO at Armis, discusses how AI has transformed cyberwarfare by amplifying attacks’ scale and sophistication. Izrael emphasizes the need for AI-powered defenses and proactive cybersecurity strategies to combat these evolving threats. How…

Read more →

iOS 18 allows you to lock and hide apps to protect the information within them by requiring Face ID, Touch ID, or your passcode for access, while also concealing the content from searches, notifications, and various areas throughout the system.…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Absolute, ArmorCode, Bitdefender, Guardsquare, Malwarebytes, NETGEAR, and Nudge Security. Bitdefender debuts GravityZone PHASR, enhancing security through user behavior analysis GravityZone PHASR enables security teams to…

Read more →

Zilla Security launched AI-powered modern IGA platform, which includes Zilla AI Profiles and significantly enhanced provisioning capabilities. These innovations tackle the long-standing challenge of managing hundreds of roles or group membership rules to give users job-appropriate access. The cloud has…

Read more →

Active Directory (AD), Microsoft’s on-premises directory service for Windows domain networks, is so widely used for enterprise identity and access management that compromising it has become almost a standard step in cyber intrusions. “Active Directory is susceptible to compromise due…

Read more →

DoControl released a security product suite for Google Workspace, designed to protect data, identities, configurations, and third-party connected apps. DoControl’s SSPM provides Google Workspace customers with security capabilities that are not offered by Google’s built-in security ecosystem. Adopted by top…

Read more →

Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety vulnerabilities, despite old code (written in C/C++) not having been rewritten. The number of memory safety…

Read more →

Salt Security announced its integration with Google Cloud‘s Apigee API Management platform. With this technical collaboration, customers can discover all of their APIs, including shadow and deprecated APIs, apply posture rules, uncover areas of non-compliance, and stop API-based attacks at…

Read more →

Deep-learning models have found applications across various industries, from healthcare diagnostics to financial forecasting. However, their high computational demands often require powerful cloud-based servers. This dependency on cloud computing raises notable security concerns, particularly in sensitive sectors like healthcare. Hospitals,…

Read more →

In July, Wall Street experienced its worst day since 2022, with the tech-focused Nasdaq falling by 3.6%. The downturn was largely triggered by what commentators suggest is the result of underwhelming earnings from some major tech companies. What’s notable is…

Read more →

Data privacy has become one of the most pressing challenges of our time, but it didn’t happen overnight. The proliferation of data collection, coupled with the rise of advanced technologies like artificial intelligence and machine learning, has made it easier…

Read more →

In this Help Net Security interview, Andrius Buinovskis, Head of Product at NordLayer, discusses how organizations can assess their compliance management and ensure they meet regulatory requirements. Buinovskis also addresses the challenges of managing multiple frameworks and offers strategies for…

Read more →

The presence of any data relating to an organization on the dark web demonstrably increases its risk of a cyber attack, according to Searchlight Cyber. Dark web insights and breach correlation Marsh McLennan Cyber Risk Intelligence Center analyzed the dark…

Read more →

Malwarebytes introduced its latest consumer product, Personal Data Remover, designed to protect user privacy by assisting users with the deletion of personal information from data broker databases and people search sites. This new solution offers regular monitoring to ensure individuals’…

Read more →

Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are now public. “When assessing…

Read more →

Onapsis announced new capabilities for its flagship solutions, Onapsis Defend and Onapsis Assess, designed to secure the SAP Business Technology Platform (SAP BTP). As more customers adopt SAP S/4HANA cloud and move to RISE with SAP, SAP BTP provides a…

Read more →

Tamnoon announced it has raised $12 million in Series A funding. The round was led by cybersecurity investment firm Bright Pixel Capital (formerly Sonae IM), with participation by new investors Blu Ventures and Mindset Ventures as well as existing investors…

Read more →

CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities catalog, thus…

Read more →

Portnox announced support for Microsoft External Authentication Methods (EAM) for its Conditional Access for Applications solution. This new integration extends Portnox’s commitment to delivering phishing-resistant passwordless authentication with risk-based assessment and compliance validation for enterprise applications. Microsoft’s EAM capability allows users…

Read more →

Nudge Security unveiled an automated SaaS spend discovery capabilities, building on the company’s patented approach to SaaS discovery to include analysis and insights into previously unknown SaaS spend. At a time when organizations are trying to rationalize app estates to…

Read more →

ManageEngine announced a significant upgrade to its flagship IT analytics solution, Analytics Plus. Version 6.0 introduces Spotlight, a contextual recommendations engine powered by AI, designed to identify key inefficiencies in IT operations and suggest corrective strategies. The 2023 State of…

Read more →

NETSCOUT announced enhancements to its nGenius Enterprise Performance Management solution, which includes a new notification center that helps streamline and automate alerts and contextual workflows to identify and resolve problems faster. Secured Reliable Transport (SRT) was added to support live…

Read more →

Bitwarden announced further enhancements to inline autofill capabilities within the Bitwarden browser extension. Following the recent addition of autofill for cards and identities, this update ensures seamless autofill of passkeys, providing a faster, more secure, and convenient way for users…

Read more →

OneTrust announced new capabilities to help organizations enhance resilience across the financial sector and operationalize compliance with the EU’s Digital Operational Resilience Act (DORA). Building upon its comprehensive OneTrust Third-Party Management solution, OneTrust will now offer first-to-market capabilities such as…

Read more →

Commvault announced it will acquire Clumio, a technology leader in data protection for critical cloud data in AWS. This transaction enables Commvault to leverage Clumio’s AWS offerings to provide cyber resilience to next generation applications built on AWS. Clumio serves…

Read more →

In this Help Net Security interview, John Yeoh, Global VP of Research at CSA, discusses the growing security challenges posed by non-human identities (NHIs). With NHIs now outnumbering human identities by 20 to 1, organizations are struggling to secure these…

Read more →

NetAlertX is an open-source Wi-Fi/LAN intruder detection tool that scans your network for connected devices and alerts you when new or unknown devices are detected. It provides visibility into your network activity to help you monitor unauthorized access. “NetAlertX comes…

Read more →

CISO Guardz | Israel | Hybrid – View job details As a CISO, you will develop and implement security policies and procedures to enhance the security of the company’s IT environment. Develop, implement, and maintain a comprehensive information security strategy…

Read more →

Compromised identities have been a central component of countless costly breaches this year, according to Red Canary. Rise in identity and cloud-native attacks While most of the threats and techniques identified in the 2024 report remain consistent with the midyear…

Read more →

35% of employees lack confidence that they have the skills required to succeed in their roles, according to Skillsoft. Additionally, 41% expressed concerns about job security due to gaps in their skills. Leadership skills rank highest for workplace success Surveyed…

Read more →

Osano announced advanced capabilities within its platform, including tighter integration of its data mapping and assessment modules and powerful reporting and risk management capabilities. Privacy teams are often under-resourced and overwhelmed by manual work. According to the IAPP-EY Privacy Governance…

Read more →

Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever new trick. How the attack unfolds According to Proofpoint threat researchers, the attackers start by compromising email…

Read more →

Arlo Technologies announced Arlo Secure 5, the next generation of smart home security powered by Arlo Intelligence (AI). Arlo’s new proprietary AI technology introduces a suite of features such as custom detections, vehicle recognition and person recognition. Arlo Secure 5…

Read more →

Cloudflare announced a new service to verify the integrity of public keys in the end-to-end encryption of popular messaging applications. When using end-to-end encryption messaging applications, a public-private key exchange encrypts messages to protect against an outside party intercepting messages.…

Read more →

KELA launched Identity Guard, the first line of defense to help combat the #1 cause of data breaches – compromised corporate assets and identities. Identity Guard is a critical module of KELA’s threat intelligence platform, already in use by hundreds…

Read more →

NETGEAR expanded its Nighthawk WiFi 7 standalone router line to include the new RS600, RS500, and RS200. The lineup of Nighthawk routers is built on the company’s promise to deliver the latest WiFi 7 technology combined with powerful WiFi performance…

Read more →

A poorly executed “handover” of US-based Kaspersky customers has led some users to panic when software named UltraAV popped up on their computers without any action on their part. What happened? Earlier this year, for national security reasons, the US…

Read more →

NetApp announced enhancements to its portfolio of cyber resiliency offerings to strengthen security for customers. NetApp is announcing the general availability of its NetApp ONTAP Autonomous Ransomware Protection with AI (ARP/AI) solution, with 99% accuracy for detecting ransomware threats. Customers…

Read more →

Absolute Security announced AI Threat Insights. This new AI-powered threat detection capability is now available through the Absolute Secure Access Security Service Edge (SSE) offering. With the AI Threat Insights module activated, customers using Absolute to continuously monitor all network…

Read more →

HPE announced the expansion of HPE Aruba Networking Central, its security-first, AI-powered network management solution, with new AI insights and capabilities that include integration of OpsRamp for third-party network device monitoring of industry vendors such as Cisco, Juniper Networks, and…

Read more →

NICE Actimize launched AI-powered Fraud Investigations solution that facilitates end-to-end fraud management capabilities from detection to investigations. Explicitly designed to enable fraud investigations post detection, the new solution helps financial institutions save both time and money with its automated workflow…

Read more →

Telegram will start handing over the IP addresses and phone numbers of users who violate their Terms of Service “to relevant authorities in response to valid legal requests”, Telegram founder and CEO Pavel Durov has announced on Monday. This is…

Read more →

Guardsquare announced an innovative, guided approach to mobile application security that empowers teams to achieve the highest level of protection – now in the easiest possible way. Mobile development teams are now able to achieve a fully protected app in…

Read more →

ArmorCode announced the expansion of its platform with the launch of two new modules for Penetration Testing Management and Exceptions Management. Alongside AI-powered Correlation and Remediation, these modules further advance ArmorCode’s leading platform capabilities to reduce the time, effort, and…

Read more →

Recent reports underscore increased fraud losses driven by both old methods and new technologies. As fraudsters exploit advancements in AI and other sophisticated tools, their methods have become more difficult to combat. From AI-driven scams and sophisticated phishing attacks to…

Read more →

In this Help Net Security interview, Jon France, CISO at ISC2, discusses cybersecurity workforce growth. He outlines organizations’ challenges, such as budget constraints and limited entry-level opportunities. France also points to the urgent need to upskill current employees and adopt…

Read more →

Companies across industries are seeing more bot-driven attacks, both basic and advanced, according to DataDome. An analysis of over 14,000 websites uncovered alarming gaps in protection against cyber fraud, particularly within consumer-centric industries. E-commerce and luxury industries are prime targets…

Read more →

Over the past decade, ransomware has been cemented as one of the top cybersecurity threats. In 2023 alone, the FBI received 2,385 ransomware complaints, resulting in over $34 million in losses. To help businesses combat ransomware and other threats, various…

Read more →

Ransomware is seen as the biggest cybersecurity threat across every industry, with 75% of organizations affected by ransomware more than once in the past 12 months – a jump from 61% in 2023, according to SpyCloud. Session hijacking surges as…

Read more →

RightCrowd announced significant advancements in its product portfolio with the launch of enhanced RightCrowd SmartAccess platform, the broadest set of mobile credential capabilities with expanded partnerships with Wavelynx, HID, and Sentry, and reinforced visitor management features. These developments mark a…

Read more →

Cloudflare announced AI Audit, a set of tools to help websites of any size analyze and control how their content is used by AI models. For the first time, website and content creators will be able to quickly and easily…

Read more →

Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. What is hotpatching? “Hotpatching has been around for years in Windows Server 2022 Azure…

Read more →

More often than not, a cyber attack or a cyber incident that results in business disruption will spur organizations to make changes to improve their cybersecurity and cyber resilience – and sometimes that means changing cybersecurity providers. The recent massive…

Read more →

Bitdefender has unveiled Bitdefender GravityZone Proactive Hardening and Attack Surface Reduction (PHASR), a technology that transforms how defense-in-depth-security is applied and managed across businesses. GravityZone PHASR analyzes individual user behavior such as application use, resource privileges, and others, clustering users…

Read more →

Certainly is an open-source offensive security toolkit designed to capture extensive traffic across various network protocols in bit-flip and typosquatting scenarios. Built-in protocols: DNS, HTTP(S), IMAP(S), SMTP(S). “The reason why we created Certainly was to simplify the process of capturing…

Read more →

Paid maintainers are 55% more likely to implement critical security and maintenance practices than unpaid maintainers and are dedicating more time to implementing security practices like those included in industry standards like the OpenSSF Scorecard and the NIST Secure Software…

Read more →

In this Help Net Security interview, Christopher Jones, Chief Technology Officer and Chief Data Officer at Nightwing, talks about some key misconceptions and complexities surrounding offensive cyber operations. Many myths stem from a simplistic view of these operations, ranging from…

Read more →

The cyber insurance market is set for explosive growth as organizations increasingly seek financial protection against rising cyber threats. This surge in demand reflects a broader shift in how businesses approach risk management, viewing cyber insurance not just as an…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Critical VMware vCenter Server bugs fixed (CVE-2024-38812) Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a…

Read more →

Resecurity announced that it has joined the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. Continue ReadingAs an innovator in cybersecurity, Resecurity brings its expertise…

Read more →

Opnova announced its official launch, introducing an agentic AI platform designed to close the automation gap in complex operational workflows. Backed by $3.75 million in pre-seed funding co-led by Faber, ScaleX, and Preface Ventures, Opnova is set to redefine IT…

Read more →

In this Help, Net Security interview, Michael Oberlaender, ex-CISO, and book author, discusses how to strike the right balance between security and operational efficiency. Oberlaender advises companies starting their cybersecurity journey and stresses the importance of aligning with various frameworks.…

Read more →

Bad bot traffic continues to rise year-over-year, accounting for nearly a third of all internet traffic in 2023. Bad bots access sensitive data, perpetrate fraud, steal proprietary information, and degrade site performance. New technologies are enabling fraudsters to strike faster…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from anecdotes, F5 Networks, Gcore, Rapid7, Strivacity, and Veritas Technologies. Veritas unveils AI-driven features to simplify cyber recovery Veritas Technologies unveiled new AI-driven capabilities to further…

Read more →

As the priority for managing digital identities intensifies, organizations are encountering severe identity security risks. Recent findings indicate that many businesses are struggling with frequent breaches and inadequate security measures, particularly concerning machine identities. Despite increased efforts and awareness, issues…

Read more →

Nextcloud has launched Nextcloud Hub 9, a significant update to its open-source cloud-based collaboration platform. It introduces several new features to improve user experience, performance, and security. Enhanced security in Nextcloud Hub 9 Nextcloud Hub 9 lets you strengthen your…

Read more →

Zenity announced an agent-less security solution for Microsoft 365 Copilot with the Zenity AI Trust Layer. With this product launch, Zenity is continuing to empower its customers to confidently and securely unleash business enablement. Microsoft 365 Copilot is embedded across the…

Read more →

For a while now, security researchers have been warning about fake human verification pages tricking Windows users into inadvertently installing malware. A recently exposed campaign showed how some users end up on these pages. Beware of fake human verification pages…

Read more →

Picus Security announced it has closed a $45 million growth investment round led by Riverwood Capital with the participation of existing investor Earlybird Digital East Fund, bringing Picus’ total funds raised to $80 million. Picus has over 500 enterprise customers…

Read more →

Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access to the virtual appliance. “Once an attacker has gained an authenticated…

Read more →

Juniper Networks announced several key enhancements to its AI-Native Networking Platform that enable customers and partners to take full advantage of the emerging 802.11be amendment (Wi-Fi 7), which promises higher throughput, lower latency, extended range and greater reliability than previous…

Read more →

Forescout announced its new SaaS Operational Technologies (OT) solution. Forescout for OT Security is a security solution that allows organizations to secure complex, heterogeneous OT, IoT/IoMT, and IT environments whether they are fully in cloud, completely air-gapped, or hybrid. Forescout…

Read more →

A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director Chris Wray confirmed on Wednesday. “We executed court-authorized operations to take control…

Read more →

Tenable launched Tenable Enclave Security, a solution that supports the needs of customers operating in highly secure environments, such as those that are classified or otherwise air-gapped. Backed by Tenable Security Center, Tenable Enclave Security protects IT assets and modern…

Read more →

Strivacity released Strivacity AI Assist, a new “smart assistant” powered by GenAI that makes it easier to manage and secure digital identities across business-to-business (B2B) and business-to-consumer (B2C) use cases. Building on Strivacity’s machine learning capabilities for fraud detection, Strivacity…

Read more →

Edera announced it has raised $5 million in a seed round led by 645 Ventures and Eniac Ventures with participation from FPV Ventures, Generationship, Precursor Ventures and Rosecliff Ventures. Angel investors include Joe Beda, Filippo Valsorda, Mandy Andress, Jeff Behl…

Read more →

With the adoption of digital wallets and the increasing embedding of consumer digital payments into daily life, ensuring security measures is essential. According to a McKinsey report, digital payments are now mainstream and continually evolving, bringing advancements and new data…

Read more →

In the push for secure AI models, many organizations have turned to differential privacy. But is the very tool meant to protect user data holding back innovation? Developers face a tough choice: balance data privacy or prioritize precise results. Differential…

Read more →

Data breach episodes have been constantly rising with the number of data breach victims crossing 1 billion in the first half of 2024. A recent Data Breach Report 2023 by Verizon confirms that 74% of data breaches are due to…

Read more →

In this Help Net Security interview, Alex Spivakovsky, VP of Research & Cybersecurity at Pentera, discusses essential metrics for evaluating the success of security programs. Spivakovsky explains how automation and proactive testing can reveal vulnerabilities and improve overall security posture.…

Read more →

92% of security leaders have concerns about the use of AI-generated code within their organization, according to Venafi. Tension between security and developer teams 83% of security leaders say their developers currently use AI to generate code, with 57% saying…

Read more →

Firms in the construction industry are getting breached by hackers via internet-exposed servers running Foundation accounting software, Huntress researchers are warning. “We’re seeing active intrusions among plumbing, HVAC, concrete, and similar sub-industries,” they noted. A way into corporate networks Ohio-based…

Read more →

Komodor announced Klaudia, a GenAI agent for troubleshooting and remediating operational issues, as well as optimizing Kubernetes environments. Integrated within the Komodor Kubernetes Management Platform, Klaudia simplifies and accelerates root-cause analysis, empowering both platform and application teams with precise diagnostics…

Read more →

Another encrypted communication platform used by criminals has been dismantled and its alleged mastermind arrested, the Australian Federal Police has announced on Tuesday. “AFP Operation Kraken charged a NSW man, aged 32, for creating and administering Ghost, a dedicated encrypted…

Read more →

Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a specially crafted network packet, and could lead to remote code execution (CVE-2024-38812) or privilege escalation (CVE-2024-38813). “Broadcom is not currently aware of…

Read more →

Fivetran announced Hybrid Deployment, a new solution that allows customers to securely run data pipelines within their own environment from the Fivetran managed platform, providing a single control plane to manage all data sources, whether they are cloud-based SaaS apps…

Read more →

PlainID announces the PlainID Authorizer for Zscaler, available via PlainID SaaS Authorization Management, centralizes policy management for Zscaler and SaaS applications and tools. Zscaler and other SASE (Secure Access Service Edge) solutions have made significant strides in integrating identity-aware controls…

Read more →

Rapid7 has unveiled Vector Command, a fully-managed offensive security service. Vector Command combines the external attack surface assessment capabilities of Rapid7’s recently launched Command Platform with continuous Red Teaming services by its internal experts to help customers identify and validate…

Read more →

Intezer announced that it has raised $33 million in Series C funding, bringing its total capital raised to $60 million. The funding round was led by Norwest Venture Partners, with participation from all existing investors, including Intel Capital, OpenView, Magma,…

Read more →