Tag: Help Net Security

Malware peddlers love this one social engineering trick!

Attackers are increasingly using a clever social engineering technique to get users to install malware, Proofpoint researchers are warning. The message warns of a problem but also offers a way to fix it (Source: Proofpoint) Social engineering users to install…

Low code, high stakes: Addressing SQL injection

Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source of web application vulnerabilities. Reasons include human error, new…

The rise of SaaS security teams

In this Help Net Security interview, Hillary Baron, Senior Technical Director for Research at CSA, highlights that the recent surge in organizations establishing dedicated SaaS security teams is driven by significant data breaches involving widely used platforms. What motivated the…

Ghidra: Open-source software reverse engineering framework

Ghidra, a cutting-edge open-source software reverse engineering (SRE) framework, is a product of the National Security Agency (NSA) Research Directorate. The framework features high-end software analysis tools, enabling users to analyze compiled code across various platforms, including Windows, macOS, and…

AI’s impact on data privacy remains unclear

In this Help Net Security round-up, experts discuss the importance of embracing AI while implementing protective measures against threats, global AI adoption, consumer perceptions, and behaviors regarding data privacy. Complete videos Tracy Reinhold, CSO at Everbridge, discusses why AI technology…

YetiHunter: Open-source threat hunting tool for Snowflake environments

Cloud identity protection company Permiso has created YetiHunter, a threat detection and hunting tool companies can use to query their Snowflake environments for evidence of compromise. YetiHunter executing queries (Source: Permiso Security) Recent attacks against Snowflake customers Cloud-based data storage…

IRONSCALES boosts email security with GPT-powered training feature

IRONSCALES announced its GPT-powered Phishing Simulation Testing solution. This capability, now available to IRONSCALES Complete Protect customers, marks a significant advancement in the ease, efficacy and accessibility of cybersecurity training and awareness. In Verizon’s 2024 Data Breach Investigations Report, researchers…

CyberLink launches FaceMe Security version 7.15

CyberLink announced the latest release of FaceMe Security. A turnkey security and access control solution, FaceMe Security enables identity verification, attendance management, and access control through AI facial recognition, with real-time monitoring and alerts. FaceMe Security is integrated with major…

The biggest downsides of digital ID adoption

As innovative digital verification methods continue to emerge, the debate around their reliability and effectiveness is heating up, according to Regula. Companies employ various methods for identity verification Despite digital advances, many organizations worldwide still depend on physical documents for…

Modern fraud detection need not rely on PII

Trends in online fraud detection often act as the canary in the coal mine when it comes to understanding and combating the next generation of online scams, fraud and cybersecurity threats. These days, security and fraud experts worry that insufficient…

New infosec products of the week: June 14, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Acronis, Diligent, Entrust, KELA, Plainsea, and SentinelOne. Plainsea: Cybersecurity platform that enables continuous service delivery Designed with managed security service providers in mind, Plainsea offers…

Solving the systemic problem of recurring vulnerabilities

In this Help Net Security video, Dr. Pedram Hayati, CEO at SecDim, and Fil Filiposki, founder of AttackForge, discuss how the two companies have formed a strategic collaboration to tackle the major challenge of resurfacing vulnerabilities. By integrating SecDim’s AppSec…

SailPoint introduces AI-powered application onboarding capability

SailPoint launches innovative AI-powered application onboarding capability. This new capability will be seamlessly integrated into SailPoint Identity Security Cloud and will simplify the process of integrating critical business applications. By automating the onboarding process, SailPoint will simultaneously be delivering faster…

Urgently needed: AI governance in cyber warfare

Artificial intelligence is quickly becoming central to societal growth. AI has great power to improve daily life, from education to healthcare, from sustainability to defense. AI also brings to the forefront a number of risks that cut across the core…

GenAI keeps cybersecurity pros on high alert

“Businesses across every industry face unprecedented challenges posed by an increasing attack surface, zero-day vulnerabilities, cloud misconfigurations, and new emerging threats driven by AI,” said Andrei Florescu, president and GM of Bitdefender Business Solutions Group. “The findings of our recent…

AWS unveils new and improved security features

At its annual re:Inforce conference, Amazon Web Services (AWS) has announced new and enhanced security features and tools. Additional multi-factor authentication option To facilitate the concerted push to get customers to secure their accounts with multiple authentication factors, AWS has…

Splunk’s security innovations boost threat detection and response

Splunk announced new security innovations aimed at bolstering threat detection and security operations across multiple data sources. These advancements include Splunk Enterprise 8.0, which empowers security teams to proactively manage and mitigate risks effectively, and a new Federated Analytics feature,…

20,000 FortiGate appliances compromised by Chinese hackers

Coathanger – a piece of malware specifically built to persist on Fortinet’s FortiGate appliances – may still be lurking on too many devices deployed worldwide. How Coathanger persists on FortiGate devices In February 2024, the Dutch Military Intelligence and Security…

Splunk unveils AI tools across its product portfolio

Splunk introduced a collection of AI tools across its product portfolio to enable organizations to speed up routine tasks and enhance their ability to get insights from data fast. Splunk’s generative AI-powered Assistants can help every user become a security…

SentinelOne strengthens cloud security for AWS customers

SentinelOne announced Singularity Cloud Workload Security for Serverless Containers, a new offering that provides real-time, AI-powered protection to secure containerized workloads running on AWS Fargate for Amazon ECS and Amazon EKS. “As a long-time and strategic Amazon Partner Network member,…

Open-source security in AI

New AI products are coming onto the market faster than we have seen in any previous technology revolution. Companies’ free access and right to use open source in AI software models has allowed them to prototype an AI product to…

Six months of SEC’s cyber disclosure rules

In this Help Net Security video, Mark Millender, Senior Advisor of Global Executive Engagement at Tanium, discusses the overall sentiment from CISOs of large, public companies on the effectiveness and understanding of SEC’s cyber disclosure rules and common misconceptions and…

Cybersecurity jobs available right now: June 12, 2024

Cloud Security Engineer Metacore | Germany | Hybrid – View job details As a Cloud Security Engineer, you will develop, implement, and maintain cloud security architecture, policies, and procedures. You will collaborate with game and infrastructure teams to identify, evaluate,…

Diligent AI enables leaders to better manage and respond to risk

Diligent announced Diligent AI, a set of artificial intelligence capabilities within the Diligent One Platform that enhance how organizations understand, anticipate and mitigate risks. Diligent AI will enable users to identify risks, safeguard data and democratize the decision-making processes, driving…

XONA raises $18 million to accelerate product development

XONA announced the close of an $18 million strategic funding round led by established cyber investor Energy Impact Partners (EIP), bringing the company’s total funding to $32 million. The funding will allow the company to enhance its OT enterprise zero-trust…

Apple announces security updates across its platforms

Apple announced new updates across its platforms that help empower users and keep them in control of their data. Private Cloud Compute extends protections of iPhone to the cloud, so that users don’t have to choose between powerful intelligence grounded…

Cloud migration expands the CISO role yet again

The CISO role used to be focused primarily on information security — creating and implementing policies to safeguard an organization’s data and IT infrastructure from cybersecurity threats. However, as organizations rapidly migrate to cloud environments, the responsibilities and challenges for…

GDPR turns six: Expert discusses AI impact

The European Union’s GDPR policy came into effect six years ago. Since then, it has become widely regarded as the standard for data sharing, but the rise of new technology has questioned its suitability and relevance. In this Help Net…

Security providers view compliance as a high-growth opportunity

85% of managed service and security providers face significant challenges maintaining compliance for customers, with lack of resources, expertise, or technology cited as the most common roadblocks to offering managed compliance, according to Apptega. That being said, the survey also…

KELA’s TPRM module identifies software supply chain risks

KELA launched the Third-Party Risk Management (TPRM) module, fully integrated into its threat intelligence platform. This new offering is specifically designed to strengthen organizational defenses by focusing on software supply chain risks. KELA’s TPRM module stands out in the market…

DataBee EntityViews accelerates zero trust architecture deployment

DataBee, from Comcast Technology Solutions, announced new capabilities in its DataBee Hive security, risk and compliance data fabric platform. DataBee EntityViews, powered by a patent-pending entity resolution technology, introduces automated detection chaining that improves threat hunting, security detection fidelity, and…

The number of known Snowflake customer data breaches is rising

LendingTree subsidiary QuoteWizard and automotive parts provider Advance Auto Parts have been revealed as victims of attackers who are trying to sell data stolen from Snowflake-hosted cloud databases. Snowflake says that their investigation is still ongoing, but continues to stand…

Radare: Open-source reverse engineering framework

Radare is an open-source UNIX-like reverse engineering framework and command-line toolset. It can be scripted, modified, and used for batch analysis. “I started the project in 2006 when I was working as a forensic analyst, and I wrote a simple…

AI’s role in accelerating vulnerability management

With its capability to analyze, predict, and automate, AI stands to reshape many corners of business, most notably cybersecurity. In the field of vulnerability management specifically, AI is poised to have a profound impact, enhancing two key areas: Providing quicker…

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)

SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine. About CVE-2024-28995 Serv-U MFT Server is a widely used…

Cyber insurance isn’t the answer for ransom payments

Ransomware remains an ongoing threat for organizations and is the largest single cause of IT outages and downtime as 41% of data is compromised during a cyberattack, according to Veeam. “Ransomware is endemic, impacting 3 out of 4 organizations in…

Unpacking CISA’s AI guidelines

CISA’s late April AI and infrastructure guidelines address 16 sectors along with their cybersecurity needs and operations concerning the growth of AI as a tool to build both federal and vendor cybersecurity infrastructure in the federal marketplace. In this Help…

26% of organizations lack any form of IT security training

26% of organizations don’t provide IT security training to end-users, according to Hornetsecurity. The Hornetsecurity survey, which compiled feedback from industry professionals worldwide, also reveals that 8% of organizations offer adaptive training that evolves based on the results of regular…

New infosec products of the week: June 7, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Appdome, SailPoint, Tines, Trend Micro, Verimatrix, and Zyxel Networks. Zyxel Networks USG LITE 60AX improves network security Zyxel Networks launched USG LITE 60AX–an AX6000 WiFi…

Darktrace MDR service improves cyber resilience for organizations

Darktrace launched its new service offering, Darktrace Managed Detection & Response (MDR). The service combines detection and response capabilities spanning across the enterprise, with the expertise of its global analyst team. This combination augments internal security teams with AI-powered threat…

Zyxel patches critical flaws in EOL NAS devices

Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. About the vulnerabilities The three vulnerabilities are: A command injection vulnerability in the CGI program that could…

HYPR raises $30 million to combat threats posed by generative AI

HYPR secures $30 million in funding from Silver Lake Waterman to drive accelerated advancements in technologies to combat the rising threat of generative AI-driven credential-based attacks. This investment validates the expanded adoption of HYPR’s passwordless authentication solutions and support for…

Webinar: Exposure management and your attack surface

Your business, attack surface, and threat landscape are not static—they are constantly changing. New vulnerabilities are disclosed hourly, new exploits for old vulnerabilities are publicly released, and threat actors update their techniques continuously. Knowing where and how to prioritize your…

Sniffnet: Free, open-source network monitoring

Sniffnet is a free, open-source network monitoring tool to help you easily track your Internet traffic. What sets it apart is its strong focus on user experience. Unlike most network analyzers, Sniffnet is built to be easily usable by everyone,…

90% of threats are social engineering

In this Help Net Security video, Jakub Kroustek, Malware Research Director at Gen, discusses the Avast Q1 2024 Threat Report. The report highlights significant trends and incidents in cybersecurity. Key findings include: Surge in social engineering attacks: Nearly 90% of…

Chinese attackers leverage previously unseen malware for espionage

Sophos released its report, “Operation Crimson Palace: Threat Hunting Unveils Multiple Clusters of Chinese State-Sponsored Activity Targeting Southeast Asia,” which details a highly sophisticated, nearly two-year long espionage campaign against a high-level government target. During Sophos X-Ops’ investigation, which began…

Photos: Infosecurity Europe 2024

Infosecurity Europe is taking place at ExCel London from 4-6 June 2024. Help Net Security is on-site. This gallery takes you inside the event. The featured vendors are: Plainsea, Qualys, Akamai, Microsoft, Bridewell, Adaptive Shield, Jamf. The post Photos: Infosecurity…

Appdome SDKProtect reduces third-party mobile supply chain risk

Appdome released a new mobile SDK protection and mobile threat streaming service, called Appdome SDKProtect. Appdome SDKProtect is designed to end third-party, mobile supply chain risk and democratize mobile threat intelligence and telemetry data among mobile SDK developers. The new…

N2WS launches cross-cloud volume restore for AWS and Azure

N2WS has introduced several new features to its cloud-native backup and disaster recovery (BDR) platform to help enterprises and managed service providers (MSPs) with combatting the increasing number of cybersecurity attacks on organizations while also ensuring data sovereignty, enhancing data…

Cybersecurity jobs available right now: June 5, 2024

Corporate Data Protection Manager GLS | Germany | Hybrid – View job details As a Corporate Data Protection Manager, you will develop the Corporate Data Protection Framework with a special focus on compliance with the EU General Data Protection Regulation.…