Help Net Security

Push Security unveiled verified stolen credentials detection capability, a new feature designed to reshape how security teams combat identity threats. By analyzing threat intelligence (TI) on stolen credentials and comparing it against active credentials in customer environments, the Push platform eliminates false positives, delivering only actionable alerts to help organizations protect compromised workforce identities. This paradigm shift promises to drastically reduce the noise security teams face, empowering them to act swiftly on verified threats without … More →

The post Push Security introduces verified stolen credentials detection capability appeared first on Help Net Security.

ENGlobal, a Texas-based engineering and automation contractor for companies in the energy sector, has had its data encrypted by attackers. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. The preliminary investigation has revealed that a threat actor illegally accessed the Company’s information technology (“IT”) system and encrypted some of its data files,” the company shared in an 8-K filed on Monday with the US Securities and Exchange Commission. The … More →

The post US government, energy sector contractor hit by ransomware appeared first on Help Net Security.

Nextcloud has unveiled Nextcloud Talk, an open-source alternative to Microsoft Teams. It’s a privacy-compliant collaboration platform for hybrid teams that gives companies complete control over their data. Nextcloud Talk collaboration software delivers highly secure, GDPR-compliant communication while providing all the essential features modern teams require, from chat and video conferencing to webinars. Its open architecture enables integration with existing systems and allows for the customization of solutions tailored to specific needs. Nextcloud Talk highlights High-security … More →

The post Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams appeared first on Help Net Security.

Thales launched Data Risk Intelligence, an Imperva Data Security Fabric (DSF) solution that proactively addresses the risks to data wherever it resides. This is the first solution uniting the risk and threat identification capabilities of the Imperva Data Security Fabric with the data protection capabilities of the Thales CipherTrust Data Security Platform, following Thales’s strategic acquisition of Imperva in December 2023. With data and operations spread across cloud, on-premises and hybrid systems, security teams require … More →

The post Thales Data Risk Intelligence identifies risks to sensitive data appeared first on Help Net Security.

In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professionals use AI tools. He discusses how this shift encourages a more collaborative approach while acknowledging AI’s limitations. Kersten also discusses the need for strong oversight and accountability to ensure AI aligns with business goals and remains secure. Treating AI like a human can accelerate its development. Could you elaborate on how … More →

The post Treat AI like a human: Redefining cybersecurity appeared first on Help Net Security.

In this Help Net Security video, Sean Tufts, managing partner for critical infrastructure and operational technology at Optiv, discusses best practices for keeping businesses secure amidst a barrage of threats during the holiday season. Pause large changes in your security stack: IT and security changes that may not have been fully tested can create vulnerabilities. So, while it might be tempting to rush things out the door to achieve a clean slate going into the … More →

The post Best practices for staying cyber secure during the holidays appeared first on Help Net Security.

Application Security Engineer TE Connectivity | USA | Remote – View job details As an Application Security Engineer, you will design, develop, and implement a robust Application Security program. Create and maintain application security policies, standards, and procedures. Participate in the incident response process, focusing on application-related security incidents. Investigate and analyze security breaches and provide actionable recommendations to prevent recurrence. Cryptography engineer Leonar | France | On-site – View job details As a Cryptography … More →

The post Cybersecurity jobs available right now: December 3, 2024 appeared first on Help Net Security.

It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them. Clutch Security researchers performed a test to see just how quickly that can happen. They dispersed AWS access keys (in different scenarios) on: Code hosting and version control platforms: GitHub and GitLab Public code repositories: Docker Hub (for containers), npm (for JavaScript … More →

The post The shocking speed of AWS key exploitation appeared first on Help Net Security.

Datadog announced its modern approach to Cloud SIEM, which doesn’t require dedicated staff or specialized teams to activate the solution. This approach makes it easy for teams to onboard, de-risk migrations and democratize security practices while disrupting traditional models, which can be costly and resource intensive. Existing SIEM (security information and event management) solutions face several significant challenges that put security teams at risk. Traditional SIEMs often struggle to integrate data from diverse sources, leading … More →

The post Datadog Cloud SIEM accelerates security investigations appeared first on Help Net Security.

Skyflow unveiled new capabilities for Agentic AI. These allow enterprises to build and deploy AI agents with a security and privacy trust layer with features that include protecting sensitive data flowing in and out of AI agents, auditing & logging, governance, and compliance with global and regional data protection measures. There is a new ecosystem emerging for agentic apps – built on a new AI data stack. Skyflow is announcing partnerships with Databricks, the data … More →

The post Skyflow protects sensitive data flowing in and out of AI agents appeared first on Help Net Security.

Radiant Logic announces the expansion of its central intelligence hub solution, RadiantOne, to now include Identity Observability. Building on the identity security foundation of Identity Data Management and Identity Analytics, Identity Observability allows the world’s most complex organizations to access an intuitive map of their entire identity infrastructure with 360° continuously streaming visibility, an intelligent risk collaboration hub, and seamless AI-powered risk remediation workflows. For large organizations wrestling with identity sprawl or legacy architectures, the … More →

The post Radiant Logic provides continuous identity hygiene assessments via real-time streaming data appeared first on Help Net Security.

Veracode announced innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem. The latest enhancements in Veracode Fix and Veracode Risk Manager, formerly known as Longbow Security, give developers the ability to build software, assess risk, and remediate at the click of a button in their preferred environment. “Six months ago, we proudly signed the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure By Design pledge, which set out to … More →

The post Veracode unveils innovations for secure software development appeared first on Help Net Security.

Amazon Web Services (AWS) has launched a new service to help organizations prepare for and recover from ransomware attacks, account takeovers, data breaches, and other security events: AWS Security Incident Response (SIR). Creating a case (Source: AWS) AWS Security Incident Response explained “Security events are becoming more pervasive and complex for customers,” says Betty Zheng, Senior Developer Advocate at AWS. Incident response is becoming harder due to the increased complexity and the lack of in-house … More →

The post AWS offers incident response service appeared first on Help Net Security.

A coordinated international operation involving law enforcement agencies from 40 countries led to the arrest of over 5,500 individuals linked to financial crimes and the confiscation of more than $400 million in virtual assets and government-backed currencies. Officers in Nigeria making an arrest (Source: INTERPOL) Operation HAECHI V details The five-month Operation HAECHI V (July – November 2024) targeted seven types of cyber-enabled frauds: voice phishing, romance scams, online sextortion, investment fraud, illegal online gambling, … More →

The post $400M seized, 5,500 arrested in global operation targeting cyber fraud appeared first on Help Net Security.

Cybersecurity programs have evolved significantly over the past few decades. The advent of cloud computing shattered the conventional corporate perimeter, forcing organizations to update their defense strategies. Today, with the rise of work-from-anywhere and bring-your-own-device (BYOD) policies as well as the ongoing shift to cloud environments, we’re seeing a shift of equal magnitude as it is becoming increasingly clear that endpoint security tools alone cannot handle the new threat landscape. Endpoint security is still an … More →

The post 5 reasons to double down on network security appeared first on Help Net Security.

In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that involves the CNA community and highlights the persistent vulnerabilities that continue to make the list year after year. Summers also touches on the role of AI tools in identifying vulnerabilities and the importance of root cause mapping … More →

The post Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges appeared first on Help Net Security.

While human error has always posed a cybersecurity risk, AI and emerging tech are playing an evolving role in Human Risk Management – uncovering new needs, challenges, and pain points. In this Help Net Security video, Bret Fund, SVP and General Manager at Infosec Institute, discusses how human risk management should be at the core of an organization’s risk management strategy, especially in the age of AI. As tech advances, training must be regularly updated … More →

The post How AI is transforming human risk management appeared first on Help Net Security.

Pixelator v2 is a tool to spot fake images. It uses a new combination of image veracity techniques with capability beyond what can be seen by the human eye. It can identify subtle differences in images with greater accuracy than traditional methods and has been shown to detect alternations as small as 1 pixel. Highlighting differences between distorted Lenna and reference Lenna images using SSIM and Pixelator v2 The tool is developed by York St. … More →

The post Data scientists create tool to spot fake images appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Researchers reveal exploitable flaws in corporate VPN clients Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. Cybercriminals used a gaming engine to create undetectable malware loader Threat actors are using an ingenious new way for covertly delivering malware … More →

The post Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine appeared first on Help Net Security.

In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing vulnerabilities and addressing patching delays. Carter also covers compliance requirements and how automation can streamline vulnerability management processes. Why do you think challenges like prioritizing vulnerabilities and patching delays persist despite technological advances? The increasing complexity of enterprise infrastructure, expanding attack surface, and improved vulnerability and exposure detection capabilities have all led to a … More →

The post The effect of compliance requirements on vulnerability management strategies appeared first on Help Net Security.