Tag: Help Net Security

Europol has supported the dismantling of a sophisticated criminal network responsible for facilitating large-scale online fraud. In an operation led by the Hanover Police Department (Polizeidirektion Hannover) and the Verden Public Prosecutor’s Office (Staatsanwaltschaft Verden) in Germany, and supported by…

Read more →

Mitek announced Digital Fraud Defender (DFD), an advanced, multi-layered solution to safeguard digital identity verification processes against sophisticated AI-enabled fraud tactics. Designed for financial institutions, fintech, online gaming providers, and enterprises requiring remote identity verification, the new suite addresses the…

Read more →

Bitdefender announced enhancements to its GravityZone XDR platform with the addition of its new Business Applications sensor, designed to protect corporate data hosted and stored in cloud-based productivity and collaboration applications. The sensor will initially support Atlassian cloud applications including…

Read more →

A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr researcher Sonny Macdonald has disclosed, and followed up by releasing a proof-of-concept (PoC) exploit that chains together this zero-day file…

Read more →

Netography announced new ransomware detection capabilities that enable organizations to respond to malicious activity in real-time before it disrupts operations or threatens business continuity. These AI-powered enhancements enable Fusion customers to close the network observability and security gaps caused by…

Read more →

Middesk introduced Address Risk Insights, a critical new addition to its core Know Your Business (KYB) product Verify and its recently introduced risk scoring Signal product. A first for the KYB space, Address Risk Insights helps companies assess the risk…

Read more →

FBI and Cybersecurity and Infrastructure Security Agency (CISA) officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors that have – and will – burrow into the networks and systems of US…

Read more →

FBI and Cybersecurity and Infrastructure Security Agency (CISA) officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors that have – and will – burrow into the networks and systems of US…

Read more →

SurePath AI launched SurePath AI Discover, a new offering that provides visibility into a company’s employee use of public AI services. By classifying AI use by intent and identifying sensitive data violations, companies can better understand the volume, use case,…

Read more →

Even the brightest minds benefit from guidance on the journey to success. The Ultimate Guide to the CCSP covers everything you need to know about the world’s leading cloud security certification. Learn how CCSP – and ISC2 – can help…

Read more →

LogicGate introduced the Governance, Risk, and Compliance (GRC) Program Value Realization Tool, available to customers through the Risk Cloud platform. This new tool provides visibility into the financial value of GRC by automatically tracking key program initiatives in real-time. These…

Read more →

Tenable released Tenable Patch Management, an autonomous patch solution built to close vulnerability exposures in a unified solution. A strategic partnership and integration with Adaptiva, a global leader in autonomous endpoint management, provides the foundation of the solution. Vulnerability remediation…

Read more →

As the era of quantum computing draws closer, businesses face a new and unprecedented threat to data security: “Q-day.” This looming turning point—when quantum machines can break traditional encryption with ease—has the potential to upend cybersecurity, rendering current encryption ineffective.…

Read more →

As the tokenized economy expands, the digital landscape is reshaped by decentralized systems and new forms of asset ownership. In this Help Net Security video, Jeremy Bradley, COO of Zama, explores the emerging privacy-preserving technologies that can help solve this…

Read more →

In this Help Net Security interview, Piotr Kijewski, CEO of The Shadowserver Foundation, discusses the organization’s mission to enhance internet security by exposing vulnerabilities, malicious activity, and emerging threats. Kijewski explains the foundation’s automated efforts to track and disrupt cybercrime,…

Read more →

A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player supply chain compromise, this attack was reportedly made possible due to compromised (phished)…

Read more →

A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results of the hunt Earlier this year, iVerify added a threat…

Read more →

AttackIQ announced AttackIQ Flex 3.0, agentless security control validation that integrates natively with Splunk to deliver a fully seamless user experience. A growing need for efficient and accurate threat detection As cyber threats grow more sophisticated, organizations are struggling to…

Read more →

Fortinet announced FortiAppSec Cloud, a new cloud-delivered platform that integrates key web application security and performance management tools into a single offering. The platform streamlines web and API security, advanced bot defense, and global server load balancing, among other capabilities,…

Read more →

Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for enterprises. CVE-2024-8785 and the PoC exploit CVE-2024-8785 stems from the incorrect use of a privileged…

Read more →

Password policies are a cornerstone of cybersecurity for any organization. A good password policy ensures every end user has a strong and unique password, significantly reducing the risk of unauthorized access and data breaches. These policies not only protect sensitive…

Read more →

A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results of the hunt Earlier this year, iVerify added a “Mobile…

Read more →

HiddenLayer launched Automated Red Teaming solution for artificial intelligence, a transformative tool that enables security teams to rapidly and thoroughly assess generative AI system vulnerabilities. The addition of this new product extends HiddenLayer’s AISec platform capabilities to include Automated Red…

Read more →

HP announced HP Enterprise Security Edition, a suite of security capabilities designed to enhance the physical security of HP business class PCs. HP Enterprise Security Edition includes multilayered safeguards to protect PC hardware and firmware from targeted physical attacks, while…

Read more →

Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Compromised devices are predominantly located in the US and India, the nonprofit says. Manual and…

Read more →

An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide has revealed an active network of such companies originating in China. Unearthing North Korean IT front…

Read more →

Law enforcement unsealed criminal charges against five alleged members of Scattered Spider, who allegedly targeted employees of companies nationwide with phishing text messages and then used the harvested employee credentials to log in and steal non-public company data and information…

Read more →

Cyber crooks are trying out an interesting new approach for getting information-stealing malware installed on Android users’ smartphones: a physical letter impersonating MeteoSwiss (i.e., Switzerland’s Federal Office of Meteorology and Climatology). “The letter asks the recipients to install a new…

Read more →

Hijacking domains using a ‘Sitting Ducks attack’ remains an underrecognized topic in the cybersecurity community. Few threat researchers are familiar with this attack vector, and knowledge is scarce. However, the prevalence of these attacks and the risk to organizations are…

Read more →

Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration tool, CISA has confirmed on Thursday. About the vulnerabilities (CVE-2024-9463, CVE-2024-9465) CVE-2024-9463 allows unauthenticated attackers to run arbitrary OS commands as root…

Read more →

Oscilar unveiled its Cognitive Identity Intelligence Platform to combat the rising tide of AI-powered fraud. The platform’s proprietary “Digital & Behavior Identification” technology transforms digital identity verification in an era where traditional solutions are increasingly vulnerable to sophisticated AI-enabled attacks.…

Read more →

USX Cyber released advanced phishing protection tools within its GUARDIENT XDR platform. This latest enhancement enables organizations to strengthen defenses against sophisticated phishing attacks by providing employees with realistic training and heightened awareness of phishing threats. Phishing attacks are growing increasingly…

Read more →

Bitsight announced it has signed a definitive agreement to acquire Cybersixgill, a global cyber threat intelligence (CTI) data provider. Together, Bitsight and Cybersixgill will provide visibility into an organization’s external attack surface, supply chain, and the threats targeting it. As…

Read more →

IBM announced Autonomous Security for Cloud (ASC), an AI-powered solution from IBM Consulting designed to automate cloud security management and decision-making to help mitigate risk for organizations accelerating their cloud journey on Amazon Web Services (AWS) environments. Highlighted in IBM’s…

Read more →

In this Help Net Security interview, Tony Perez, CEO at NOC.org, discusses the role of continuous monitoring for real-time threat detection, the unique risks posed by APIs, and strategies for securing web applications. Perez also addresses how AI-driven threats are…

Read more →

Finance and insurance sectors found to have the highest number of critical vulnerabilities, according to Black Duck. Finance and insurance industry faces highest vulnerabilities The report, which analyzes data from over 200,000 dynamic application security testing (DAST) scans conducted by…

Read more →

In this Help Net Security video, Venkat Gopalakrishnan, Principal Data Science Manager at Microsoft, discusses the development of AI-driven risk scoring models tailored for cybersecurity threats, and how AI is revolutionizing risk assessment and management in cybersecurity. The post Using…

Read more →

NIST’s latest report, “Hardware Security Failure Scenarios: Potential Hardware Weaknesses” (NIST IR 8517), explores the hidden vulnerabilities in computer hardware, a domain often considered more secure than software. The report highlights how hardware flaws embedded in chip designs can lead…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Absolute Security, BlackFog, Eurotech, Nirmata, Rakuten Viber, Syteca, and Vectra. Eurotech ReliaGATE 15A-14 enables organizations to meet regulatory standards The ReliaGATE 15A-14 combines flexible feature…

Read more →

The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but has admitted that their initial estimate of when they would finish the job was “optimistic”. About the…

Read more →

Google has announced new security features for Android that provide real-time protection against scams and harmful apps. These features, powered by advanced on-device AI, enhance user safety without compromising privacy. These new security features are available first on Pixel and…

Read more →

Versa introduced the VersaONE Universal SASE Platform to enhance security and networking capabilities across WAN, LAN, data centers, and cloud. Powered by AI, VersaONE delivers converged SASE, SSE, SD-WAN, and SD-LAN products via a unified platform to securely connect all…

Read more →

After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part…

Read more →

Red Hat announced Red Hat Enterprise Linux 9.5. Red Hat Enterprise Linux helps organizations deploy applications and workloads more quickly and with greater reliability, enabling them to lower costs and more effectively manage workloads across hybrid cloud deployments while mitigating…

Read more →

CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on November 2024 Patch Tuesday, has been exploited since at least April 2024, ClearSky researchers have revealed. About the vulnerability CVE-2024-43451 affects all supported Windows versions and, when triggered,…

Read more →

A joint report by leading cybersecurity agencies from the U.S., UK, Canada, Australia, and New Zealand has identified the most commonly exploited vulnerabilities of 2023. Zero-day vulnerabilities on the rise The advisory highlights that malicious cyber actors increasingly targeted zero-day…

Read more →

In this Help Net Security interview, Arun Gupta, Vice President and General Manager for Open Ecosystem, Intel, discusses the company’s commitment to fostering an open ecosystem as a cornerstone of its software strategy. He explains how this approach empowers developers…

Read more →

Google Cloud unveiled its Cybersecurity Forecast for 2025, offering a detailed analysis of the emerging threat landscape and key security trends that organizations worldwide should prepare for. The report delivers insights into the tactics of cyber adversaries, providing advice for…

Read more →

Security leaders feel under increasing pressure to provide assurances around cybersecurity, exposing them to greater personal risk – yet many lack the data and resources to accurately report and close cybersecurity gaps, according to Panaseer. The report analyses the findings…

Read more →

In this Help Net Security video, David Cottingham, President of rf IDEAS, discusses what he sees as the most prominent areas for improvement and continued change in the space: As we move into 2025, it’s evident that businesses recognize MFA…

Read more →

Vectra AI announced the extension of the Vectra AI Platform to include comprehensive coverage for customers’ Microsoft Azure environments. With the addition of over 40 unique attacker behavior detections for Microsoft Azure, Vectra AI now delivers over 100 AI-driven attacker…

Read more →

Absolute Security launched Enterprise Edition, combining the new Safe Connect for Secure Access and Comply Module for Secure Endpoint. With these innovations, Enterprise Edition is the comprehensive Security Service Edge (SSE) that can ensure only secure and compliant devices are…

Read more →

Cequence Security announced its new API Security Assessment Services. Designed to provide immediate, actionable insights into API security risks, these time-bound and fixed services leverage Cequence’s advanced Unified API Protection platform, enabling companies to identify and address security gaps within…

Read more →

Check Point Software’s latest threat index reveals a significant rise in infostealers like Lumma Stealer, while mobile malware like Necro continues to pose a significant threat, highlighting the evolving tactics used by cybercriminals across the globe. Last month researchers discovered…

Read more →

Researchers discovered GoIssue, a new phishing tool targeting GitHub users, designed to extract email addresses from public profiles and launch mass email attacks. Marketed on a cybercrime forum, GoIssue allows attackers to send bulk emails while keeping their identity hidden…

Read more →

Nirmata launched Nirmata Control Hub, a comprehensive platform designed to prevent misconfigurations and automate security through policy-as-code. As Artificial Intelligence (AI) accelerates the adoption of Kubernetes and cloud-native technologies, enterprises are increasingly facing security challenges due to the growing complexity…

Read more →

Rakuten Viber has launched new solutions to further protect communication on the platform. Businesses can now quickly authenticate users to enhance trust and reduce fraud, making interactions more secure. Verification messages provide a secure and seamless way to authenticate clients…

Read more →

Cisco introduces new intelligent, secure and assured wireless innovations, with smart Wi-Fi 7 access points and unified subscription licensing that can enable smart spaces out-of-the-box. These innovations empower customers to solve for their connectivity, security and assurance challenges, while also…

Read more →

It’s not just North Korean hackers who reach out to targets via LinkedIn: since at least September 2023, Iranian threat actor TA455 has been trying to compromise workers in the aerospace industry by impersonating job recruiters on the popular employment-focused…

Read more →

Splunk announced innovations across its expanded observability portfolio to empower organizations to build a leading observability practice. These product advancements provide ITOps and engineering teams with more options to unify visibility across their entire IT environment to drive faster detection…

Read more →

Keeping information secure is both a leading challenge and priority among B2B credit, collections and accounts receivables departments. It requires vigilance against scams like identity theft and hacks that intercept vital business and customer information in transit. Bectran has implemented…

Read more →

Syteca launched Account Discovery, a new feature within its Privileged Access Management (PAM) solution. This enhancement enables organizations to automatically detect and manage privileged accounts across their IT infrastructure, significantly reducing security risks associated with unmanaged access credentials. The new…

Read more →

In this Help Net Security interview, Daniel Schwalbe, CISO at DomainTools, discusses the intensifying regulatory demands that have reshaped CISO accountability and daily decision-making. He outlines the skill sets future CISOs need, their key priorities for 2025, and how increased…

Read more →

North American financial institutions fielded 10 times more reports of social engineering scams in 2024 than they did a year ago, according to BioCatch. The data shows scams now represent 23% of all digital banking fraud. Growing danger of deepfake…

Read more →

Whether you’re looking to enhance your existing cybersecurity skills or just beginning your journey in the field, cybersecurity offers a wide range of career opportunities. If you’re considering a career shift, exploring new job opportunities, or aiming to upgrade your…

Read more →

AI can expose your work secrets. The same goes for AI-generated content, which has revolutionized workplace productivity but comes with hidden risks. As more employees use AI models to streamline tasks—whether drafting reports, building code, or designing products, they may…

Read more →

November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (CVE-2024-43451, CVE-2024-49039) CVE-2024-43451 is…

Read more →

Druva announced support for Microsoft Dynamics 365 to help enterprises secure mission-critical data across Dynamics 365 Sales and Customer Service CRM modules. With support for Dynamics 365, Druva ensures customers can keep business-critical CRM data secure and maintain business operations…

Read more →

Akamai announced the Akamai App Platform, a ready-to-run solution that makes it easy to deploy, manage, and scale highly distributed applications. The Akamai App Platform is built on top of the cloud native Kubernetes technology Otomi, which Akamai acquired from…

Read more →

BlackFog launched its next generation enterprise platform to deliver even more powerful ransomware and insider threat prevention. BlackFog’s pioneering platform focuses specifically on anti data exfiltration to prevent unauthorized data from leaving a device, ensuring that an organization’s most sensitive…

Read more →

If you’re wondering whether your personal and financial data has been compromised in the massive Hot Topic breach, you can use two separate online tools to check: Have I Been Pwned? or DataBreach.com. Which data was compromised? News of a…

Read more →

F5 announced early access of F5 AI Gateway to streamline interactions between applications, APIs, and large language models (LLMs) driving enterprise AI adoption. This powerful containerized solution optimizes performance, observability, and protection capabilities—all leading to reduced costs. Integrated with F5’s…

Read more →

Zscaler announced a Zero Trust Segmentation solution to provide a more secure, agile and cost-effective means to connect users, devices, and workloads across and within globally distributed branches, factories, campuses, data centers, and public clouds. While traditional networks, including SD-WAN…

Read more →

Eurotech launches ReliaGATE 15A-14, a cybersecure modular edge gateway designed to meet the growing demand for secure, flexible, and globally deployable IoT solutions. Built to support a wide range of applications, the ReliaGATE 15A-14 accelerates IoT projects by simplifying compliance…

Read more →

Immersive Labs introduced AI Scenario Generator. This new capability enables organizations to generate threat scenarios for crisis simulations to ensure their workforces are ready for the latest threats. By inputting a few short prompts, customers can use the AI Scenario…

Read more →

A threat actor who goes by the online moniker “Nam3L3ss” has leaked employee data belonging to a number of corporations – including Amazon, 3M, HSBC and HP – ostensibly compromised during the May 2023 MOVEit hack by the Cl0p ransomware…

Read more →

Powerpipe is an open-source solution designed to streamline DevOps management with powerful visualization and compliance tools, making it simple to track, assess, and act on key data for smarter decision-making and continuous compliance monitoring. Dynamic dashboards and reports Powerpipe’s high-level…

Read more →

In this Help Net Security interview, Chris Wysopal, Chief Security Evangelist at Veracode, discusses strategies for CISOs to quantify application risk in financial terms. Wysopal outlines the need for continuous risk management practices and robust strategies to manage third-party software…

Read more →

It’s easy to see why identity security is often synonymous with user security. Social engineering tactics are the mainstay of the threat actor’s arsenal, and it’s rare to find an attack that doesn’t feature them to some degree. Getting hold…

Read more →

Cloud Security Lead CIÉ – Córas Iompair Éireann | Ireland | Hybrid – View job details As a Cloud Security Lead, you will ensure the security of CIE’s Azure environment by developing and implementing cloud security strategies and policies. You…

Read more →

Even the brightest minds benefit from guidance on the journey to success. The Ultimate Guide covers everything you need to know about Certified in Governance, Risk and Compliance (CGRC) certification. See how CGRC – and ISC2 – can help you…

Read more →

While the goal of cybersecurity regulations is to bring order among organizations and ensure they take security and risks seriously, the growing number of regulations has also introduced a considerable set of challenges that organizations and their leaders must address.…

Read more →

Microsoft followed their October precedent set with Windows 11 24H2 and announced Microsoft Server 2025 on the first of November. We were expecting the official announcement at Microsoft Ignite near the end of the month, but with the early release,…

Read more →

In this Help Net Security interview, Alex Freedland, CEO at Mirantis, discusses the cloud security challenges that CISOs need to tackle as multi-cloud and hybrid environments become the norm. He points out the expanded attack surfaces, the importance of consistent…

Read more →

Through their past military service, veterans are trained to think like adversaries, often share that mission-driven spirit and excel when working with a team to achieve a larger goal. They develop and champion the unique traits that cybersecurity companies need…

Read more →

10% of security researchers now specialize in AI technology as 48% of security leaders consider AI to be one of the greatest risks to their organizations, according to HackerOne. HackerOne’s report combines perspectives from the researcher community, customers, and security…

Read more →

Vulnerability management has been the standard approach to fending off cyber threats for years. Still, it falls short by focusing on a limited number of vulnerabilities, often resolving only 1% to 20% of issues. In 2024, with the average data…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION)…

Read more →

A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-5910 Unearthed and reported by Brian Hysell of…

Read more →

Mirantis launched Mirantis Harbor Registry Support and Mirantis KubeVirt Support offerings, providing support for managing container image registries and virtual machine workloads within any Kubernetes environment, irrespective of the underlying infrastructure or Kubernetes distribution. “For organizations seeking pure open-source deployments,…

Read more →

AppOmni announced a significant partnership that combines the company’s Zero Trust Posture Management (ZTPM) solution with Cisco’s Security Service Edge (SSE) technology suite to enable zero trust principles at the application layer in Security-as-a-Service (SaaS) applications. The combined solution provides…

Read more →

In a bold move, Apple has published a draft ballot for commentary to GitHub to shorten Transport Layer Security (TLS) certificates down from 398 days to just 45 days by 2027. The Apple proposal will likely go up for a…

Read more →

Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. The Rust-based container runtime scanner runs as a container, detecting gaps in users’ container runtime isolation. It also provides guidance to…

Read more →

In this Help Net Security video, David Cottingham, CEO of Airlock Digital, discusses the 2023-2030 Australian Cyber Security Strategy and reviews joint and individual cybersecurity efforts, progress, and strategies over the past year. The Australian Government’s 2023-2030 Cyber Security Strategy,…

Read more →

AI-enhanced malicious attacks are the top emerging risk for enterprises in the third quarter of 2024, according to Gartner. Key emerging risks for enterprises It’s the third consecutive quarter with these attacks being the top of emerging risk. IT vendor…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Atakama, Authlete, Symbiotic Security, and Zywave. Atakama introduces DNS filtering designed for MSPs Atakama announced the latest expansion of its Managed Browser Security Platform, introducing…

Read more →

Fortinet announced the expansion of GenAI capabilities across its product portfolio with the launch of two new integrations with FortiAI, Fortinet’s AI-powered security assistant that uses GenAI to guide, simplify, and automate security analyst activities. “Our commitment to AI innovation…

Read more →

Malwarebytes announced the acquisition of AzireVPN, a renowned privacy-focused VPN provider. Malwarebytes has long been a defender of user privacy through its portfolio of consumer solutions, including Malwarebytes Privacy VPN and its free ad and scam blocker web extension Malwarebytes…

Read more →

Drawbridge is debuting a real-time executive summary of a manager’s cyber risk program. The aim is to enable alternative investment managers (alts managers) to strengthen executive confidence in their firm’s cyber posture by working with their Drawbridge cybersecurity experts. General…

Read more →

AudioEye launched Accessibility Protection Status, a new benchmark in digital accessibility compliance that empowers businesses to achieve better transparency, clarity, and control over their digital accessibility efforts. With a more accurate representation of accessibility efforts beyond arbitrary numerical scores, the…

Read more →