The responsibility of cyber incident response falls squarely on the shoulders of the CISO. And many CISOs invest heavily in technical response procedures, tabletop exercises and theoretical plans only to find out that when an actual breach strikes the organization…
Tag: Help Net Security
Chinese military-linked companies dominate US digital supply chain
Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to Bitsight. These organizations, many of which have been designated by the US Department of Defense as “Chinese Military…
How healthcare CISOs can balance security and accessibility without compromising care
In this Help Net Security interview, Sunil Seshadri, EVP and CSO at HealthEquity, talks about the growing risks to healthcare data and what organizations can do to stay ahead. He shares insights on vendor management, zero trust, and securing the…
70% of leaked secrets remain active two years later
Long-lived plaintext credentials have been involved in most breaches over the last several years, according to GitGuardian. When valid credentials, such as API keys, passwords, and authentication tokens, leak, attackers at any skill level can gain initial access or perform…
Most organizations change policies to reduce CISO liability risk
93% of organizations made policy changes over the preceding 12 months to address concerns about increased personal liability for CISOs, according to Fastly. This includes two in five organizations (41%) increasing CISO participation in strategic decisions at the board level.…
1Kosmos 1Key secures shared login environments and OT systems
1Kosmos announced 1Kosmos 1Key for shared account login environments. With FIDO-compliant biometric authentication, 1Kosmos 1Key addresses the pressing need for security, accountability, and auditability in settings where multiple users access shared accounts, such as operational technology (OT) systems, hospitality services,…
APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373)
State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for the last eight years, researchers with Trend Micro’s Zero Day Initiative have warned on…
Vanta unveils features and capabilities to strengthen security collaboration
Vanta announced a series of new features and capabilities to help security and GRC teams seamlessly collaborate across their organization and extended network. These releases—including team-based collaboration and granular user access, an integrated Vanta Exchange for vendor security reviews, enhanced…
Report: The State of Secrets Sprawl 2025
GitGuardian’s State of Secrets Sprawl 2025 report shows no progress in combating secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024—a 25% year-over-year increase. Despite GitHub Push Protection’s efforts, secrets sprawl is accelerating, especially with generic…
Elastic expands partnership with Tines to scale security operations
Elastic announced an expanded partnership with an integrated offering that includes Tines Workflow Automation and the Elastic Search AI Platform to simplify security and observability workflow automation. The partnership equips security teams with security orchestration, automation and response (SOAR) and…