The US Justice Department had unsealed charges against a US woman and an Ukranian man who, along with three unidentified foreign nationals, have allegedly helped North Korean IT workers work remotely for US companies under assumed US identities and thus…
Tag: Help Net Security
The importance of access controls in incident response
The worst time to find out your company doesn’t have adequate access controls is when everything is on fire. The worst thing that can happen during an incident is that your development and operations teams are blocked from solving the…
Kroll expands its document review capabilities to accelerate incident response
Kroll expands its document review capabilities with DataminerAI to immediately pinpoint where sensitive data is located, providing faster, more efficient and affordable data mining. The technology optimizes incident response investigations and is available to all insurance carriers, law firms, and…
GitLab unveils AI capabilities to help organizations better secure their software
GitLab announced new innovations across the platform to streamline how organizations build, test, secure, and deploy software. Introducing GitLab Duo Enterprise GitLab Duo Enterprise, a new end-to-end AI add-on, combines the developer-focused AI capabilities of GitLab Duo Pro—organizational privacy controls,…
The IT skills shortage situation is not expected to get any better
A growing IT skills shortage is impacting organizations in all industries and across all regions, according to IDC. In a recent IDC survey of North American IT leaders, nearly two thirds said that a lack of skills has resulted in…
Organizations struggle to defend against ransomware
In this Help Net Security video, Jeremy Nichols, Director, Global Threat Intelligence Center at NTT Security Holdings, discusses a recent surge in ransomware incidents. After a down year in 2022, ransomware and extortion incidents increased in 2023. More than 5,000…
Too many ICS assets are exposed to the public internet
The enterprise attack surface is expanding in multiple ways, becoming more numerous and more specific, according to runZero. “Our research reveals alarming gaps and unexpected trends in enterprise infrastructure, including the decay of network segmentation, persistent challenges in attack surface…
New infosec products of the week: May 17, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Calix, FireMon, ManageEngine, and OWASP Foundation. Calix strengthens SmartBiz security with automated alerts and anti-spam compliance tools Calix unveiled updates to SmartBiz, a purpose-built small…
Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)
New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely execute code during a “clone” operation. About Git Git is a widely-popular distributed version control system…
Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)
For the third time in the last seven days, Google has fixed a Chrome zero-day vulnerability (CVE-2024-4947) for which an exploit exists in the wild. About CVE-2024-4947 CVE-2024-4947 is a type confusion vulnerability in V8, Chrome’s JavaScript and WebAssembly engine.…
Palo Alto Networks partners with IBM to deliver AI-powered security offerings
Palo Alto Networks and IBM announced a broad-reaching partnership to deliver AI-powered security outcomes for customers. The announcement is a testament to Palo Alto Networks’ and IBM’s commitment to each other’s platforms and innovative capabilities. The expanding and complex enterprise…
Is an open-source AI vulnerability next?
AI has captured widespread interest and offers numerous benefits. However, its rapid advancement and widespread adoption raise concerns, especially for those of us in cybersecurity. With so much interest, there are lots of insecure applications finding their way onto our…
Ebury botnet compromises 400,000+ Linux servers
ESET researchers released its deep-dive investigation into one of the most advanced server-side malware campaigns. It is still growing and has seen hundreds of thousands of compromised servers in its at least 15-year-long operation. The Ebury group and botnet have…
OWASP dep-scan: Open-source security and risk audit tool
OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies. It supports local repositories and container images as input sources, making it suitable for integration with ASPM/VM platforms…
Cloud security incidents make organizations turn to AI-powered prevention
Cloud security incidents are alarmingly on the rise, with 61% of organizations reporting breaches within the last year, marking a significant increase from 24% the year before, according to Check Point. This trend underscores the escalating risk landscape in cloud…
Product showcase: Block ads, cookie pop-ups, trackers with CleanWeb
A study by PageFair revealed that ad blocker usage surged by 30% in 2016 alone, reflecting a growing public concern for privacy and uninterrupted browsing. Fast-forward to today, and the numbers are even more dramatic. According to Forbes, Americans are…
The critical role of IT staffing in strengthening cybersecurity
Many organizations lack adequate IT staffing to combat cyber threats. A comprehensive approach to cybersecurity requires more than technical solutions. It involves the right staff with the unique expertise necessary to recognize and prevent potential threats. This makes IT and…
FireMon Asset Manager 5.0 improves situational awareness
FireMon released FireMon Asset Manager 5.0. This new version of its solution provides real-time cyber situational awareness of an organization’s infrastructure, brings with it improved manageability, extends integration with other platforms, and further strengthens delivering complete visibility of organizational assets.…
How attackers deliver malware to Foxit PDF Reader users
Threat actors are taking advantage of the flawed design of Foxit PDF Reader’s alerts to deliver malware via booby-trapped PDF documents, Check Point researchers have warned. Exploiting the issue The researchers have analyzed several campaigns using malicious PDF files that…
ManageEngine SaaS Manager Plus simplifies access management
ManageEngine launched SaaS Manager Plus, a SaaS management solution for enterprises. SaaS Manager Plus seamlessly integrates with Zoho apps and other widely utilized applications, empowering IT admins and finance managers to streamline their SaaS ecosystems and identify cost-saving opportunities for…
Calix strengthens SmartBiz security with automated alerts and anti-spam compliance tools
Calix unveiled updates to SmartBiz, a purpose-built small business solution for broadband service providers (BSPs), that expand an existing set of robust security capabilities. These enhancements help BSPs ensure the safety, security, and compliance of critical small business online activities…
Core security measures to strengthen privacy and data protection programs
As privacy laws evolve globally, organizations face increasing complexity in adapting their data protection strategies to stay compliant. In this Help Net Security interview, Kabir Barday, CEO at OneTrust, emphasizes that embracing privacy by design enables organizations to navigate compliance…
Cybersecurity jobs available right now: May 15, 2024
Associate / Pentester (Red Team) – Cybersecurity Audit Siemens | Germany | Hybrid – View job details As an Associate / Pentester (Red Team) – Cybersecurity Audit, you will be responsible for conducting cybersecurity assessments across the entire Siemens landscape,…
Key questions to ask when tailoring defensive stacks
In this Help Net Security video, Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber, outlines the questions you need to ask your security team when tailoring a defense stack against your current threat landscape. Small talks about what…
Ransomware statistics that reveal alarming rate of cyber extortion
In this article, you will find excerpts from various reports that offer statistics and insights about the current ransomware landscape. Global ransomware crisis worsens NTT Security Holdings | 2024 Global Threat Intelligence Report | May 2024 Ransomware and extortion incidents…
Cybersecurity analysis exposes high-risk assets in power and healthcare sectors
Traditional approaches to vulnerability management result in a narrow focus of the enterprise attack surface area that overlooks a considerable amount of risk, according to Claroty. Organizations must take a holistic approach to exposure management To understand the scope of…
May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)
For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buffer overflow vulnerability affecting the Windows DWM Core Library that can…
Apple backports iOS zero-day patch, adds Bluetooth tracker alert
Apple has backported the patch for CVE-2024-23296 to the iOS 16 branch and has fixed a bug (CVE-2024-27852) in MarketplaceKit that may allow maliciously crafted webpages to distribute a script that tracks iOS users on other webpages. The company has…
How a GRC consultant passed the CISSP exam in six weeks
Ask any IT security professional which certification they would consider to be the “gold standard” in terms of prestige, credibility, or difficulty, and almost invariably they will answer: the CISSP. If an organization is seeking some peace regarding information security,…
Tailoring responsible AI: Defining ethical guidelines for industry-specific use
In this Help Net Security interview, Chris Peake, CISO & SVP at Smartsheet, explains how responsible AI should be defined by each organization to guide their AI development and usage. Peake emphasizes that implementing responsible AI requires balancing ethical considerations,…
BLint: Open-source tool to check the security properties of your executables
BLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations. From version 2, BLint can also produce Software Bill-of-Materials (SBOM) for compatible binaries. BLint features “Several source code analysis tools can…
Are you meeting your cyber insurance requirements?
Cyber insurance policies are specifically designed to offer financial protection to organizations in the face of cyber attacks, data breaches, or other cybersecurity incidents. While they can provide a sense of security, it’s crucial to be aware of their limitations.…
Log4J shows no sign of fading, spotted in 30% of CVE exploits
Organizations continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks, according to a Cato Networks survey. Enterprises are too trusting within their networks The Cato CTRL SASE Threat Report…
MITRE EMB3D improves security for embedded devices
MITRE released EMB3D, a cybersecurity threat model for embedded devices. The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them. The model…
Palo Alto Networks and Accenture help organizations accelerate AI adoption
Palo Alto Networks and Accenture announced an expansion of their long-standing strategic alliance. New offerings will combine Precision AI technology from Palo Alto Networks and Accenture’s secure generative AI services to help organizations embrace the potential of AI with unparalleled…
Black Basta target orgs with new social engineering campaign
Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to download remote access tools. Black Basta TTPs and newest initial access attempts According to a cybersecurity advisory…
Red teaming: The key ingredient for responsible AI
Developing responsible AI isn’t a straightforward proposition. On one side, organizations are striving to stay at the forefront of technological advancement. On the other hand, they must ensure strict compliance with ethical standards and regulatory requirements. Organizations attempting to balance…
Establishing a security baseline for open source projects
In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) and opportunities for overcoming these challenges. The OpenSSF community has developed open-source security tools and projects,…
How AI affects vulnerability management in open-source software
In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch management has been the…
AI’s rapid growth puts pressure on CISOs to adapt to new security risks
The increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, according to Trellix. GenAI’s impact on CISO responsibility GenAI has rolled out at an immense speed,…
Critical vulnerabilities take 4.5 months on average to remediate
Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA’s deadlines, according to Bitsight. Organizations struggle to remediate critical…
Securing the future through cybersecurity education
In this Help Net Security round-up, we present excerpts from previously recorded videos in which security experts talk about the cybersecurity talent shortage and the role STEM education can play in solving that problem. They also discuss actions needed to…
Download: The Ultimate Guide to the CISSP
The Ultimate Guide to the CISSP covers everything you need about the world’s premier cybersecurity leadership certification. Learn how CISSP and ISC2 will help you navigate your training path, succeed in certification, and advance your career so you’re ready to…
Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging…
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)
Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigger an exploitable…
May 2024 Patch Tuesday forecast: A reminder of recent threats and impact
The thunderstorms of April patches have passed, and it has been pretty calm leading up to May 2024 Patch Tuesday. April 2024 Patch Tuesday turned out to be a busy one with 150 new CVEs addressed by Microsoft. There were…
How secure is the “Password Protection” on your files and drives?
People in certain professions, such as healthcare, law, and corporations, often rely on password protection when sending files via email, believing it provides adequate security against prying eyes. However, simple password protection on a PDF or Excel file is not…
Cybercriminals are getting faster at exploiting vulnerabilities
Cybercriminals are targeting the ever-increasing number of new vulnerabilities resulting from the exponential growth in the number and variety of connected devices and an explosion in new applications and online services, according to Fortinet. It’s only natural that attacks looking…
Nmap 7.95 released: New OS and service detection signatures
Nmap is a free, open-source tool for network discovery and security auditing. It’s valued by systems and network administrators for network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap identifies available hosts on a network, the…
Selfie spoofing becomes popular identity document fraud technique
Document image-of-image was the most prevalent identity (ID) document fraud technique in 2023, occurring in 63% of all IDs that were rejected, according to Socure. Selfie spoofing and impersonations dominate document-related identity fraud Document image-of-image occurs when the user takes…
GenAI enables cybersecurity leaders to hire more entry-level talent
93% of security leaders said public GenAI was in use across their respective organizations, and 91% reported using GenAI specifically for cybersecurity operations, according to Splunk. A total of 1,650 security leaders participated in the global survey, with many reporting…
New infosec products of the week: May 10, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, AuditBoard, Cranium, Datadog, Eclypsium, ExtraHop, Forcepoint, SentinelOne, Splunk, Sumo Logic, and Trellix. AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the organization…
F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)
Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) affecting F5’s BIG-IP Next Central Manager. About the vulnerabilities BIG-IP Next is “a completely new incarnation” of F5’s BIG-IP devices/modules, which are used for…
Zscaler swats claims of a significant breach
On Wednesday, a threat actor named “InteIBroker” put up for sale “access to one of the largest cyber security companies” and immediately ignited speculation about which company it might be. InteIBroker claims to have access to “logs packed with credentials”,…
AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the organization
AuditBoard announced powerful enhancements for its InfoSec Solutions to help organizations meet their IT compliance, cyber risk, and vendor risk management needs in the face of rising risks and increased regulatory requirements. With these new capabilities, including enhanced AI automation,…
CISA starts CVE “vulnrichment” program
The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is failing Since 1999, NVD analysts have…
BigID equips security teams with AI-guided data security and risk remediation recommendations
BigID announced the introduction of AI-guided data security and risk remediation recommendations. These new capabilities empower security teams to eliminate guesswork and more proactively address security risks to improve their overall security posture across their data environment. BigID’s AI-guided data…
Secureworks Taegis NDR identifies malicious activity on the network
Secureworks released Secureworks Taegis NDR, to stop nefarious threat actors from traversing the network. The dominance of cloud applications and remote working has created an explosion in network traffic, up over 20% from 2023 to 20241. Adversaries are taking advantage…
Critical Start adds multiple frameworks to Risk Assessments
Critical Start announced the expansion of the frameworks available in its Risk Assessments offering. These additions to the tool expand upon the initial offering, providing additional framework-based assessments for customers to achieve data-driven evaluation, articulation, and monitoring their overall cyber…
Skyhigh Security boosts data protection measures with AI innovations
Skyhigh Security announced strategic additions to its Security Service Edge (SSE) portfolio. In response to an evolving cyber threat landscape and new data security challenges, these new innovations will empower organizations to seamlessly adopt zero-trust principles and enhance data protection…
Regulators are coming for IoT device security
Cybersecurity is a relatively new challenge for many IoT device makers who have traditionally produced non-connected devices. These devices were less vulnerable to exploitation and, as a result, manufacturers often lack the expertise and experience needed to effectively secure their…
Global ransomware crisis worsens
Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings’ 2024 Global Threat Intelligence Report. Global ransomware crisis After a down year in 2022, ransomware and extortion incidents increased in 2023. More than 5,000 ransomware victims…
Why SMBs are facing significant security, business risks
In this Help Net Security video, Alex Cox, Director of Threat Intelligence at LastPass, discusses how human factors are getting in the way while SMB leaders report investing more time, attention, and budget in cybersecurity. According to LastPass, these factors…
Ransomware attacks impact 20% of sensitive data in healthcare orgs
Recent cyber incidents demonstrate the healthcare industry continues to be a prime target for ransomware hackers, according to Rubrik. New research by Rubrik Zero Labs reveals that ransomware attacks produce larger impacts against these healthcare targets. In fact, the report…
3 CIS resources to help you drive your cloud cybersecurity
In the process of moving to the cloud, you need a security-first cloud migration strategy that considers both your security and compliance requirements upfront. In this article, we’ll discuss how you can use resources from the Center for Internet Security…
SentinelOne Singularity Cloud Native Security simulates harmless attacks on cloud infrastructure
Attackers are targeting the scope and scale of the cloud to run rapid and coordinated threat campaigns. A new approach is needed to defend against them, and SentinelOne is delivering it with the launch of Singularity Cloud Native Security. A…
Cado Security launches solution for forensic investigations in distroless container environments
Cado Security has introduced a solution for conducting forensic investigations in distroless container environments. With Cado Security’s new offering, security teams can investigate the root cause, scope, and impact of malicious activity detected within distroless container environments to gain greater…
Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)
Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same local network. “This…
CyberSaint releases NIST CSF Benchmarking Feature
CyberSaint released the NIST Cybersecurity Framework (CSF) Benchmarking Feature, which allows CISOs and security teams to measure their NIST posture against industry peers through a historical maturity graph on the CyberStrong Executive Dashboard. Organizations across industries struggle to compare themselves…
Ghost Security Phantasm detects attackers targeting APIs
Ghost Security announced the early access availability of Phantasm, application-specific threat intelligence poised to fill a large gap that currently exists in both threat intelligence and application security. Developed by a team of industry experts from Ghost Labs, the research…
MITRE breach details reveal attackers’ successes and failures
MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti…
Traceable launches Generative AI API Security to combat AI integration risks
Traceable AI has revealed an Early Access Program for its new Generative AI API Security capabilities. As enterprises increasingly integrate Generative AI such as Large Language Models (LLMs) into critical applications, they expose those applications to attacks that exploit the…
Photos: RSA Conference 2024
RSA Conference 2024 is taking place at the Moscone Center in San Francisco. Help Net Security is on-site, and this gallery takes you inside the event. The featured vendors are: Sophos, NetSPI, IT-Harvest, Cisco, GitGuardian, Delinea, Splunk, Entrust, and Trellix.…
MITRE and NVIDIA build AI supercomputer for federal agency use
MITRE is building a new capability intended to give its AI researchers and developers access to a massive increase in computing power. The new capability, MITRE Federal AI Sandbox, will provide better experimentation of next generation AI-enabled applications for the…
Cloudflare for Unified Risk Posture identifies cyber threats
Cloudflare announced Cloudflare for Unified Risk Posture, a new suite of risk management solutions designed to streamline the process of identifying, evaluating, and managing cyber threats that pose risk to an organization, across all environments. Powered by Cloudflare’s rich security…
Inpher SecurAI protects the privacy of user inputs on large language models
Inpher released SecurAI, a solution that protects the privacy and security of user inputs on large language models. This release of SecurAI leverages the NVIDIA H100 Tensor Core GPU for maximum speed and performance. “Enterprises need to harness the power…
nodeQ launches PQtunnel to simplify the migration to PQC for both SMEs and large enterprises
nodeQ has developed PQtunnel, a tool designed to assist businesses – ranging from SMEs to large enterprises – in transitioning their end-to-end (E2E) secure communication to PQC. This software application is available in two variants: PQtunnel TLS and PQtunnel SSH,…
Forcepoint ONE Data Security simplifies data protection with zero-trust principles for all organizations
Forcepoint introduced Forcepoint ONE Data Security, an enterprise-grade unified cloud-managed solution designed to simplify data protection with zero-trust principles for all organizations. The new Forcepoint SaaS solution provides unified management for endpoint and multi-channel cloud data security, eliminating the need…
Red Hat launches RHEL AI for streamlined GenAI model testing and deployment
Red Hat has launched Red Hat Enterprise Linux AI (RHEL AI), a foundation model platform that enables users to more seamlessly develop, test and deploy generative AI (GenAI) models. RHEL AI brings together the open source-licensed Granite large language model…
Theori unveils Xint to automate security operations in cloud and hybrid environments
Theori unveiled its latest security management solution, Xint. Xint streamlines and automates security operations across cloud and hybrid environments, providing comprehensive visibility throughout the entire security ecosystem. Xint integrates cloud security, external threat detection, and an advanced Offensive Security AI…
Eclypsium offers protection for GenAI hardware infrastructure
Eclypsium announced new GenAI assessment capabilities for its Supply Chain Security Platform. The new capabilities help secure the fundamental layers of the GenAI tech stack through support for NVIDIA hardware and popular GenAI foundation models. As demand for GenAI skyrockets,…
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)
Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam Service Provider Console is a cloud platform used by managed services providers (MSPs) and enterprises to…
AppOmni introduces ZTPM for enhanced cisibility in SaaS security
AppOmni unveiled AppOmni Zero Trust Posture Management (ZTPM), a solution set that strengthens security in modern infrastructures by bridging a critical gap in network-centric zero trust (ZT) architectures. Specifically, the framework provides visibility and monitoring into the configuration, security posture,…
ExtraHop releases AI tools to automate SOC workflows
ExtraHop has revealed a set of AI tools in the RevealX platform designed to automate SOC workflows and relieve analyst fatigue. Against the backdrop of a rapidly expanding threat landscape and alert overload, SOC analysts are increasingly overworked and under-resourced.…
Forgepoint Capital boosts Nudge Security’s seed round
Nudge Security announced new funding from Forgepoint Capital, which joins Ballistic Ventures in bringing the fast-growing startup’s seed funding to $16.5 million. Forgepoint Co-Founder and Managing Director Alberto Yépez will join the Nudge Security board. “With its patented, turnkey…
AppViewX AVX ONE provides visibility, automation and control of certificates and keys
AppViewX announced AVX ONE, a fully integrated SaaS-based CLM platform for PKI, IAM, security, DevOps, cloud, platform and application teams. AVX ONE provides enterprise scale, visibility, automation and control of certificates and keys. It enables governance, and remediation, and crypto-agility…
New Relic introduces Secure Developer Alliance for enhanced security insights
New Relic launched Secure Developer Alliance. Industry leaders including FOSSA, Gigamon, Lacework, Aviatrix, and Opus are among the first to join the alliance, which provides them with pragmatic research, education, and guidance to implementing observable security. In addition, the Secure…
Liongard unveils Managed Attack Surface Solution for SMBs, mid-market, and enterprise clients
Liongard unveils its latest innovation: the Managed Attack Surface Solution for SMBs, mid-market, and enterprise clients. This solution combines its ASM platform with the expertise of its extensive global managed IT service partner network, providing comprehensive visibility, protection and resources…
Accenture partners with Mandiant to improve cybersecurity operations
Accenture and Mandiant, part of Google Cloud, are teaming up to collaboratively deliver cyber resilience services to help organizations more efficiently detect, investigate, respond to and recover from cyberattacks. As part of the partnership, Accenture will utilize Mandiant Threat Intelligence,…
Bitwarden adds mobile passkey support for everyone
Bitwarden has announced the availability of mobile passkey support for everyone. Setting Bitwarden as the default passkey provider, users can generate and use passkeys seamlessly on mobile devices and desktop browsers, combining the convenience of synced vaults with the seamless…
Relyance AI release Asset Intelligence and DSPM for data visibility and compliance
Relyance AI unveiled the release of Asset Intelligence and Data Security Posture Management, the first DSPM solution to bring together complete asset-level visibility and lineage to all sensitive enterprise data in the context of contractual and regulatory obligations. Security and…
97% of organizations hit by ransomware turn to law enforcement
Sophos has released additional findings from its annual “State of Ransomware 2024” survey. According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government bodies for help…
Security tools fail to translate risks for executives
Organizations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats, according to Dynatrace. The results indicate that CISOs encounter challenges in aligning security teams with the C-suite, resulting in organizational gaps in understanding cyber risk.…
Cybersecurity jobs available right now: May 8, 2024
CISO Pinsent Masons | United Kingdom | Hybrid – View job details As a CISO, you will be responsible for the overall security posture of the organisation, ensuring the organisation’s information and technology assets are protected from internal and external…
Pktstat: Open-source ethernet interface traffic monitor
Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platforms, it employs generic PCAP live wire capture. Pktstat is a versatile tool that doesn’t rely on advanced or…
The complexities of third-party risk management
In this Help Net Security video, Brad Hibbert, Chief Strategy Officer and Chief Operating Officer for Prevalent, discusses five interesting findings from a recent industry study on third-party risk management and what he thinks they mean for cybersecurity professionals and…
How workforce reductions affect cybersecurity postures
In its State of Pentesting Report, Cobalt reveals an industry struggling to balance the use of AI and protecting against it, while facing significant resource and staffing constraints. Pentesting plays a key role in addressing this challenge, equipping organizations with…
LockBit leader unmasked: US charges Russian national
Russian national Dmitry Khoroshev is “LockBitSupp”, the creator, developer and administator of the infamous LockBit ransomware group, according to UK, US and Australia law enforcement agencies. The US Justice Deparment has unsealed charges against Khoroshev and the US Department of…
Abnormal extends Account Takeover Protection to cloud apps, introduces AI Security Mailbox
Abnormal Security is expanding its Account Takeover Protection product line beyond email to provide visibility into cross-platform user behavior and centralize compromised account detection and remediation across identity, collaboration, and cloud infrastructure applications. In addition, the company is launching AI…
Dynatrace enhances its platform with new Kubernetes Security Posture Management capabilities
Dynatrace is enhancing its platform with new Kubernetes Security Posture Management (KSPM) capabilities for observability-driven security, configuration, and compliance monitoring. This announcement follows the rapid integration of Runecast technology into the Dynatrace platform following the company’s successful acquisition earlier this…