Help Net Security

Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. The vulnerabilities Veeam Service Provider Console is a cloud-enabled platform that allows enterprises to manage and monitor backup operations across their offices. It’s also used by service providers to deliver Backup-as-a-Service (BaaS) and Disaster Recovery-as-a-Service (DRaaS) services to customers. The solution uses management agents to interact with … More →

The post Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) appeared first on Help Net Security.

A joint investigation team involving French and Dutch authorities has taken down Matrix, yet another end-to-end encrypted chat service created for criminals. Matrix (Source: Dutch Police) The Matrix encrypted chat service Matrix – also know as Mactrix, Totalsec, X-quantum, and Q-safe – was first identified by Dutch authorities on the phone of a criminal convicted for the murder of Dutch crime journalist Peter R. de Vries in 2021, and the discovery prompted an investigation into … More →

The post Police takes down Matrix encrypted chat service used by criminals appeared first on Help Net Security.

The cyber world needs your expertise. However, the security leaders of tomorrow require a broad set of skills that job experience alone does not arm you with. What do organizations demand? And how can you acquire the technical and soft skills that drive business prosperity? Download the whitepaper to: Overcome cybersecurity challenges putting enterprise success at risk Make a positive and lasting impact Explore the 9 key characteristics of effective leaders in the field Fill … More →

The post Whitepaper: 9 traits of effective cybersecurity leaders of tomorrow appeared first on Help Net Security.

N2WS has unveiled new enhancements to its cloud-native backup and disaster recovery (BDR) platform. These updates empower enterprises and managed service providers (MSPs) to address the growing threats of ransomware and other malicious attacks while cutting operational costs, streamlining cross-cloud and multi-cloud data management, and maximizing the potential of their cloud investments without stressing budgets. Despite the advancements in cybersecurity strategies and the growth of security products over the years, the latest data paints a … More →

The post N2WS platform enhancements improve restore time for enterprises and MSPs appeared first on Help Net Security.

Sweet Security introduces unified Cloud Native Detection and Response platform, designed to transform the way organizations protect their cloud environments in real time. Sweet’s platform integrates the capabilities of Application Detection and Response (ADR), Cloud Detection and Response (CDR), and Cloud Workload Protection Platform (CWPP) into one comprehensive solution. This approach delivers detection and response capabilities, unifying insights from every layer of the cloud stack. “The Sweet team has worked tirelessly to build a platform … More →

The post Sweet Security helps organizations protect their cloud environments appeared first on Help Net Security.

Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last week about email campaigns luring users with promises of payments, benefits and end-of-the-year bonuses. Recipients are instructed to dowload the attached document – an archive file (ZIP) or an MS Office file (e.g., DOCX) – and open it, but the file is corrupted. The recipients are then prompted … More →

The post Phishers send corrupted documents to bypass email security appeared first on Help Net Security.

Push Security unveiled verified stolen credentials detection capability, a new feature designed to reshape how security teams combat identity threats. By analyzing threat intelligence (TI) on stolen credentials and comparing it against active credentials in customer environments, the Push platform eliminates false positives, delivering only actionable alerts to help organizations protect compromised workforce identities. This paradigm shift promises to drastically reduce the noise security teams face, empowering them to act swiftly on verified threats without … More →

The post Push Security introduces verified stolen credentials detection capability appeared first on Help Net Security.

ENGlobal, a Texas-based engineering and automation contractor for companies in the energy sector, has had its data encrypted by attackers. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. The preliminary investigation has revealed that a threat actor illegally accessed the Company’s information technology (“IT”) system and encrypted some of its data files,” the company shared in an 8-K filed on Monday with the US Securities and Exchange Commission. The … More →

The post US government, energy sector contractor hit by ransomware appeared first on Help Net Security.

Nextcloud has unveiled Nextcloud Talk, an open-source alternative to Microsoft Teams. It’s a privacy-compliant collaboration platform for hybrid teams that gives companies complete control over their data. Nextcloud Talk collaboration software delivers highly secure, GDPR-compliant communication while providing all the essential features modern teams require, from chat and video conferencing to webinars. Its open architecture enables integration with existing systems and allows for the customization of solutions tailored to specific needs. Nextcloud Talk highlights High-security … More →

The post Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams appeared first on Help Net Security.

Thales launched Data Risk Intelligence, an Imperva Data Security Fabric (DSF) solution that proactively addresses the risks to data wherever it resides. This is the first solution uniting the risk and threat identification capabilities of the Imperva Data Security Fabric with the data protection capabilities of the Thales CipherTrust Data Security Platform, following Thales’s strategic acquisition of Imperva in December 2023. With data and operations spread across cloud, on-premises and hybrid systems, security teams require … More →

The post Thales Data Risk Intelligence identifies risks to sensitive data appeared first on Help Net Security.

In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professionals use AI tools. He discusses how this shift encourages a more collaborative approach while acknowledging AI’s limitations. Kersten also discusses the need for strong oversight and accountability to ensure AI aligns with business goals and remains secure. Treating AI like a human can accelerate its development. Could you elaborate on how … More →

The post Treat AI like a human: Redefining cybersecurity appeared first on Help Net Security.

In this Help Net Security video, Sean Tufts, managing partner for critical infrastructure and operational technology at Optiv, discusses best practices for keeping businesses secure amidst a barrage of threats during the holiday season. Pause large changes in your security stack: IT and security changes that may not have been fully tested can create vulnerabilities. So, while it might be tempting to rush things out the door to achieve a clean slate going into the … More →

The post Best practices for staying cyber secure during the holidays appeared first on Help Net Security.

Application Security Engineer TE Connectivity | USA | Remote – View job details As an Application Security Engineer, you will design, develop, and implement a robust Application Security program. Create and maintain application security policies, standards, and procedures. Participate in the incident response process, focusing on application-related security incidents. Investigate and analyze security breaches and provide actionable recommendations to prevent recurrence. Cryptography engineer Leonar | France | On-site – View job details As a Cryptography … More →

The post Cybersecurity jobs available right now: December 3, 2024 appeared first on Help Net Security.

It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them. Clutch Security researchers performed a test to see just how quickly that can happen. They dispersed AWS access keys (in different scenarios) on: Code hosting and version control platforms: GitHub and GitLab Public code repositories: Docker Hub (for containers), npm (for JavaScript … More →

The post The shocking speed of AWS key exploitation appeared first on Help Net Security.

Datadog announced its modern approach to Cloud SIEM, which doesn’t require dedicated staff or specialized teams to activate the solution. This approach makes it easy for teams to onboard, de-risk migrations and democratize security practices while disrupting traditional models, which can be costly and resource intensive. Existing SIEM (security information and event management) solutions face several significant challenges that put security teams at risk. Traditional SIEMs often struggle to integrate data from diverse sources, leading … More →

The post Datadog Cloud SIEM accelerates security investigations appeared first on Help Net Security.

Skyflow unveiled new capabilities for Agentic AI. These allow enterprises to build and deploy AI agents with a security and privacy trust layer with features that include protecting sensitive data flowing in and out of AI agents, auditing & logging, governance, and compliance with global and regional data protection measures. There is a new ecosystem emerging for agentic apps – built on a new AI data stack. Skyflow is announcing partnerships with Databricks, the data … More →

The post Skyflow protects sensitive data flowing in and out of AI agents appeared first on Help Net Security.

Radiant Logic announces the expansion of its central intelligence hub solution, RadiantOne, to now include Identity Observability. Building on the identity security foundation of Identity Data Management and Identity Analytics, Identity Observability allows the world’s most complex organizations to access an intuitive map of their entire identity infrastructure with 360° continuously streaming visibility, an intelligent risk collaboration hub, and seamless AI-powered risk remediation workflows. For large organizations wrestling with identity sprawl or legacy architectures, the … More →

The post Radiant Logic provides continuous identity hygiene assessments via real-time streaming data appeared first on Help Net Security.

Veracode announced innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem. The latest enhancements in Veracode Fix and Veracode Risk Manager, formerly known as Longbow Security, give developers the ability to build software, assess risk, and remediate at the click of a button in their preferred environment. “Six months ago, we proudly signed the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure By Design pledge, which set out to … More →

The post Veracode unveils innovations for secure software development appeared first on Help Net Security.

Amazon Web Services (AWS) has launched a new service to help organizations prepare for and recover from ransomware attacks, account takeovers, data breaches, and other security events: AWS Security Incident Response (SIR). Creating a case (Source: AWS) AWS Security Incident Response explained “Security events are becoming more pervasive and complex for customers,” says Betty Zheng, Senior Developer Advocate at AWS. Incident response is becoming harder due to the increased complexity and the lack of in-house … More →

The post AWS offers incident response service appeared first on Help Net Security.

A coordinated international operation involving law enforcement agencies from 40 countries led to the arrest of over 5,500 individuals linked to financial crimes and the confiscation of more than $400 million in virtual assets and government-backed currencies. Officers in Nigeria making an arrest (Source: INTERPOL) Operation HAECHI V details The five-month Operation HAECHI V (July – November 2024) targeted seven types of cyber-enabled frauds: voice phishing, romance scams, online sextortion, investment fraud, illegal online gambling, … More →

The post $400M seized, 5,500 arrested in global operation targeting cyber fraud appeared first on Help Net Security.