Tag: Help Net Security

Ledger today launched Ledger Flex, featuring secure E Ink touchscreen displays powered by Ledger’s Secure OS. It’s available to purchase for $249, shipping immediately. The Ledger Flex features a high-resolution, 2.8” display that provides clarity when signing transactions or approving…

Read more →

Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About CVE-2024-6327 (and CVE-2024-6096) Telerik Report Server is an enterprise solution for storing, creating, managing and…

Read more →

As AI-generated deepfake attacks and identity fraud become more prevalent, companies are developing response plans to address these threats, according to GetApp. In fact, 73% of US respondents report that their organization has developed a deepfake response plan. This concern…

Read more →

While sysadmins recognize AI’s potential, significant gaps in education, cautious organizational adoption, and insufficient AI maturity hinder widespread implementation, leading to mixed results and disruptions in 16% of organizations, according to Action1. Knowledge gap and training needs Sysadmins’ views remained…

Read more →

With the new stringent regulations, including the SEC’s cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU, a significant challenge is emerging for many organizations, according to Onyxia Cyber. CISO role has changed…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from GitGuardian, LOKKER, Permit.io, Secure Code Warrior, and Strata Identity. GitGuardian’s tool helps companies discover developer leaks on GitHub GitGuardian released a tool to help companies…

Read more →

Chainguard has completed a $140 million Series C round of funding led by Redpoint Ventures, Lightspeed Venture Partners, and IVP, bringing the company’s total funding raised to $256 million. Existing investors, including Amplify, Mantis VC, Sequoia Capital, and Spark Capital…

Read more →

A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited…

Read more →

CrowdStrike has released a preliminary Post Incident Review (PIR) of how the flawed Falcon Sensor update made its way to millions of Windows systems and pushed them into a “Blue Screen of Death” loop. The PIR is a bit confusing…

Read more →

CAST launched CAST SBOM Manager, a new freemium product designed for product owners, release managers, and compliance specialists. CAST SBOM Manager automates and simplifies the creation and handling of Software Bill of Materials (SBOMs), which North American and European governments…

Read more →

Lakera has raised $20 million in a Series A funding round. Led by European VC Atomico, with participation from Citi Ventures, Dropbox Ventures, and existing investors including redalpine, this investment brings Lakera’s total funding to $30 million. This funding positions…

Read more →

BIND (Berkeley Internet Name Domain) is an open-source DNS software system with an authoritative server, a recursive resolver, and related utilities. BIND 9.20, a stable branch suitable for production use, has been released. According to the current software release plan,…

Read more →

Somewhere, right now, a CISO is in a boardroom making their best case for stronger identity threat detection and response (ITDR) initiatives to lower the risk of intrusion. For a good reason, too: Look no further than the Change Healthcare…

Read more →

In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware,…

Read more →

GitHub is an immensely popular platform, with over 100 million developers and over 90% of Fortune 100 companies utilizing it. Despite its widespread use, many GitHub Actions workflows remain insecure, often due to excessive privileges or high-risk dependencies. In this…

Read more →

Regulated data (data that organizations have a legal duty to protect) makes up more than a third of the sensitive data being shared with GenAI applications—presenting a potential risk to businesses of costly data breaches, according to Netskope. The new…

Read more →

Check Point researchers have unearthed an extensive network of GitHub accounts that they believe provides malware and phishing link Distribution-as-a-Service. Set up and operated by a threat group the researchers dubbed as Stargazer Goblin, the “Stargazers Ghost Network” is estimated…

Read more →

Vanta announced that it has raised a $150 million Series C funding round at a valuation of $2.45 billion. The round was led by Sequoia Capital, in addition to new investors Growth Equity at Goldman Sachs Alternatives, J.P. Morgan and…

Read more →

A bug in the Content Validator – a software element CrowdStrike relies on for testing and validating Rapid Response Content updates for its Falcon Sensors – is (partly) why the faulty update wasn’t caught in time, the company said. In…

Read more →

Coalfire announced its Cyber Security On-Demand portfolio to provide a flexible set of services that reduce cyber risks and remediate security vulnerabilities in customer environments. As attack surfaces grow, defenders need flexibility and a hacker mindset to respond. These services…

Read more →

Craxel launched integrated cyber defense platform, Black Forest Reaper. Designed to revolutionize cyber defense capabilities for the world’s largest cyber threat hunting enterprises, including U.S. government federal civilian agencies, the Department of Defense, Homeland Security, and the intelligence community, Black…

Read more →

Secure collaboration through access-sharing is a must-have feature in almost any modern application, from requesting to edit a document or viewing a widget in a dashboard to submitting wire transfers for approval. With “Permit Share-If,” developers no longer need to…

Read more →

GitGuardian releases a tool to help companies discover how many secrets their developers have leaked on public GitHub, both company-related and personal. Even if your organization doesn’t engage in open source, your developers or subcontractors may inadvertently leak sensitive information…

Read more →

In this Help Net Security interview, Karthik Swarnam, Chief Security and Trust Officer at ArmorCode, discusses key metrics and KPIs to measure cybersecurity ROI. Swarnam shares strategies for enhancing ROI through proactive measures and effective communication with executive leadership. What…

Read more →

Applied Cryptographer Quantstamp | EMEA | Remote – View job details As an Applied Cryptographer, you will research about various cryptographic protocols and have knowledge of cryptographic primitives or concepts, like elliptic curve cryptography, hash functions, and PCPs. You should…

Read more →

Infisical is an open-source secret management platform developers use to centralize application configurations and secrets, such as API keys and database credentials, while also managing their internal PKI. In addition to managing secrets with Infisical, you can scan your files,…

Read more →

91% of respondents say their security budget is increasing this year, demonstrating a growing recognition of the importance of cybersecurity within organizations, according to Seemplicity. Vendor environments introduce complexity and fragmentation Seemplicity surveyed 300 US cybersecurity professionals to gauge perceptions…

Read more →

LOKKER released a new privacy solution for insurers: the ability to share on-demand web privacy risk reports with their insureds. These reports give insurers and the insured companies a simple view of their data privacy risk profile in eight different…

Read more →

Ketch launched its No-Code Rights Automation product, designed to make it easy for non-technical teams to comply with consumer requests for data deletion and access. This includes the full business process from receiving the consumer request, to pulling data from…

Read more →

Strata Identity announced Identity Continuity, an addition to its Maverics Identity Orchestration platform. This new premium offering ensures business continuity and uninterrupted application access by seamlessly failing over from a primary cloud Identity Provider (IDP) to a secondary IDP, using…

Read more →

Secure Code Warrior introduced SCW Trust Agent – a solution that assesses the specific security competencies of developers for every code commit. This innovative offering enables CISOs and application security (AppSec) teams to embrace a Secure-by-Design approach with deeper visibility…

Read more →

When it comes to the cyber threat landscape, change is the only constant: the inevitable interplay between cybercriminals and law enforcement agencies makes it inevitable. Europol’s recently released Internet Organised Crime Threat Assessment (IOCTA) 2024 report covers events – law…

Read more →

ESET researchers discovered a zero-day exploit, which targets the Telegram app for Android, that appeared for sale for an unspecified price in an underground forum post from June 2024. Example of how the EvilVideo exploit appears on Telegram (source: ESET)…

Read more →

Gcore has secured $60 million in Series A funding from institutional and strategic investors. Led by Wargaming, and with participation from Constructor Capital and Han River Partners, this marks the company’s first external capital raise since its inception more than…

Read more →

As organizations increasingly adopt third-party AI tools to streamline operations and gain a competitive edge, they also invite a host of new risks. Many companies are unprepared, lacking clear policies and adequate employee training to mitigate these new dangers. AI…

Read more →

The fintech market is experiencing a swift transformation driven by emerging technologies like Open Finance and GenAI, as highlighted by Juniper Research. This evolution is compounded by intense competition to become customers’ preferred choice, making the market more competitive and…

Read more →

In this Help Net Security video, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the key findings of their recent annual SaaS Security Survey Report, conducted in partnership with the Cloud Security Alliance (CSA). Seventy percent of organizations have…

Read more →

In this Help Net Security interview, Anand Pashupathy, VP & GM, Security Software & Services Division at Intel, explains how Intel’s approach to confidential computing, particularly at the silicon level, enhances data protection for AI applications and how collaborations with…

Read more →

Heeler Security announced the successful closing of an $8.5 million Seed Series funding round, led by Norwest Venture Partners with significant participation from Storm Ventures. “Application security requires a new approach that focuses on runtime visibility and that’s exactly what…

Read more →

By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for Crowdstrike Falcon Sensors that threw Windows hosts into a blue-screen-of-death…

Read more →

In this Help Net Security interview, Saira Jesani, Executive Director of the Data & Trust Alliance, discusses the role of data provenance in AI trustworthiness and its impact on AI models’ performance and reliability. Jesani highlights the collaborative process behind…

Read more →

Digitalization has evolved into a systemic risk for organizations – and, therefore, cyber insurers. With the global cost of cybercrime skyrocketing, something has to change. In this Help Net Security video, Vishaal Hariprasad, CEO at Resilience, discusses how cyber insurance…

Read more →

Shuffle is an open-source automation platform designed by and for security professionals. While security operations are inherently complex, Shuffle simplifies the process. It’s designed to integrate with Managed Security Service Providers (MSSPs) and other service providers. Key features Feature-rich workflow…

Read more →

ESET Research has discovered a sophisticated Chinese browser injector: a signed, vulnerable, ad-injecting driver from a mysterious Chinese company. This threat, which ESET dubbed HotPage, comes self-contained in an executable file that installs its main driver and injects libraries into…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Faulty CrowdStrike update takes out Windows machines worldwide Thousands and possibly millions of Windows computers and servers worldwide have been made inoperable by a faulty…

Read more →

The world is 16+ hours into what looks like the biggest IT outage in history, triggered by a defective update for Crowdstrike endpoint security software for Windows machines. The price of both Crowdstrike’s and Microsoft’s shares has tumbled down as…

Read more →

The world is 16+ hours into what looks like the biggest IT outage in history, triggered by a defective update for Crowdstrike endpoint security software for Windows machines. The price of both Crowdstrike’s and Microsoft’s shares has tumbled down as…

Read more →

Forcepoint unveils its comprehensive GenAI Security solution, offering visibility, control, and risk-based data protection across generative AI platforms, including integration with OpenAI’s ChatGPT Enterprise Compliance API. Part of Forcepoint’s mission to deliver ‘data security everywhere,’ this solution empowers businesses and…

Read more →

Netskope announced an integration with OpenAI‘s ChatGPT Enterprise Compliance API to deliver API-enabled controls that bolster security and compliance for enterprise organizations using generative AI (genAI) applications. Through this integration with the ChatGPT Enterprise, the Netskope One platform provides organizations…

Read more →

Thousands and possibly millions of Windows computers and servers worldwide have been made inoperable by a faulty update of Crowdstrike Falcon Sensors, and the outage affected transport, broadcast, financial, retail and other organizations have been affected in Europe, Australia, the…

Read more →

Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security, according to OpenSSF and the Linux Foundation. Despite this, many developers lack the essential knowledge and skills to effectively implement secure software development. Lack of…

Read more →

As GenAI models used for natural language processing, image generation, and other complex tasks often rely on large datasets that must be transmitted between distributed locations, including data centers and edge devices, WAN optimization is essential for robust deployment of…

Read more →

Cyber threats are advancing quickly in size and sophistication, largely because of the rapid evolution of technology, increasing sophistication of cyber attackers, and the expansion of attack surfaces through interconnected systems and devices, according to Ivanti. Ivanti’s research shows that…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from AuditBoard, BlueVoyant, Druva, Invicti Security, and Rezonate. AuditBoard’s self-assessment tools allow audit teams to maintain focus on their critical work AuditBoard launched out-of-the-box (OOTB) self-assessment…

Read more →

A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers. Several PoC exploits have been published, including one by IT consultant Mohamed Nabil Ali that performs bulk scanning…

Read more →

Pindrop announced it has secured $100 million in debt financing from Hercules Capital. This significant funding will enable Pindrop to further develop its audio, voice, and AI technologies, enhancing its offerings for customers in the banking, finance, contact center, insurance,…

Read more →

NTT DATA unveiled its new Edge AI platform to accelerate IT/OT convergence by bringing AI processing to the edge. By processing data when and where it is generated and unifying diverse IoT devices, systems and data, this unique, fully managed…

Read more →

Cerbos announced the general availability of Cerbos Hub, following a successful beta phase. Cerbos Hub is a managed Policy Administration Point offering for the popular open source authorization product, Cerbos Policy Decision Point (PDP). Cerbos lets teams provide the right…

Read more →

SonicWall launched Cloud Secure Edge (CSE), offering an innovative suite of Zero Trust Access offerings designed specifically for MSPs who are meeting customers with increasingly remote work forces on their cloud migration journeys. With flexible, cost-effective solutions for remote access…

Read more →

The cybercrime-focused enterprise known as FIN7 (aka the Carbanak group) has come up with yet another trick to assure the effectiveness of its “EDR killer” tool, dubbed AvNeutralizer (i.e., AuKill) by researchers. By leveraging Windows’ built-in driver TTD Monitor Driver…

Read more →

CISSP carries clout. As the world’s leading cybersecurity certification, it opens many professional opportunities worldwide. Find out what led 14 successful CISSPs around the globe to a career in cybersecurity. They open up about how certification has helped them realize…

Read more →

BlackBerry launched CylanceMDR Pro, a managed detection and response (MDR) service built on an Open XDR platform powered by AI. Designed to tackle the growing challenges of modern cybersecurity, CylanceMDR Pro overcomes the operational burden facing security teams that must…

Read more →

NETSCOUT introduced its new suite of Business Edge Observability products, including the nGenius Edge Sensor and Remote InfiniStreamNG solutions to deliver IT observability for remote locations at the digital edge. As the prevalence and importance of mission-critical applications and services…

Read more →

Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on its Smart Software Manager On-Prem license servers (CVE-2024-20419). Neither of the flaws are…

Read more →

Waterfall Security launched HERA – Hardware Enforced Remote Access, a new technology designed to enable safe and secure remote access into cyber-physical systems and OT networks. HERA allows organizations to reap the operational and economical value of remotely accessing and…

Read more →

NDAY Security unveiled the latest release to its automated offensive security platform, ATTACKN. This all-in-one platform enables organizations to deploy, monitor, and manage critical offensive security measures, including: Point-in-time Penetration Testing. Penetration Testing as a Service (PTaaS). Continuous Penetration Testing.…

Read more →

AppViewX announced the AppViewX PQC Test Center, which allows organizations to assess their PQC readiness and take steps to achieve PQC resiliency. This free online service enables users to generate and test Quantum-Safe certificates today. Quantum computing has the potential…

Read more →

Aided by the emergence of generative artificial intelligence models, synthetic identity fraud has skyrocketed, and now accounts for a staggering 85% of all identity fraud cases. For security professionals, the challenge lies in staying one step ahead of these evolving…

Read more →

In this Help Net Security interview, Curtis Arnold, VP and Chief Scientist at Core4ce, discusses the starting points for military training in zero trust principles, emphasizing foundational technologies and a unified taxonomy. Arnold provides insights into the DoD’s Zero Trust…

Read more →

Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool. Find vulnerabilities for major operating system packages Alpine Amazon Linux BusyBox CentOS CBL-Mariner Debian Distroless…

Read more →

It’s becoming evident that the legacy practice of signature-based threat detection needs to be improved for cloud security challenges. In this Help Net Security video, Jimmy Mesta, CTO at RAD Security, discusses a new proposed standard for creating behavioral fingerprints…

Read more →

Appgate has unveiled its new Malware Analysis Service that mitigates cyberthreats for enterprises and government agencies by identifying and neutralizing malicious software. Appgate’s Malware Analysis and Research Team now offers two new services that allow resource-constrained security teams to submit…

Read more →

Invicti announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution. The growth of service-based architectures has driven an explosion in APIs, creating yet another expanding attack surface for security teams to address. As…

Read more →

OpenText announced its latest product innovations with Cloud Editions (CE) 24.3. This release represents a significant leap forward in integrating advanced information management capabilities, trusted cloud solutions, robust security measures, and AI to optimize data performance for simpler, but superior,…

Read more →

Red Hat introduced new capabilities and enhancements for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes, as well as the general availability of Red Hat Advanced Cluster Security Cloud Service. The new features, delivered with the general…

Read more →

In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta recommends role-based access…

Read more →

SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain takeover tools. “SubSnipe does some additional verification after the fingerprinting to find candidates more likely…

Read more →

Adversary Emulation Team Member Australian Federal Police | Australia | On-site – View job details As an Adversary Emulation Team Member you will participate in testing and assessment activities in both domestic and international settings. You will gain exposure to…

Read more →

Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose major risks The report found the GitHub Actions marketplace’s security posture to be especially concerning, with…

Read more →

Secureworks launched Taegis ManagedXDR Plus, a new Managed Detection and Response (MDR) offering that liberates the mid-market from indistinct, cookie cutter security solutions that don’t meet their unique security requirements. This announcement means that this market sector will no longer…

Read more →

The Cloud Security Alliance (CSA) demonstrated its commitment to improving its vendor-neutral cloud security training with the release of the Certificate of Cloud Security Knowledge (CCSK) v5, furnishing cloud stakeholders with the skills they need to optimize the protection of…

Read more →

Druva announced new capabilities to help its customers accelerate the investigation and remediation of cyber threats. The new Threat Hunting capability empowers IT and security teams to search their global data footprint for indicators of compromise (IOCs). Druva is also…

Read more →

The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Trend Micro’s Zero…

Read more →

Harmonic Security launched Harmonic Protect which empowers security teams with the tools to protect sensitive data without the headaches of labeling and complex rules. CISOs using Harmonic have coined it “zero-touch data protection” for its unique ability to protect vast…

Read more →

Rezonate unveiled unified coverage from human to non-human identity security (NHI) with comprehensive capabilities: identity inventory and visibility, security posture, compliance, and identity threat detection and response (ITDR). The platform is taking a unified approach to managing both human and…

Read more →

GMO GlobalSign announced updates to its Automated Certificate Management Environment (ACME) service for internal domain certificates, enabling customers to issue GlobalSign IntranetSSL certificates through its ACME service. ACME is an internet protocol designed to enable enterprises to communicate with a…

Read more →

Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: an enduring campaign that aims to infect Facebook users with the SYS01…

Read more →

McAfee announced the appointment of Craig Boundy as President and CEO, effective August 21, 2024. Boundy, a seasoned executive with over 25 years of leadership experience, joins McAfee from Experian where he served as the global Chief Operating Officer, and…

Read more →

In this Help Net Security interview, Seth Hodgson, SVP of Engineering at Udemy, discusses effective study techniques for cybersecurity certification exams. Hodgson discusses the role of study groups, online forums, and professional networks in certification preparation and shares strategies for…

Read more →

It’s been less than 18 months since the public introduction of ChatGPT, which gained 100 million users in less than two months. Given the hype, you would expect enterprise adoption of generative AI to be significant, but it’s been slower…

Read more →

This article provides an overview of the major data breaches we covered in 2024 so far, highlighting incidents involving Trello, AnyDesk, France Travail, Nissan, MITRE, Dropbox, BBC Pension Scheme, TeamViewer, Advance Auto Parts, and AT&T. Find out what led to…

Read more →

A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user–until now. A team of researchers has developed a simple firmware update that can completely hide the Bluetooth fingerprint, eliminating the vulnerability. Bluetooth signals from mobile devices pose…

Read more →

While previous Olympic games have faced cybersecurity threats, the Games of the XXXIII Olympiad, also known as Paris 2024, will see the largest number of threats, the most complex threat landscape, the largest ecosystem of threat actors, and the highest…

Read more →

AuditBoard launched of out-of-the-box (OOTB) self-assessment tools that enable internal auditors to easily assess and streamline conformance with the new Institute of Internal Auditors (IIA) Global Internal Audit Standards (“Standards”) that go into effect January 9th, 2025. These new capabilities…

Read more →

Yubico and Straxis launched a new Secure Web browsing application called MilSecure Mobile. This application can be adopted by any Defense Department (DOD) organization to enable secure access to protected DOD websites and services by service members and government employees…

Read more →

BlueVoyant unveiled its innovative Cyber Defense Platform. The platform integrates internal, external, and supply chain defense solutions into a single, cloud-native platform designed to measure and strengthen cyber defense posture in a cost-effective manner. The mission of security operations teams…

Read more →

The maintainers of the Exim mail transfer agent (MTA) have fixed a critical vulnerability (CVE-2024-39929) that currently affects around 1.5 million public-facing servers and can help attackers deliver malware to users. About CVE-2024-39929 The vulnerability stems from a bug in…

Read more →

The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and API keys – has recently skyrocketed. A steady stream of NHI-related breaches is causing some of the chatter surrounding…

Read more →

Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any size. “Realm is unique in its custom interpreter written in Rust. This allows us to write complex TTPs as code. With…

Read more →

In this Help Net Security interview, Pranava Adduri, CEO at Bedrock Security, discusses how businesses can identify and prioritize their data security risks. Adduri emphasizes the necessity of ongoing monitoring and automation to keep up with evolving threats and maintain…

Read more →