News

How hybrid workforces are reshaping authentication strategies

authentication, biometrics, cybersecurity, Don't miss, Features, FusionAuth, Hot stuff, identity verification, MFA, News, opinion, SSO /

How hybrid workforces are reshaping authentication strategies 2024-10-08 at 07:01 By Mirko Zorz In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometrics, to enhance security while maintaining productivity. […]

React to this headline:

Loading spinner

How hybrid workforces are reshaping authentication strategies Read More »

Websites are losing the fight against bot attacks

Akamai, bot, cybersecurity, DataDome, Don't miss, Fastly, Imperva, Kasada, Netacea, News, report, survey /

Websites are losing the fight against bot attacks 2024-10-08 at 06:01 By Help Net Security The discovery that 95% of advanced bot attacks go undetected points to a weakness in current detection and mitigation strategies. This suggests that while some organizations may have basic defenses, they are ill-equipped to handle more sophisticated attacks, such as

React to this headline:

Loading spinner

Websites are losing the fight against bot attacks Read More »

Webinar: ManageEngine Log360 product demo

Don't miss, ManageEngine, News, Whitepapers and webinars /

Webinar: ManageEngine Log360 product demo 2024-10-08 at 05:47 By Help Net Security Discover how ManageEngine Log360, a comprehensive SIEM solution empowers you to prevent internal security breaches, safeguard your network from external threats, protect sensitive data, and ensure compliance with stringent regulatory mandates. Schedule a personalized demo Be a part of this tour and learn

React to this headline:

Loading spinner

Webinar: ManageEngine Log360 product demo Read More »

Linux systems targeted with stealthy “Perfctl” cryptomining malware

Aqua Security, cryptojacking, Don't miss, Hot stuff, Linux, Malware, misconfiguration, News, rootkits, vulnerability /

Linux systems targeted with stealthy “Perfctl” cryptomining malware 2024-10-07 at 15:46 By Zeljka Zorz Thousands of Linux systems are likely infected with the highly elusive and persistent “perfctl” (or “perfcc“) cryptomining malware and many others still could be at risk of getting compromised, Aqua Security researchers revealed last week. “In all the attacks observed, the

React to this headline:

Loading spinner

Linux systems targeted with stealthy “Perfctl” cryptomining malware Read More »

The case for enterprise exposure management

CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Ionix, News, opinion, SaaS, shadow IT, threats /

The case for enterprise exposure management 2024-10-07 at 08:01 By Help Net Security For several years, external attack surface management (EASM) has been an important focus for many security organizations and the vendors that serve them. EASM, attempting to discover the full extent of an organization’s external attack surface and remediate issues, had broad purview,

React to this headline:

Loading spinner

The case for enterprise exposure management Read More »

Transforming cloud security with real-time visibility

cloud security, Compliance, cybersecurity, Don't miss, Features, Hot stuff, Innovation, misconfiguration, News, opinion, standards, Upwind /

Transforming cloud security with real-time visibility 2024-10-07 at 07:31 By Mirko Zorz In this Help Net Security interview, Amiram Shachar, CEO at Upwind, discusses the complexities of cloud security in hybrid and multi-cloud environments. He outlines the need for deep visibility into configurations and real-time insights to achieve a balance between agility and security. Shachar

React to this headline:

Loading spinner

Transforming cloud security with real-time visibility Read More »

Rspamd: Open-source spam filtering system

Don't miss, GitHub, Hot stuff, Linux, News, open source, software, spam, Unix /

Rspamd: Open-source spam filtering system 2024-10-07 at 07:01 By Mirko Zorz Rspamd is an open-source spam filtering and email processing framework designed to evaluate messages based on a wide range of rules, including regular expressions, statistical analysis, and integrations with custom services like URL blacklists. The system analyzes each message and assigns a verdict, which

React to this headline:

Loading spinner

Rspamd: Open-source spam filtering system Read More »

SOC teams are frustrated with their security tools

Artificial Intelligence, cybersecurity, News, report, SOC, survey, Vectra /

SOC teams are frustrated with their security tools 2024-10-07 at 06:31 By Help Net Security Security operations center (SOC) practitioners believe they are losing the battle detecting and prioritizing real threats – due to too many siloed tools and a lack of accurate attack signal, according to Vectra AI. They cite a growing distrust in

React to this headline:

Loading spinner

SOC teams are frustrated with their security tools Read More »

Meet the shared responsibility model with new CIS resources

Center for Internet Security, Don't miss, Hot stuff, News /

Meet the shared responsibility model with new CIS resources 2024-10-07 at 06:01 By Help Net Security You can’t fulfill your end of the shared responsibility model if you don’t emphasize secure configurations. Depending on the cloud services you’re using, you’re responsible for configuring different things. Once you figure out those responsibilities, you then need to

React to this headline:

Loading spinner

Meet the shared responsibility model with new CIS resources Read More »

Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast

News, Week in review /

Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast 2024-10-06 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started the month by announcing the release of Windows

React to this headline:

Loading spinner

Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast Read More »

100+ domains seized to stymie Russian Star Blizzard hackers

APT, Don't miss, Hot stuff, Justice Department, Microsoft, News, phishing /

100+ domains seized to stymie Russian Star Blizzard hackers 2024-10-04 at 14:18 By Zeljka Zorz Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor. “Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks,

React to this headline:

Loading spinner

100+ domains seized to stymie Russian Star Blizzard hackers Read More »

October 2024 Patch Tuesday forecast: Recall can be recalled

Don't miss, Expert analysis, Hot stuff, Ivanti, Microsoft, News, opinion, Patch Tuesday, predictions /

October 2024 Patch Tuesday forecast: Recall can be recalled 2024-10-04 at 07:46 By Help Net Security October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The preview versions of this release have been in the news due to many innovations and one controversial feature. Windows 11 24H2 and Microsoft

React to this headline:

Loading spinner

October 2024 Patch Tuesday forecast: Recall can be recalled Read More »

Best practices for implementing threat exposure management, reducing cyber risk exposure

CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Risk Management, strategy, vulnerability management, Zafran /

Best practices for implementing threat exposure management, reducing cyber risk exposure 2024-10-04 at 07:16 By Mirko Zorz In this Help Net Security interview, Sanaz Yashar, CEO at Zafran, discusses the role of threat exposure management (TEM) in modern cybersecurity strategies. As traditional vulnerability management evolves, TEM addresses the overwhelming risks arising from expanded attack surfaces

React to this headline:

Loading spinner

Best practices for implementing threat exposure management, reducing cyber risk exposure Read More »

MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more!

GitHub, News, open source, software /

MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more! 2024-10-04 at 07:01 By Help Net Security MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. At its core, the project features a custom-built C# LDAP parser designed for tokenization and syntax tree parsing. It also incorporates specialized properties to ensure

React to this headline:

Loading spinner

MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more! Read More »

Cybercriminals capitalize on poorly configured cloud environments

cybercrime, cybersecurity, Elastic, News, report, survey /

Cybercriminals capitalize on poorly configured cloud environments 2024-10-04 at 06:31 By Help Net Security Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface, according to Elastic. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts. The most

React to this headline:

Loading spinner

Cybercriminals capitalize on poorly configured cloud environments Read More »

New infosec products of the week: October 4, 2024

Balbix, Halcyon, Legit Security, Metomic, News, Red Sift, SAFE Security, Veeam Software /

New infosec products of the week: October 4, 2024 2024-10-04 at 06:02 By Industry News Here’s a look at the most interesting products from the past week, featuring releases from Balbix, Halcyon, Metomic, Red Sift, SAFE Security, Veeam Software, and Legit Security. SAFE X equips CISOs with integrated data from all their existing cybersecurity products

React to this headline:

Loading spinner

New infosec products of the week: October 4, 2024 Read More »

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)

CISA, Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, News, vulnerability /

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) 2024-10-03 at 18:31 By Zeljka Zorz CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited Vulnerabilities catalog. Ivanti did the same by updating the

React to this headline:

Loading spinner

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) Read More »

CUPS vulnerabilities could be abused for DDoS attacks

Akamai, DDoS, Don't miss, enterprise, Hot stuff, Linux, News, vulnerability /

CUPS vulnerabilities could be abused for DDoS attacks 2024-10-03 at 16:18 By Zeljka Zorz While the Common UNIX Printing System (CUPS) vulnerabilities recently disclosed by researcher Simone “evilsocket” Margaritelli are not easily exploited for remote command execution on vulnerable systems, they could offer more opportunity to attackers who engage in DDoS attacks, Akamai threat researchers

React to this headline:

Loading spinner

CUPS vulnerabilities could be abused for DDoS attacks Read More »

Private US companies targeted by Stonefly APT

APT, Don't miss, enterprise, extortion, government-backed attacks, Hot stuff, Mandiant, News, North Korea, Symantec, USA /

Private US companies targeted by Stonefly APT 2024-10-03 at 14:01 By Zeljka Zorz Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly has been linked to

React to this headline:

Loading spinner

Private US companies targeted by Stonefly APT Read More »

Three hard truths hindering cloud-native detection and response

authentication, cloud computing, cloud security, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Sweet Security /

Three hard truths hindering cloud-native detection and response 2024-10-03 at 08:01 By Help Net Security According to Gartner, the market for cloud computing services is expected to reach $675 billion in 2024. Companies are shifting from testing the waters of cloud computing to making substantive investments in cloud-native IT, and attackers are shifting with them.

React to this headline:

Loading spinner

Three hard truths hindering cloud-native detection and response Read More »

Scroll to Top