cybersecurity

Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver

browser, cybersecurity, drivers, ESET, Malware, News, report /

Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver 2024-07-22 at 06:01 By Help Net Security ESET Research has discovered a sophisticated Chinese browser injector: a signed, vulnerable, ad-injecting driver from a mysterious Chinese company. This threat, which ESET dubbed HotPage, comes self-contained in an executable file that installs its main driver and injects […]

Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver Read More »

GenAI network acceleration requires prior WAN optimization

Aryaka, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, network, network monitoring, News, opinion, SASE /

GenAI network acceleration requires prior WAN optimization 2024-07-19 at 07:32 By Help Net Security As GenAI models used for natural language processing, image generation, and other complex tasks often rely on large datasets that must be transmitted between distributed locations, including data centers and edge devices, WAN optimization is essential for robust deployment of GenAI

GenAI network acceleration requires prior WAN optimization Read More »

CISOs must shift from tactical defense to strategic leadership

CISO, cybersecurity, Ivanti, News, report, strategy, survey, threats, vulnerability management /

CISOs must shift from tactical defense to strategic leadership 2024-07-19 at 06:31 By Help Net Security Cyber threats are advancing quickly in size and sophistication, largely because of the rapid evolution of technology, increasing sophistication of cyber attackers, and the expansion of attack surfaces through interconnected systems and devices, according to Ivanti. Ivanti’s research shows

CISOs must shift from tactical defense to strategic leadership Read More »

Fighting AI-powered synthetic ID fraud with AI

Artificial Intelligence, authentication, AuthenticID, biometrics, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, fraud, Hot stuff, identity, identity verification, News, opinion /

Fighting AI-powered synthetic ID fraud with AI 2024-07-18 at 07:31 By Help Net Security Aided by the emergence of generative artificial intelligence models, synthetic identity fraud has skyrocketed, and now accounts for a staggering 85% of all identity fraud cases. For security professionals, the challenge lies in staying one step ahead of these evolving threats.

Fighting AI-powered synthetic ID fraud with AI Read More »

Laying the groundwork for zero trust in the military

Artificial Intelligence, Core4ce, cybersecurity, Department of Defense, Don't miss, Features, Hot stuff, machine learning, network, News, opinion, policy, training, zero trust /

Laying the groundwork for zero trust in the military 2024-07-18 at 07:01 By Mirko Zorz In this Help Net Security interview, Curtis Arnold, VP and Chief Scientist at Core4ce, discusses the starting points for military training in zero trust principles, emphasizing foundational technologies and a unified taxonomy. Arnold provides insights into the DoD’s Zero Trust

Laying the groundwork for zero trust in the military Read More »

Grype: Open-source vulnerability scanner for container images, filesystems

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, scanning, software /

Grype: Open-source vulnerability scanner for container images, filesystems 2024-07-18 at 06:31 By Help Net Security Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool. Find vulnerabilities for major operating system packages Alpine Amazon Linux BusyBox CentOS CBL-Mariner Debian Distroless

Grype: Open-source vulnerability scanner for container images, filesystems Read More »

Signatures should become cloud security history

cloud security, cybersecurity, Don't miss, Hot stuff, open source, RAD Security, standards, threat detection, Video /

Signatures should become cloud security history 2024-07-18 at 06:01 By Help Net Security It’s becoming evident that the legacy practice of signature-based threat detection needs to be improved for cloud security challenges. In this Help Net Security video, Jimmy Mesta, CTO at RAD Security, discusses a new proposed standard for creating behavioral fingerprints of open-source

Signatures should become cloud security history Read More »

Overlooked essentials: API security best practices

access control, Akto, API security, authentication, cybersecurity, Don't miss, Encryption, Features, Hot stuff, News, opinion, policy /

Overlooked essentials: API security best practices 2024-07-17 at 07:31 By Mirko Zorz In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta recommends role-based access control (RBAC) and

Overlooked essentials: API security best practices Read More »

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover 2024-07-17 at 07:01 By Mirko Zorz SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain takeover tools. “SubSnipe does some additional verification after the fingerprinting to find candidates more likely

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover Read More »

Most GitHub Actions workflows are insecure in some way

cyber risk, cybersecurity, GitHub, Legit Security, News, report, survey /

Most GitHub Actions workflows are insecure in some way 2024-07-17 at 06:01 By Help Net Security Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose major risks The report found the GitHub Actions marketplace’s security posture to be especially concerning,

Most GitHub Actions workflows are insecure in some way Read More »

ChatGPTriage: How can CISOs see and control employees’ AI use?

Artificial Intelligence, ChatGPT, CISO, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion, Privacy, WitnessAI /

ChatGPTriage: How can CISOs see and control employees’ AI use? 2024-07-16 at 08:01 By Help Net Security It’s been less than 18 months since the public introduction of ChatGPT, which gained 100 million users in less than two months. Given the hype, you would expect enterprise adoption of generative AI to be significant, but it’s

ChatGPTriage: How can CISOs see and control employees’ AI use? Read More »

Managing exam pressure: Tips for certification preparation

Artificial Intelligence, certification, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, skill development, Udemy /

Managing exam pressure: Tips for certification preparation 2024-07-16 at 07:32 By Mirko Zorz In this Help Net Security interview, Seth Hodgson, SVP of Engineering at Udemy, discusses effective study techniques for cybersecurity certification exams. Hodgson discusses the role of study groups, online forums, and professional networks in certification preparation and shares strategies for maintaining motivation

Managing exam pressure: Tips for certification preparation Read More »

Firmware update hides Bluetooth fingerprints

Bluetooth, cybersecurity, Don't miss, hardware, News /

Firmware update hides Bluetooth fingerprints 2024-07-16 at 07:03 By Help Net Security A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user–until now. A team of researchers has developed a simple firmware update that can completely hide the Bluetooth fingerprint, eliminating the vulnerability. Bluetooth signals from mobile devices pose privacy risks The

Firmware update hides Bluetooth fingerprints Read More »

Paris 2024 Olympics to face complex cyber threats

cybersecurity, IDC, News, report, survey, threat /

Paris 2024 Olympics to face complex cyber threats 2024-07-16 at 06:03 By Help Net Security While previous Olympic games have faced cybersecurity threats, the Games of the XXXIII Olympiad, also known as Paris 2024, will see the largest number of threats, the most complex threat landscape, the largest ecosystem of threat actors, and the highest

Paris 2024 Olympics to face complex cyber threats Read More »

Risk related to non-human identities: Believe the hype, reject the FUD

access control, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, identity management, News, opinion, Sweet Security /

Risk related to non-human identities: Believe the hype, reject the FUD 2024-07-15 at 08:01 By Help Net Security The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and API keys – has recently skyrocketed. A steady stream of NHI-related breaches is causing some of

Risk related to non-human identities: Believe the hype, reject the FUD Read More »

Realm: Open-source adversary emulation framework

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, red team, software /

Realm: Open-source adversary emulation framework 2024-07-15 at 07:32 By Mirko Zorz Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any size. “Realm is unique in its custom interpreter written in Rust. This allows us to write complex TTPs as code. With these actions as code,

Realm: Open-source adversary emulation framework Read More »

Discover the growing threats to data security

Artificial Intelligence, Bedrock Security, cybersecurity, data management, data security, Don't miss, Features, Hot stuff, News, opinion, regulation, strategy /

Discover the growing threats to data security 2024-07-15 at 07:01 By Mirko Zorz In this Help Net Security interview, Pranava Adduri, CEO at Bedrock Security, discusses how businesses can identify and prioritize their data security risks. Adduri emphasizes the necessity of ongoing monitoring and automation to keep up with evolving threats and maintain the shortest

Discover the growing threats to data security Read More »

Pressure mounts for C-Suite executives to implement GenAI solutions

Artificial Intelligence, cybersecurity, generative AI, News, report, RWS, survey /

Pressure mounts for C-Suite executives to implement GenAI solutions 2024-07-15 at 06:01 By Help Net Security 87% of C-Suite executives feel under pressure to implement GenAI solutions at speed and scale, according to RWS. Despite these pressures, 76% expressed an overwhelming excitement across their organization for the potential benefits of GenAI. However, this excitement is

Pressure mounts for C-Suite executives to implement GenAI solutions Read More »

How to design a third-party risk management framework

Beaconer, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Hot stuff, Incident Response, News, opinion, Risk Management, security controls /

How to design a third-party risk management framework 2024-07-12 at 07:31 By Help Net Security Most organizations focus on securing routers, servers, firewalls, and other endpoints, but threats can also arise from unfamiliar sources such as third-party networks, which can be used by hackers to attack an organization. Through a strong TPRM framework, companies gain

How to design a third-party risk management framework Read More »

Managing cyberattack fallout: Financial and operational damage

access management, Aspida, cyberattacks, cybersecurity, Data Protection, digital transformation, disaster recovery, Don't miss, Features, Hot stuff, News, opinion, penetration testing, Risk Management, strategy /

Managing cyberattack fallout: Financial and operational damage 2024-07-12 at 07:01 By Mirko Zorz In this Help Net Security, Ashley Harrington, Director of Cybersecurity at Aspida, discusses the impact of cyberattack on business operations and financial health. Beyond immediate disruptions and financial burdens, cyber incident can severely damage a company’s reputation among customers and partners. Can

Managing cyberattack fallout: Financial and operational damage Read More »

Scroll to Top