News

The old, not the new: Basic security issues still biggest threat to enterprises

credentials, critical infrastructure, cybercrime, cybersecurity, exploit, generative AI, IBM, IBM X-Force, identity, News, report /

The old, not the new: Basic security issues still biggest threat to enterprises 2024-02-23 at 08:01 By Help Net Security In 2023, cybercriminals saw more opportunities to “log in” versus hack into corporate networks through valid accounts – making this tactic a preferred weapon for threat actors, according to IBM’s 2024 X-Force Threat Intelligence Index. […]

The old, not the new: Basic security issues still biggest threat to enterprises Read More »

New infosec products of the week: February 23, 2024

GitHub, ManageEngine, Metomic, News, Pindrop, Truffle Security /

New infosec products of the week: February 23, 2024 2024-02-23 at 07:32 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from ManageEngine, Metomic, Pindrop, and Truffle Security. Pindrop Pulse offers protection against audio deepfakes Pindrop Pulse’s ability to detect deepfakes provides organizations and their customers

New infosec products of the week: February 23, 2024 Read More »

Secure email gateways struggle to keep pace with sophisticated phishing campaigns

BEC scams, Cofense, credentials, cybercrime, Email, News, phishing, QR codes, report /

Secure email gateways struggle to keep pace with sophisticated phishing campaigns 2024-02-23 at 07:02 By Help Net Security In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100%, according to Cofense. In just two years, Cofense identified over 1.5 million malicious emails bypassing their customers’ SEGs, signaling a 37% increase

Secure email gateways struggle to keep pace with sophisticated phishing campaigns Read More »

2024 will be a volatile year for cybersecurity as ransomware groups evolve

Arctic Wolf Networks, cybercrime, cybersecurity, News, Ransomware, report, survey /

2024 will be a volatile year for cybersecurity as ransomware groups evolve 2024-02-23 at 06:31 By Help Net Security Hackers have significantly increased demands for ransomware, rising over 20% year-over-year to $600,000, according to Arctic Wolf. Organizations are failing to patch their networks And there are worrying signs that 2024 will be especially volatile, as

2024 will be a volatile year for cybersecurity as ransomware groups evolve Read More »

92% of companies eyeing investment in AI-powered software

Gartner, investment, News, report, security spending, software, survey /

92% of companies eyeing investment in AI-powered software 2024-02-23 at 06:02 By Help Net Security In 2024, buyers are increasingly focused on cost efficiency, AI functionality, and enhanced security, according to Gartner. The report reveals that 61% of buyers are seeking upgrades for more functionality in their recently purchased software. The need to upgrade reflects

92% of companies eyeing investment in AI-powered software Read More »

Microsoft begins broadening free cloud logging capabilities

CISA, cloud security, Don't miss, Government, Hot stuff, logging, Microsoft, News, USA /

Microsoft begins broadening free cloud logging capabilities 2024-02-22 at 14:47 By Helga Labus After select US federal agencies tested Microsoft’s expanded cloud logging capabilities for six months, Microsoft is now making them available to all agencies using Microsoft Purview Audit – regardless of license tier. “This change will impact government departments & agencies who do

Microsoft begins broadening free cloud logging capabilities Read More »

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, exploit, Hot stuff, Huntress, MSP, News, Palo Alto Networks, PoC, remote access, remote management, Shadowserver, vulnerability, WatchTowr /

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) 2024-02-22 at 12:31 By Zeljka Zorz The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) Read More »

A step-by-step plan for safe use of GenAI models for software development

Artificial Intelligence, ChatGPT, Compliance, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion, Privacy, risk, software development, Solvd /

A step-by-step plan for safe use of GenAI models for software development 2024-02-22 at 08:01 By Help Net Security If you are a large-scale company, the recent AI boom hasn’t escaped your notice. Today AI is assisting in a large array of development-related and digital-related tasks, from content generation to automation and analysis. The development

A step-by-step plan for safe use of GenAI models for software development Read More »

Attack velocity surges with average breakout time down to only 62 minutes

credentials, CrowdStrike, cybercrime, cybersecurity, election security, exploit, generative AI, News, report, survey /

Attack velocity surges with average breakout time down to only 62 minutes 2024-02-22 at 07:31 By Help Net Security The speed of cyberattacks continues to accelerate at an alarming rate, according to CrowdStrike. Adversaries increasingly exploit stolen credentials The speed of cyberattacks continues to accelerate at an alarming rate. The report indicates that the average

Attack velocity surges with average breakout time down to only 62 minutes Read More »

MSPs undergo transformation in response to persistent cyber threats

cybercrime, cybersecurity, MSP, News, Ransomware, report, SonicWall, survey, threats /

MSPs undergo transformation in response to persistent cyber threats 2024-02-22 at 06:32 By Help Net Security 2Organizations are increasingly turning to Managed Service Providers (MSPs) to alleviate pressure on IT departments, according to SonicWall. Managed services have emerged as a game-changing solution, providing organizations with an additional human-layer of defense, addressing alert fatigue, and freeing

MSPs undergo transformation in response to persistent cyber threats Read More »

Cybersecurity fears drive a return to on-premise infrastructure from cloud computing

Citrix, Cloud, cybersecurity, News, report, survey /

Cybersecurity fears drive a return to on-premise infrastructure from cloud computing 2024-02-22 at 06:02 By Help Net Security 42% of organizations surveyed in the US are considering or already have moved at least half of their cloud-based workloads back to on-premises infrastructures, a phenomenon known as cloud repatriation, according to Citrix. The survey showed that

Cybersecurity fears drive a return to on-premise infrastructure from cloud computing Read More »

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, hybrid cloud, News, Pen Test Partners, virtualization, VMWare, vulnerability /

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) 2024-02-21 at 15:01 By Zeljka Zorz VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven’t been and won’t be fixed. Instead,

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) Read More »

10 cybersecurity startups to watch in 2024

Binarly, cybersecurity, Datadog, Dataiku, Don't miss, Dope Security, Filigran, Gomboc, Google, Hot stuff, KTrust, Lakera, Mitigant, News, Palo Alto Networks, Qevlar AI, Radiant Security, Risk Ledger, Snyk /

10 cybersecurity startups to watch in 2024 2024-02-21 at 08:01 By Mirko Zorz At Help Net Security, we’ve been following the cybersecurity business landscape closely for the past 25 years. Through our Industry News section, we’ve been tracking the pulse of the cybersecurity world, bringing you product news from companies worldwide. Certain vendors have consistently

10 cybersecurity startups to watch in 2024 Read More »

TruffleHog: Open-source solution for scanning secrets

authentication, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, scanning, software /

TruffleHog: Open-source solution for scanning secrets 2024-02-21 at 07:31 By Mirko Zorz TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. “TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning Git revision history for secrets. My hunch was

TruffleHog: Open-source solution for scanning secrets Read More »

The importance of a good API security strategy

API security, cyber risk, Don't miss, Hot stuff, News, software development, strategy, threats /

The importance of a good API security strategy 2024-02-21 at 06:32 By Helga Labus In 2024, API requests accounted for 57% of dynamic internet traffic around the globe, according to the Cloudflare 2024 API Security & Management Report, confirming that APIs are a crucial component of modern software development. But with their increased adoption over

The importance of a good API security strategy Read More »

Active Directory outages can cost organizations $100,000 per day

Active Directory, Cayosoft, CISO, cybersecurity, disaster recovery, Don't miss, News, report, survey /

Active Directory outages can cost organizations $100,000 per day 2024-02-21 at 06:02 By Help Net Security Nearly every organization has core systems services tied to Active Directory that will go down during an outage, according to Cayosoft. Consequences of system downtime for business operations The impact of just one system being down can devastate business

Active Directory outages can cost organizations $100,000 per day Read More »

Alleged Raccoon Infostealer operator extradited, verification site set up for victims

cybercrime, cybersecurity, DOJ, FBI, Malware, News, Ukraine /

Alleged Raccoon Infostealer operator extradited, verification site set up for victims 2024-02-21 at 05:31 By Help Net Security A Ukrainian national was extradited to the United States from the Netherlands after being indicted for crimes related to fraud, money laundering, and aggravated identity theft. According to court documents, Mark Sokolovsky conspired to operate the Raccoon

Alleged Raccoon Infostealer operator extradited, verification site set up for victims Read More »

LockBit takedown: Infrastructure disrupted, criminals arrested, decryption keys recovered

Don't miss, Europe, Europol, extortion, FBI, Hot stuff, law enforcement, National Crime Agency, News, Ransomware, UK, USA /

LockBit takedown: Infrastructure disrupted, criminals arrested, decryption keys recovered 2024-02-20 at 14:32 By Zeljka Zorz In the wake of yesterday’s surprise law enforcement takeover of LockBit’s leak site, the UK National Crime Agency (NCA) and Europol have shared more information about the extent of the takedown. “Today, after infiltrating the group’s network, the NCA has

LockBit takedown: Infrastructure disrupted, criminals arrested, decryption keys recovered Read More »

LockBit disrupted by international law enforcement task force

Don't miss, Hot stuff, law enforcement, News, Ransomware /

LockBit disrupted by international law enforcement task force 2024-02-20 at 13:01 By Zeljka Zorz On Monday afternoon, LockBit’s leak site has been taken over by a coalition of law enforcement agencies and is showing a seizure notice that promises more details today, at 11:30 GMT. “This site is now under the control of The National

LockBit disrupted by international law enforcement task force Read More »

Scroll to Top