This survey set out to explore these challenges, to identify common practices, and to provide insight into how organizations can bolster their defenses. Key findings from the survey include: Current authentication practices Authentication-related cyberattacks Security incidents and impact Password management…
Tag: Help Net Security
Fortanix Key Insight discovers and remediates data security risks in hybrid multicloud environments
Fortanix announced Key Insight, a new capability in the Fortanix Data Security Manager TM (DSM) platform designed to help enterprises discover, assess, and remediate risk and compliance gaps across hybrid multicloud environments. Data breaches lead to massive monetary losses, hefty…
Veracode’s latest innovations help developers enhance cloud-native security
Veracode announced product innovations to enhance the developer experience. The new features integrate security into the software development lifecycle (SDLC) and drive adoption of application security techniques in the environments where developers work. According to a recent study by analyst…
Trend Companion reduces time spent on manual risk assessments and threat investigations
Trend Micro launched its new generative AI tool, Trend Companion, designed to empower security analysts by driving streamlined workflows and enhanced productivity. “Stretched security operations teams are struggling with the sheer volume and complexity of threat data. Trend Companion is…
Released: AI security guidelines backed by 18 countries
The UK National Cyber Security Centre (NCSC) has published new guidelines that can help developers and providers of AI-powered systems “build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties.”…
Trellix accelerates threat detection and response with GenAI capabilities
Trellix announced its generative artificial intelligence (GenAI) capabilities, built on Amazon Bedrock and supported by Trellix Advanced Research Center. Amazon Bedrock is a fully managed service from AWS making foundation models (FMs) from leading AI companies accessible via an API…
PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)
A proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public. Users are advised to implement the provided patches or workarounds quickly. About CVE-2023-46214 Splunk Enterprise is a…
OpenSSL 3.2.0 released: New cryptographic algorithms, support for TCP fast open, and more!
OpenSSL is a full-featured toolkit for general-purpose cryptography and secure communication. The final version of OpenSSL 3.2.0 is now available. Major changes in OpenSSL 3.2.0 This release incorporates the following potentially significant or incompatible changes: The default SSL/TLS security level…
AWS Kill Switch: Open-source incident response tool
AWS Kill Switch is an open-source incident response tool for quickly locking down AWS accounts and IAM roles during a security incident. The solution includes a Lambda function and proof of concept client. You can either adopt this client or…
Why it’s the perfect time to reflect on your software update policy
The threat landscape is evolving by the minute, with both malicious actors and well-intentioned researchers constantly on the hunt for new attack vectors that bypass security controls and gain control of systems and applications. In fact, thousands of new vulnerabilities…