Category: Help Net Security

Invicti API Security uncovers hidden and undocumented APIs

Invicti announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution. The growth of service-based architectures has driven an explosion in APIs, creating yet another expanding attack surface for security teams to address. As…

OpenText Cloud Editions 24.3 elevates human potential

OpenText announced its latest product innovations with Cloud Editions (CE) 24.3. This release represents a significant leap forward in integrating advanced information management capabilities, trusted cloud solutions, robust security measures, and AI to optimize data performance for simpler, but superior,…

Overlooked essentials: API security best practices

In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta recommends role-based access…

Cybersecurity jobs available right now: July 17, 2024

Adversary Emulation Team Member Australian Federal Police | Australia | On-site – View job details As an Adversary Emulation Team Member you will participate in testing and assessment activities in both domestic and international settings. You will gain exposure to…

Most GitHub Actions workflows are insecure in some way

Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose major risks The report found the GitHub Actions marketplace’s security posture to be especially concerning, with…

Harmonic Protect helps security teams secure sensitive data

Harmonic Security launched Harmonic Protect which empowers security teams with the tools to protect sensitive data without the headaches of labeling and complex rules. CISOs using Harmonic have coined it “zero-touch data protection” for its unique ability to protect vast…

Rezonate boosts security for both human and non-human identities

Rezonate unveiled unified coverage from human to non-human identity security (NHI) with comprehensive capabilities: identity inventory and visibility, security posture, compliance, and identity threat detection and response (ITDR). The platform is taking a unified approach to managing both human and…

GlobalSign updates ACME service to simplify domain management

GMO GlobalSign announced updates to its Automated Certificate Management Environment (ACME) service for internal domain certificates, enabling customers to issue GlobalSign IntranetSSL certificates through its ACME service. ACME is an internet protocol designed to enable enterprises to communicate with a…

Craig Boundy joins McAfee as President and CEO

McAfee announced the appointment of Craig Boundy as President and CEO, effective August 21, 2024. Boundy, a seasoned executive with over 25 years of leadership experience, joins McAfee from Experian where he served as the global Chief Operating Officer, and…

Managing exam pressure: Tips for certification preparation

In this Help Net Security interview, Seth Hodgson, SVP of Engineering at Udemy, discusses effective study techniques for cybersecurity certification exams. Hodgson discusses the role of study groups, online forums, and professional networks in certification preparation and shares strategies for…

Major data breaches that have rocked organizations in 2024

This article provides an overview of the major data breaches we covered in 2024 so far, highlighting incidents involving Trello, AnyDesk, France Travail, Nissan, MITRE, Dropbox, BBC Pension Scheme, TeamViewer, Advance Auto Parts, and AT&T. Find out what led to…

Firmware update hides Bluetooth fingerprints

A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user–until now. A team of researchers has developed a simple firmware update that can completely hide the Bluetooth fingerprint, eliminating the vulnerability. Bluetooth signals from mobile devices pose…

Paris 2024 Olympics to face complex cyber threats

While previous Olympic games have faced cybersecurity threats, the Games of the XXXIII Olympiad, also known as Paris 2024, will see the largest number of threats, the most complex threat landscape, the largest ecosystem of threat actors, and the highest…

Realm: Open-source adversary emulation framework

Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any size. “Realm is unique in its custom interpreter written in Rust. This allows us to write complex TTPs as code. With…

Discover the growing threats to data security

In this Help Net Security interview, Pranava Adduri, CEO at Bedrock Security, discusses how businesses can identify and prioritize their data security risks. Adduri emphasizes the necessity of ongoing monitoring and automation to keep up with evolving threats and maintain…

Forcepoint promotes Ryan Windham to CEO

Forcepoint announced the promotion of Ryan Windham, Chief Customer and Strategy Officer, to Chief Executive Officer (CEO), succeeding Manny Rivelo, who is retiring from his position as CEO of the company. These transitions will be effective immediately with Rivelo continuing…

How to design a third-party risk management framework

Most organizations focus on securing routers, servers, firewalls, and other endpoints, but threats can also arise from unfamiliar sources such as third-party networks, which can be used by hackers to attack an organization. Through a strong TPRM framework, companies gain…

Managing cyberattack fallout: Financial and operational damage

In this Help Net Security, Ashley Harrington, Director of Cybersecurity at Aspida, discusses the impact of cyberattack on business operations and financial health. Beyond immediate disruptions and financial burdens, cyber incident can severely damage a company’s reputation among customers and…

Top priorities for compliance leaders this year

Legal, compliance and privacy leaders list strengthening their personal impact on company strategy as their top priority for 2024, according to Gartner. Improving third party risk management (TPRM), and ensuring compliance programs can keep pace with fast-moving regulatory requirements are…

New infosec products of the week: July 12, 2024

Here’s a look at the most interesting products from the past week, featuring releases from AttackIQ, IT-Harvest, Pentera, Prompt Security, and Quantum Xchange. AttackIQ Mission Control simplifies security testing for distributed teams AttackIQ Mission Control enhances AttackIQ Enterprise BAS deployments…

Using Authy? Beware of impending phishing attempts

Do you use Authy for your multi-factor authentication needs? If you do, you should keep an eye out for phishing attempts, as well as implement defenses against SIM swapping attacks. What happened? On July 1, Twilio – the company that…

Prompt Security introduces GenAI security solution for MSSPs

Prompt Security announced its product and go-to-market support for Managed Security Service Providers (MSSPs). This strategic initiative has already resulted in partnerships with MSSPs across Europe, the Middle East, North America, and the Asia-Pacific region. These partnerships are aimed at…

How AI helps decode cybercriminal strategies

With terms like “AI washing” making their way into mainstream business consciousness, the hype surrounding AI is making it harder to differentiate between the true applications and empty promises of the technology. The quest for tangible business benefits is in…

Strengthening cybersecurity preparedness with defense in depth

In this Help Net Security interview, Chaim Mazal, Chief Security Officer at Gigamon, discusses cybersecurity preparedness measures for businesses, the impact of international inconsistencies on global operations, and the board’s role in cybersecurity. What are the top cybersecurity preparedness measures…

Travel scams exposed: How to recognize and avoid them

In this Help Net Security video, Aaron Walton, Threat Intel Analyst at Expel, discusses travel scams. For the past 18 months, the Expel SOC team has observed a campaign targeting administrative credentials for Booking.com. The attackers create phishing emails and…

Pentera updates RansomwareReady to secure Linux environments

Pentera announced a major update to its RansomwareReady product, enabling customers to proactively test the security of their Linux environments. With this addition, Pentera empowers organizations to adopt proactive measures against the world’s most pervasive and destructive ransomware strains across…

Mirantis OpenStack for Kubernetes 24.2 automates workload distribution

Mirantis announced Mirantis OpenStack for Kubernetes (MOSK) 24.2 with an exclusive dynamic resource balancer feature that automates workload distribution to solve hotspot and “noisy neighbor” problems. Now, MOSK automatically redistributes workloads within a cluster helping to balance resource consumption to…

Enzoic Global Partner Program helps combat dark web exposures

Enzoic has unveiled its Enzoic Global Partner Program to help organizations strengthen their security posture in response to the evolving cybersecurity landscape. Participants have access to Enzoic’s award-winning threat intelligence solutions which continuously monitor the dark web for newly exposed…

Diversifying cyber teams to tackle complex threats

Technologies such as GenAI, ML and IoT are giving threat actors new tools that make it easier to target consumers and organizations. From Savvy Seahorse which lures victims into investment scams, to a self-replicating AI worm that uses the likes…

BunkerWeb: Open-source Web Application Firewall (WAF)

BunkerWeb is an open-source Web Application Firewall (WAF) distributed under the AGPLv3 free license. The solution’s core code is entirely auditable by a third party and the community. “The genesis of BunkerWeb comes from the following problem: every time someone…

Cybersecurity jobs available right now: July 10, 2024

CISO HoneyBook | Israel | On-site – View job details As a CISO, you will develop and implement a multi-year security strategy and roadmap to anticipate and address security challenges in alignment with company growth objectives. Ensure that HoneyBook adheres…

Optiv MDR accelerates threat detection and response

Optiv has launched its managed detection and response service, Optiv MDR, on the Google Security Operations (SecOps) platform, enabling organizations to detect and respond to emerging threats with managed threat detection and response capabilities. Cybersecurity remains a top concern for…

Skillsoft partners with Microsoft to develop GenAI skilling program

Skillsoft announced a comprehensive generative AI (GenAI) skilling program developed in collaboration with Microsoft. Leveraging Skillsoft’s AI Skill Accelerator, the program upskills organizations and their workforce to effectively use Microsoft AI — including Copilot and Azure Open AI — and…

GuardZoo spyware used by Houthis to target military personnel

Lookout discovered GuardZoo, Android spyware targeting Middle Eastern military personnel. This campaign leverages malicious apps with military and religious themes to lure victims via social engineering on mobile devices. While researchers are still actively analyzing data, thus far, they have…

Chinese APT40 group swifly leverages public PoC exploits

Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns. The group, which is also known as Kryptonite…

Stellar Cyber Open XDR platform now supports BYODL

Stellar Cyber announced that the Stellar Cyber Open XDR platform now supports “Bring Your Own Data Lake” (BYODL). This seamless integration allows organizations that have standardized their data storage framework on Splunk, Snowflake, Elastic, or AWS security data lake, or…

Egnyte Copilot accelerates enterprise content collaboration

Egnyte launched Egnyte Copilot, its AI-driven assistant designed to accelerate and transform enterprise content collaboration. Egnyte Copilot enables Egnyte customers to start engaging in AI-powered conversations with their own private and trusted data through a simple, turnkey solution while keeping…

Outpost24 appoints Ido Erlichman as CEO

Outpost24 announced the appointment of Ido Erlichman as its new CEO, effective immediately. With over 20 years of experience in cyber security, technology and finance, Erlichman will bring a wealth of knowledge and a proven track record of leadership and…

Monocle: Open-source LLM for binary analysis search

Monocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries. Monocle can be provided with a binary and search criteria (authentication code, vulnerable code, password strings, etc.), and it will…

Infostealing malware masquerading as generative AI tools

Over the past six months, there has been a notable surge in Android financial threats – malware targeting victims’ mobile banking funds, whether in the form of ‘traditional’ banking malware or, more recently, cryptostealers, according to ESET. Vidar infostealer targets…

47% of corporate data stored in the cloud is sensitive

As the use of the cloud continues to be strategically vital to many organizations, cloud resources have become the biggest targets for cyberattacks, with SaaS applications (31%), cloud storage (30%) and cloud management infrastructure (26%) cited as the leading categories…

Organizations weigh the risks and rewards of using AI

78% of organizations are tracking AI as an emerging risk while simultaneously adopting the technology themselves, according to AuditBoard. Organizations prioritize AI risk assessment The report, based on a survey of over 400 security professionals in the US involved in…

New infosec products of the week: July 5, 2024

Here’s a look at the most interesting products from the past week, featuring releases from LogRhythm, NordVPN, Regula, and Scythe. LogRhythm’s enhancements boost analyst efficiency This quarter, LogRhythm is highlighting its Machine Data Intelligence (MDI) Fabric for the AI-ready Security…

4 key steps to building an incident response plan

In this Help Net Security interview, Mike Toole, head of security and IT at Blumira, discusses the components of an effective security incident response strategy and how they work together to ensure organizations can address cybersecurity issues. What are the…

Organizations use outdated approaches to secure APIs

Security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites, according to Cloudflare. The report underscores that the volume of threats stemming from issues…

Only 13% of organizations are cyber mature

A staggering 83% of organizations have suffered a material security breach recently, with over half occurring in the past year alone, underscoring the critical need for advanced preparedness and agile response strategies, according to Commvault. For security and IT professionals,…

Maintaining human oversight in AI-enhanced software development

In this Help Net Security, Martin Reynolds, Field CTO at Harness, discusses how AI can enhance the security of software development and deployment. However, increased reliance on AI-generated code introduces new risks, requiring human oversight and integrated security practices to…

Cybersecurity jobs available right now: July 3, 2024

CISO Atera | Israel | On-site – View job details The CISO will oversee our company’s information, cyber, and technology security and will have end to end full responsibility developing, implementing, and enforcing security policies, procedures, and protocols to protect…

Secator: Open-source pentesting Swiss army knife

Secator is an open-source task and workflow runner tailored for security assessments. It facilitates the use of numerous security tools and aims to enhance the efficiency of pen testers and security researchers. Secator features Curated list of commands Unified input…

Deepwatch appoints John DiLullo as CEO

Deepwatch announced that John DiLullo has been appointed as CEO, succeeding Charlie Thomas who is retiring and will serve as chairman of the Board of Directors, effective immediately. John DiLullo is a veteran of the cybersecurity industry with more than…

NordVPN File Checker protects users from infected files

NordVPN launches its third experimental product from the NordLabs platform. File Checker is an online tool that scans different types of files for malware and viruses. It helps to prevent malicious codes invading user’s devices through infected or corrupted files…