Tag: Help Net Security

Expel expands SIEM capabilities to meet mounting data storage needs

Expel announced expanded security information and event management (SIEM) coverage, including a new low-cost data lake offering, allowing customers to meet compliance and data storage requirements more effectively while strengthening their overall security posture. Additionally, Expel extended integration coverage and…

ActiveState accelerates secure software delivery

ActiveState launched its Vulnerability Management as a Service (VMaas) offering that revolutionizes how organizations manage open source and accelerates secure software delivery. ActiveState’s Vulnerability Management as a Service combines Application Security Posture Management (ASPM) and Intelligent Remediation capabilities with expert…

Ransomware payments plummet as more victims refuse to pay

Chainalysis’ latest report on how the ransomware landscape changed from 2023 to 2024 shows a promising trend: An increasing number of victims refuses to pay the ransom. The total volume of ransom payments decreased year-over-year by approximately 35%, the blockchain…

Corero Network Security unveils automated DDoS-aware resiliency

Corero Network Security announced new advancements in multi-site resiliency and intelligent traffic management, further strengthening its ability to deliver always-on DDoS protection. Designed to mitigate large-scale cyberattacks, operational failures, and data center outages, Corero’s solution eliminates single points of failure…

Suspected NATO, UN, US Army hacker arrested in Spain

The Spanish National Police has arrested a hacker suspected of having breached national and international agencies (including the United Nation’s International Civil Aviation Organization and NATO), Spanish universities and companies, and released stolen data on the dark web. The attacks…

Cyabra Insights protects against AI-driven digital disinformation

Cyabra introduces Insights, a new AI-feature designed to transform complex social media disinformation data into clear, actionable answers in seconds. False narratives, fake accounts, and AI-generated content are spreading faster than ever, costing businesses and governments billions annually and eroding…

How to customize Safari for private browsing on iOS

Apple’s Safari browser includes several features aimed at enhancing privacy while browsing the web. Two of the most notable privacy features are Intelligent Tracking Prevention (ITP) and Private Browsing mode. Intelligent Tracking Prevention (ITP) Intelligent Tracking Prevention (ITP) is a…

Enterprises invest heavily in AI-powered solutions

AI is driving significant changes in attack sources, with 88% of enterprises observing an increase in AI-powered bot attacks in the last two years, according to Arkose Labs. 53% said they have lost between $10 million to over $500 million…

SafeBreach exposure validation platform identifies security gaps

SafeBreach launched SafeBreach exposure validation platform, which combines the power of its time-tested breach and attack simulation (BAS) product—now called Validate—and its new attack path validation product, Propagate. Together, they provide enterprise security teams with deeper insight into threat exposure…

Swap EOL Zyxel routers, upgrade Netgear ones!

There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891, the company has confirmed. Meanwhile, Netgear has issued patches for critical flaws affecting its routers and wireless access points. Zyxel vulnerability: Exploited, no patches CVE-2024-40891, a command…

Satori provides visibility into data store risk levels

Satori announced its new capabilities, enabling security teams to be in control of all customer data across the development lifecycle in a simple, cost-effective, and holistic way. These capabilities automate the daunting tasks of discovering data, risk assessment, providing granular…

Atrinet URL Scanner helps comabat SMS phishing

Atrinet launched Atrinet URL Scanner, a solution designed to combat real-time SMS fraud. The solution combines Google Web Risk’s technology scanning capabilities with Atrinet’s telecom security expertise, enabling Communication Service Providers (CSPs) to safeguard subscribers, protect revenues, and build customer…

Dynatrace strengthens cloud security posture management

Dynatrace announced the expansion of its security portfolio with a new Cloud Security Posture Management (CSPM) solution. For enterprises managing complex hybrid and multi-cloud environments, Dynatrace CSPM can significantly enhance security, compliance, and resource-efficiency through continuous monitoring, automated remediation, and…

OpenNHP: Cryptography-driven zero trust protocol

OpenNHP is the open-source implementation of NHP (Network-resource Hiding Protocol), a cryptography-based zero trust protocol for safeguarding servers and data. OpenNHP offers the following benefits: Reduces attack surface by hiding infrastructure Prevents unauthorized network reconnaissance Mitigates vulnerability exploitation Stops phishing…

More destructive cyberattacks target financial institutions

Financial institutions will continue to be the ultimate targets for criminals and threat actors, as a successful attack offers a significant payoff, according to Contrast Security. Contrast Security has surveyed 35 of the world’s leading financial institutions to better understand…

The API security crisis and why businesses are at risk

In this Help Net Security video, Ivan Novikov, CEO of Wallarm, discusses the 2025 API ThreatStats Report, highlighting how APIs have become the primary attack surface over the past year, mainly driven by the rise of AI-related risks. Researchers identified…

Cycode Change Impact Analysis boosts application security posture

Cycode unveiled Change Impact Analysis (CIA) technology, a key addition to its Complete ASPM platform. This solution empowers organizations to proactively assess the security impact of every code change, enabling them to identify, prioritize, and remediate vulnerabilities faster and more…

Casio UK site compromised, equipped with web skimmer

Japanese electronics maker Casio has had its UK website injected with a web skimmer that collected buyers’ personal and payment card information, Jscrambler has discovered. The company says that the same skimmer has been added to at least seventeen (and…

Why logs aren’t enough: Enhancing SIEM with AI-driven NDR

Join cybersecurity expert Jonathan Mayled from 5-hour Energy as he uncovers the limitations of log-based SIEMs and the transformative role of AI-driven Network Detection and Response (NDR). Logs alone can’t deliver the visibility and context required to secure modern, hybrid…

Aim for crypto-agility, prepare for the long haul

While organizations have long experimented with various facets of digital transformation, the journey toward crypto-agility is one of the most significant technological transitions of our time. Success in the emerging quantum era will require technical expertise, strategic foresight, careful planning,…

What you can do to prevent workforce fraud

In this Help Net Security interview, Benjamin Racenberg, Senior Intelligence Services Manager at Nisos, discusses the threat of workforce fraud, particularly DPRK-affiliated IT workers infiltrating remote roles. With HR teams and recruiters often unprepared to detect these sophisticated schemes, businesses…

8 steps to secure GenAI integration in financial services

GenAI offers financial services institutions enormous opportunities, particularly in unstructured dataset analysis and management, but may also increase security risks, according to FS-ISAC. GenAI can organize oceans of information and retrieve insights from it that you can use to improve…

Cybersecurity jobs available right now: February 3, 2025

Application Security Architect ReversingLabs | Ireland | Remote – View job details As an Application Security Architect, you will conduct security assessments and vulnerability scans of applications, APIs, and other software components. Identify, analyze, and report security vulnerabilities and risks.…

The hidden dangers of a toxic cybersecurity workplace

In this Help Net Security interview, Rob Lee, Chief of Research and Head of Faculty at SANS Institute, discusses what a toxic environment looks like and how professionals can recognize red flags such as high turnover, burnout, and a pervasive…

BadDNS: Open-source tool checks for subdomain takeovers

BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types. BadDNS modules cname – Check for dangling CNAME records and interrogate them for subdomain takeover opportunities ns – Check for dangling NS…

How to use iCloud Private Relay for enhanced privacy

iCloud Private Relay, included with an iCloud+ subscription, enhances your privacy while browsing the web in Safari. When this feature is enabled, the traffic leaving your iPhone is encrypted and routed through two separate internet relays. This ensures that websites…

Only 3% of organizations have a dedicated budget for SaaS security

Mid-market organizations are grappling with managing the large volume of SaaS applications, both sanctioned and unsanctioned, with actual numbers often exceeding expectations, according to Cloud Security Alliance. Security teams are struggling with a growing attack surface Disconcertingly, 44% of organizations…

Nine out of ten emails are spam

Now, more than ever, users can fall prey to word-perfect AI-created phishing campaigns, subtle BEC messages that sound remarkably like the sender, and highly convincing ploys from trusted vendors with legitimate-looking websites and clean domains, according to VIPRE Security Group.…

Infosec products of the month: January 2025

Here’s a look at the most interesting products from the past month, featuring releases from: Absolute Security, Atsign, authID, BackBox, BioConnect, BitSight, BreachLock, Cisco, Commvault, Compliance Scorecard, DataDome, Hiya, IT-Harvest, Lookout, McAfee, Netgear, Oasis Security, and Swimlane. authID PrivacyKey protects…

Oasis Scout empowers security teams to identify attacks on NHIs

Oasis Security unveiled Oasis Scout, an Identity Threat Detection and Response (ITDR) solution designed specifically for NHIs, integrated with proprietary AuthPrint technology. Available with Oasis NHI Security Cloud, Oasis Scout delivers high-fidelity threat detection and response capability for NHIs with…

How to use Hide My Email to protect your inbox from spam

Hide My Email is a service that comes with iCloud+, Apple’s subscription-based service. It allows users to generate one-time-use or reusable email addresses that forward messages to their personal inbox without ever revealing their actual email address. This means it…

Swimlane Vulnerability Response Management offers risk-based prioritization

Swimlane announced Vulnerability Response Management (VRM) Solution that extends beyond siloed vulnerability management by offering risk-based prioritization, exploit intelligence and recommended remediation workflows. Swimlane AI automation solutions combine the power of AI with human expertise, enabling faster, more accurate decision-making…

authID PrivacyKey protects users’ biometric identities

authID released PrivacyKey, a solution for protecting user biometric data while also avoiding all the compliance issues and risks related to biometric information storage. With the addition of PrivacyKey, authID serves as the ideal partner for organizations that previously delayed…

AuthID PrivacyKey protects users’ biometric identities

authID released PrivacyKey, a solution for protecting user biometric data while also avoiding all the compliance issues and risks related to biometric information storage. With the addition of PrivacyKey, authID serves as the ideal partner for organizations that previously delayed…

Cyberhaven for AI provides visibility into AI tool usage

Cyberhaven launched Cyberhaven for AI, a solution that enables enterprises to securely adopt generative AI while protecting sensitive corporate data. The announcement comes as research reveals a 485% increase in corporate data being shared with AI tools, with over 73%…

How Lazarus Group built a cyber espionage empire

Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite variations in payload delivery and obfuscation techniques, the campaign relied on a consistent C2 framework. Hidden control panel Through deep analysis,…

Absolute Resilience Platform updates improve resilience across endpoints

Absolute Security announced that the Absolute Resilience Platform has expanded to provide customers with integrated, resilient, and automated patch management, vulnerability scanning and remediation, workflow automation and remote “one-click” endpoint rehydration. Unified with existing Absolute capabilities, this single-platform approach delivers…

Bitwarden centralizes cryptographic key management

Bitwarden announced it has strengthened its Password Manager with secure shell management (SSH). This update centralizes cryptographic key management, enabling secure storage, import, and generation of SSH keys directly within the Bitwarden vault to enhance workflows for developers and IT…

Cyberhaven for AI secures enterprise AI usage

Cyberhaven launched Cyberhaven for AI, a solution that enables enterprises to securely adopt generative AI while protecting sensitive corporate data. The announcement comes as research reveals a 485% increase in corporate data being shared with AI tools, with over 73%…

SEC and FCA fines: Issues jump

The financial sector faces communication compliance challenges as organizations struggle to maintain oversight across communication channels. Adding to the complexity is the unexpected rise of unconventional platforms, such as Snapchat, used for business operations. In this Help Net Security video,…

Cybersecurity crisis in numbers

The number of US data compromises in 2024 (3,158) decreased 1% compared to 2023 (3,202), 44 events away from tying a record for the number of compromises tracked in a year, according to the Identity Theft Resource Center. Data breach…

Leostream Privileged Remote Access secures access to corporate resources

Leostream announced a new service to manage and secure organizational resources accessed by third parties—such as external contractors, service providers, and other non-employees—with third-party privileged status. Third-party users often require access to an organization’s infrastructure for IT-related tasks, to collaborate…

BackBox releases Network Cyber Resilience Platform

BackBox launched Network Cyber Resilience Platform. With business productivity at risk due to the complexity of managing too many tools, monotonous manual tasks, and limited time and resources, BackBox is committed to supporting the network and security teams responsible for…

Barracuda strengthens security capabilities in Email Protection

Barracuda Networks unveiled advancements to Barracuda Email Protection. These updates – including flexible deployment options, enhanced security capabilities, and more – make it easier than ever for organizations of all sizes and IT environments to defend against increasingly sophisticated and…

Hiya AI Phone blocks spam and irrelevant calls

Hiya has introduced Hiya AI Phone, an AI call assistant mobile app. Designed for busy professionals, Hiya AI Phone acts like a personal assistant, saving time by screening unwanted phone calls, safeguarding against phone scams, and taking notes during calls…

ForensicScope Regula 4125 detects counterfeit documents

Regula has launched the portable and autonomous ForensicScope Regula 4125. The new device enables ID verification in any place and environment: at border and inland checkpoints, at airports, in transport, etc. Although the Regula 4125 is only smartphone-sized, it is…

Europeans targeted with new Tor-using backdoor and infostealers

A financially motivated threat actor has been targeting German and Polish-speaking users with info-stealing malware and TorNet, a previously undocumented .NET backdoor that leverages the Tor network to evade detection. The phishing email The attacker sends out fake money transfer…

Hiya AI Phone detects scammers in real-time

Hiya has introduced Hiya AI Phone, an AI call assistant mobile app. Designed for busy professionals, Hiya AI Phone acts like a personal assistant, saving time by screening unwanted phone calls, safeguarding against phone scams, and taking notes during calls…

74% of CISOs are increasing crisis simulation budgets

In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, 23andMe, Transport for London, and Cencora, CISOs are reassessing their organisation’s readiness to manage a potential “chaos” of a full-scale cyber crisis, according to Hack The Box. Many CISOs…

Cybersecurity jobs available right now: January 28, 2025

Application Security Engineer Bumble | United Kingdom | Hybrid – View job details As an Application Security Engineer, you will design and implement security testing tools within CI/CD pipelines to detect vulnerabilities early without impacting development speed. Conduct risk assessments…

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The warning came last week from Bishop Fox researchers, after they successfully exploited the vulnerability…

Silobreaker Tickets empowers intelligence teams with AI-augmented tools

Silobreaker launched Tickets, a workflow management feature designed to elevate the efficiency, collaboration and impact of intelligence teams. Tickets is built with native support for Threat Intelligence teams, offering robust capabilities to manage and fulfil intelligence requirements across cyber, geopolitical…

Cyber trends set to influence business strategies

Diligent convened a group of 65 board members, C-suite executives, and leading subject matter experts to explore topics shaping the future of business: generative AI, cybersecurity and data privacy, geopolitical risk, and financial fraud and abuse. In this Help Net…

Aviat Networks enhances software cybersecurity offering

Aviat Networks announced that it has enhanced its Secure Software Development Lifecycle (SSDLC) process and Software Vulnerability Alert (SVA) service designed to strengthen Aviat’s software and firmware development process to comply with latest cybersecurity requirements. With the increasing number of…

New infosec products of the week: January 24, 2025

Here’s a look at the most interesting products from the past week, featuring releases from Bitsight, DataDome, DigitalOcean, Lookout, and XONA Systems. Lookout Mobile Intelligence APIs identifies cross-platform attacks Lookout Mobile Intelligence APIs give security teams visibility into what’s going…

Appdome Threat Dynamics analyzes and ranks mobile threats

Appdome announced that a new AI-Native threat-management module called Threat Dynamics will be offered inside Appdome’s ThreatScope Mobile XDR. Threat Dynamics uses AI deep learning to continuously evaluate the likelihood of a successful exploit from more than 400+ attack vectors…

Bitsight Instant Insights accelerates vendor risk assessments

Bitsight unveiled Instant Insights, a new offering from the Bitsight IQ suite of AI-based capabilities. The new feature leverages generative AI to analyze and summarize security questionnaires and reports, allowing security and compliance teams to make faster, more informed risk…

DigitalOcean Per-Bucket Access Keys boosts object storage security

DigitalOcean announced Per-Bucket Access Keys for DigitalOcean Spaces, its S3-compatible object storage service. This feature provides customers with identity-based, bucket-level control over access permissions, helping to enhance their data security and simplifying management. Prior to the introduction of Per-Bucket Access…

Defense strategies to counter escalating hybrid attacks

In this Help Net Security interview, Tomer Shloman, Sr. Security Researcher at Trellix, talks about attack attribution, outlines solutions for recognizing hybrid threats, and offers advice on how organizations can protect themselves against hybrid attacks. What are the most promising…