CampusCoin Student Feed Aggregator

+ Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)—For the third time in the last seven days, Google has fixed a Chrome zero-day vulnerability (CVE-2024-4947) for which an exploit exists in the wild. A...

+ Palo Alto Networks partners with IBM to deliver AI-powered security offerings—Palo Alto Networks and IBM announced a broad-reaching partnership to deliver AI-powered security outcomes for customers. The announcement is a testame...

+ Is an open-source AI vulnerability next?—AI has captured widespread interest and offers numerous benefits. However, its rapid advancement and widespread adoption raise concerns, especially fo...

+ OWASP dep-scan: Open-source security and risk audit tool—OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictio...

+ Ebury botnet compromises 400,000+ Linux servers—ESET researchers released its deep-dive investigation into one of the most advanced server-side malware campaigns. It is still growing and has seen hu...

+ Product showcase: Block ads, cookie pop-ups, trackers with CleanWeb—A study by PageFair revealed that ad blocker usage surged by 30% in 2016 alone, reflecting a growing public concern for privacy and uninterrupted brow...

+ Cloud security incidents make organizations turn to AI-powered prevention—Cloud security incidents are alarmingly on the rise, with 61% of organizations reporting breaches within the last year, marking a significant increase...

+ The critical role of IT staffing in strengthening cybersecurity—Many organizations lack adequate IT staffing to combat cyber threats. A comprehensive approach to cybersecurity requires more than technical solutions...

+ ManageEngine SaaS Manager Plus simplifies access management—ManageEngine launched SaaS Manager Plus, a SaaS management solution for enterprises. SaaS Manager Plus seamlessly integrates with Zoho apps and other ...

+ How attackers deliver malware to Foxit PDF Reader users—Threat actors are taking advantage of the flawed design of Foxit PDF Reader’s alerts to deliver malware via booby-trapped PDF documents, Check P...

+ FireMon Asset Manager 5.0 improves situational awareness—FireMon released FireMon Asset Manager 5.0. This new version of its solution provides real-time cyber situational awareness of an organization’s infra...

+ Calix strengthens SmartBiz security with automated alerts and anti-spam compliance tools—Calix unveiled updates to SmartBiz, a purpose-built small business solution for broadband service providers (BSPs), that expand an existing set of rob...

+ Core security measures to strengthen privacy and data protection programs—As privacy laws evolve globally, organizations face increasing complexity in adapting their data protection strategies to stay compliant. In this Help...

+ Cybersecurity jobs available right now: May 15, 2024—Associate / Pentester (Red Team) – Cybersecurity Audit Siemens | Germany | Hybrid – View job details As an Associate / Pentester...

+ Ransomware statistics that reveal alarming rate of cyber extortion—In this article, you will find excerpts from various reports that offer statistics and insights about the current ransomware landscape. Global ransomw...

+ Key questions to ask when tailoring defensive stacks—In this Help Net Security video, Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber, outlines the questions you need to ask your securi...

+ Cybersecurity analysis exposes high-risk assets in power and healthcare sectors—Traditional approaches to vulnerability management result in a narrow focus of the enterprise attack surface area that overlooks a considerable amount...

+ May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)—For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040)...

+ Apple backports iOS zero-day patch, adds Bluetooth tracker alert—Apple has backported the patch for CVE-2024-23296 to the iOS 16 branch and has fixed a bug (CVE-2024-27852) in MarketplaceKit that may allow malicious...

+ How a GRC consultant passed the CISSP exam in six weeks—Ask any IT security professional which certification they would consider to be the “gold standard” in terms of prestige, credibility, or difficulty, a...

+ BLint: Open-source tool to check the security properties of your executables—BLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations. From ve...

+ Tailoring responsible AI: Defining ethical guidelines for industry-specific use—In this Help Net Security interview, Chris Peake, CISO & SVP at Smartsheet, explains how responsible AI should be defined by each organization to ...

+ Are you meeting your cyber insurance requirements?—Cyber insurance policies are specifically designed to offer financial protection to organizations in the face of cyber attacks, data breaches, or othe...

+ Log4Shell shows no sign of fading, spotted in 30% of CVE exploits—Organizations continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks,...

+ Log4J shows no sign of fading, spotted in 30% of CVE exploits—Organizations continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks,...

+ MITRE EMB3D improves security for embedded devices—MITRE released EMB3D, a cybersecurity threat model for embedded devices. The model provides a cultivated knowledge base of cyber threats to embedded d...

+ Black Basta target orgs with new social engineering campaign—Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to dow...

+ Palo Alto Networks and Accenture help organizations accelerate AI adoption—Palo Alto Networks and Accenture announced an expansion of their long-standing strategic alliance. New offerings will combine Precision AI technology ...

+ Red teaming: The key ingredient for responsible AI—Developing responsible AI isn’t a straightforward proposition. On one side, organizations are striving to stay at the forefront of technological advan...

+ Establishing a security baseline for open source projects—In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software ...

+ AI’s rapid growth puts pressure on CISOs to adapt to new security risks—The increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, acco...

+ How AI affects vulnerability management in open-source software—In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilit...

+ Critical vulnerabilities take 4.5 months on average to remediate—Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabili...

+ Securing the future through cybersecurity education—In this Help Net Security round-up, we present excerpts from previously recorded videos in which security experts talk about the cybersecurity talent ...

+ Download: The Ultimate Guide to the CISSP—The Ultimate Guide to the CISSP covers everything you need about the world’s premier cybersecurity leadership certification. Learn how CISSP and ISC2 ...

+ Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast—Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam fixes RCE flaw in backup management platform (...

+ Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)—Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use ...

+ May 2024 Patch Tuesday forecast: A reminder of recent threats and impact—The thunderstorms of April patches have passed, and it has been pretty calm leading up to May 2024 Patch Tuesday. April 2024 Patch Tuesday turned out ...

+ How secure is the “Password Protection” on your files and drives?—People in certain professions, such as healthcare, law, and corporations, often rely on password protection when sending files via email, believing it...

+ Cybercriminals are getting faster at exploiting vulnerabilities—Cybercriminals are targeting the ever-increasing number of new vulnerabilities resulting from the exponential growth in the number and variety of conn...

+ Nmap 7.95 released: New OS and service detection signatures—Nmap is a free, open-source tool for network discovery and security auditing. It’s valued by systems and network administrators for network inve...

+ GenAI enables cybersecurity leaders to hire more entry-level talent—93% of security leaders said public GenAI was in use across their respective organizations, and 91% reported using GenAI specifically for cybersecurit...

+ Selfie spoofing becomes popular identity document fraud technique—Document image-of-image was the most prevalent identity (ID) document fraud technique in 2023, occurring in 63% of all IDs that were rejected, accordi...

+ New infosec products of the week: May 10, 2024—Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, AuditBoard, Cranium, Datadog, Eclypsium,...

+ F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)—Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) ...

+ Zscaler swats claims of a significant breach—On Wednesday, a threat actor named “InteIBroker” put up for sale “access to one of the largest cyber security companies” and i...

+ AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the organization—AuditBoard announced powerful enhancements for its InfoSec Solutions to help organizations meet their IT compliance, cyber risk, and vendor risk manag...

+ CISA starts CVE “vulnrichment” program—The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CV...

+ Secureworks Taegis NDR identifies malicious activity on the network—Secureworks released Secureworks Taegis NDR, to stop nefarious threat actors from traversing the network. The dominance of cloud applications and remo...

+ BigID equips security teams with AI-guided data security and risk remediation recommendations—BigID announced the introduction of AI-guided data security and risk remediation recommendations. These new capabilities empower security teams to eli...

+ Critical Start adds multiple frameworks to Risk Assessments—Critical Start announced the expansion of the frameworks available in its Risk Assessments offering. These additions to the tool expand upon the initi...

+ Skyhigh Security boosts data protection measures with AI innovations—Skyhigh Security announced strategic additions to its Security Service Edge (SSE) portfolio. In response to an evolving cyber threat landscape and new...

+ Regulators are coming for IoT device security—Cybersecurity is a relatively new challenge for many IoT device makers who have traditionally produced non-connected devices. These devices were less ...

+ Global ransomware crisis worsens—Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings’ 2024 Global Threat Intelligence Report. Global ran...

+ Ransomware attacks impact 20% of sensitive data in healthcare orgs—Recent cyber incidents demonstrate the healthcare industry continues to be a prime target for ransomware hackers, according to Rubrik. New research by...

+ Why SMBs are facing significant security, business risks—In this Help Net Security video, Alex Cox, Director of Threat Intelligence at LastPass, discusses how human factors are getting in the way while SMB l...

+ 3 CIS resources to help you drive your cloud cybersecurity—In the process of moving to the cloud, you need a security-first cloud migration strategy that considers both your security and compliance requirement...

+ SentinelOne Singularity Cloud Native Security simulates harmless attacks on cloud infrastructure—Attackers are targeting the scope and scale of the cloud to run rapid and coordinated threat campaigns. A new approach is needed to defend against the...

+ Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)—Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to...

+ Cado Security launches solution for forensic investigations in distroless container environments—Cado Security has introduced a solution for conducting forensic investigations in distroless container environments. With Cado Security’s new offering...

+ CyberSaint releases NIST CSF Benchmarking Feature—CyberSaint released the NIST Cybersecurity Framework (CSF) Benchmarking Feature, which allows CISOs and security teams to measure their NIST posture a...

+ Ghost Security Phantasm detects attackers targeting APIs—Ghost Security announced the early access availability of Phantasm, application-specific threat intelligence poised to fill a large gap that currently...

+ Photos: RSA Conference 2024—RSA Conference 2024 is taking place at the Moscone Center in San Francisco. Help Net Security is on-site, and this gallery takes you inside the event....

+ Traceable launches Generative AI API Security to combat AI integration risks—Traceable AI has revealed an Early Access Program for its new Generative AI API Security capabilities. As enterprises increasingly integrate Generativ...

+ MITRE breach details reveal attackers’ successes and failures—MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 20...

+ Cloudflare for Unified Risk Posture identifies cyber threats—Cloudflare announced Cloudflare for Unified Risk Posture, a new suite of risk management solutions designed to streamline the process of identifying, ...

+ MITRE and NVIDIA build AI supercomputer for federal agency use—MITRE is building a new capability intended to give its AI researchers and developers access to a massive increase in computing power. The new capabil...

+ Forcepoint ONE Data Security simplifies data protection with zero-trust principles for all organizations—Forcepoint introduced Forcepoint ONE Data Security, an enterprise-grade unified cloud-managed solution designed to simplify data protection with zero-...

+ nodeQ launches PQtunnel to simplify the migration to PQC for both SMEs and large enterprises—nodeQ has developed PQtunnel, a tool designed to assist businesses – ranging from SMEs to large enterprises – in transitioning their end-t...

+ Inpher SecurAI protects the privacy of user inputs on large language models—Inpher released SecurAI, a solution that protects the privacy and security of user inputs on large language models. This release of SecurAI leverages ...

+ Theori unveils Xint to automate security operations in cloud and hybrid environments—Theori unveiled its latest security management solution, Xint. Xint streamlines and automates security operations across cloud and hybrid environments...

+ Red Hat launches RHEL AI for streamlined GenAI model testing and deployment—Red Hat has launched Red Hat Enterprise Linux AI (RHEL AI), a foundation model platform that enables users to more seamlessly develop, test and deploy...

+ AppOmni introduces ZTPM for enhanced cisibility in SaaS security—AppOmni unveiled AppOmni Zero Trust Posture Management (ZTPM), a solution set that strengthens security in modern infrastructures by bridging a critic...

+ Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)—Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the pat...

+ Eclypsium offers protection for GenAI hardware infrastructure—Eclypsium announced new GenAI assessment capabilities for its Supply Chain Security Platform. The new capabilities help secure the fundamental layers ...

+ ExtraHop releases AI tools to automate SOC workflows—ExtraHop has revealed a set of AI tools in the RevealX platform designed to automate SOC workflows and relieve analyst fatigue. Against the backdrop o...

+ New Relic introduces Secure Developer Alliance for enhanced security insights—New Relic launched Secure Developer Alliance. Industry leaders including FOSSA, Gigamon, Lacework, Aviatrix, and Opus are among the first to join the ...

+ AppViewX AVX ONE provides visibility, automation and control of certificates and keys—AppViewX announced AVX ONE, a fully integrated SaaS-based CLM platform for PKI, IAM, security, DevOps, cloud, platform and application teams. AVX ONE ...

+ Forgepoint Capital boosts Nudge Security’s seed round—Nudge Security announced new funding from Forgepoint Capital, which joins Ballistic Ventures in bringing the fast-growing startup’s seed funding to $1...

+ Bitwarden adds mobile passkey support for everyone—Bitwarden has announced the availability of mobile passkey support for everyone. Setting Bitwarden as the default passkey provider, users can generate...

+ Accenture partners with Mandiant to improve cybersecurity operations—Accenture and Mandiant, part of Google Cloud, are teaming up to collaboratively deliver cyber resilience services to help organizations more efficient...

+ Liongard unveils Managed Attack Surface Solution for SMBs, mid-market, and enterprise clients—Liongard unveils its latest innovation: the Managed Attack Surface Solution for SMBs, mid-market, and enterprise clients. This solution combines its A...

+ 97% of organizations hit by ransomware turn to law enforcement—Sophos has released additional findings from its annual “State of Ransomware 2024” survey. According to the report, among organizations surveyed, 97% ...

+ Security tools fail to translate risks for executives—Organizations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats, according to Dynatrace...

+ Cybersecurity jobs available right now: May 8, 2024—CISO Pinsent Masons | United Kingdom | Hybrid – View job details As a CISO, you will be responsible for the overall security posture o...

+ Pktstat: Open-source ethernet interface traffic monitor—Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platfor...

+ The complexities of third-party risk management—In this Help Net Security video, Brad Hibbert, Chief Strategy Officer and Chief Operating Officer for Prevalent, discusses five interesting findings f...

+ How workforce reductions affect cybersecurity postures—In its State of Pentesting Report, Cobalt reveals an industry struggling to balance the use of AI and protecting against it, while facing significant ...

+ LockBit leader unmasked: US charges Russian national—Russian national Dmitry Khoroshev is “LockBitSupp”, the creator, developer and administator of the infamous LockBit ransomware group, acco...

+ Abnormal extends Account Takeover Protection to cloud apps, introduces AI Security Mailbox—Abnormal Security is expanding its Account Takeover Protection product line beyond email to provide visibility into cross-platform user behavior and c...

+ Dynatrace enhances its platform with new Kubernetes Security Posture Management capabilities—Dynatrace is enhancing its platform with new Kubernetes Security Posture Management (KSPM) capabilities for observability-driven security, configurati...

+ Akamai to acquire Noname for $450 million—Akamai Technologies has announced that it has entered into a definitive agreement to acquire application programming interface (API) security company,...

+ Ransomware operations are becoming less profitable—As the number of real (and fake) victims of ransomware gangs continues to rise, the number of ransomware payments is falling, along with the average r...

+ Vectra AI Platform enhancements combat GenAI attacks—Vectra AI announced an expansion of the Vectra AI Platform to protect enterprises from new threat vectors introduced by the rapid adoption of GenAI to...

+ BigID introduces dual-scanning capabilities for cloud native workloads—BigID has introduced a new advancement in cloud data security, privacy, and governance with the launch of its dual-scanning technology. BigID’s ...

+ Cranium AI Exposure Management Solution helps organizations secure internal and third-party AI systems—Cranium has launched Cranium AI Exposure Management, the exposure management solution to help organizations protect and secure internal and third-part...

+ Datadog Event Management helps teams reduce alert fatigue—Datadog released IT Event Management to its suite of AIOps capabilities. With Event Management, Datadog intelligently consolidates, correlates and enr...

+ Forescout AI enables security leaders to make confident, informed decisions—Forescout introduced its AI product strategy built to help business leaders and security operators synthesize connected device threats and make decisi...

+ Sumo Logic’s analytics capabilities allow security teams to find insights within their data—Sumo Logic announced new AI and security analytics capabilities that allow security and development teams to align around a single source of truth and...

+ Elastic’s Search AI to transform SOCs with AI-driven SIEM solutions—Elastic has announced that Search AI will replace the traditional SIEM with an AI-driven security analytics solution for the modern SOC. Powered by th...

+ Code42 unveils source code exfiltration detection and protection capabilities—Code42 has advanced its Incydr data protection product with new capabilities to see and stop source code leak and theft and ensure organizations can p...

+ Arctic Wolf Cyber Resilience Assessment helps organizations advance business resilience—Arctic Wolf released the Arctic Wolf Cyber Resilience Assessment, a risk assessment tool designed to help businesses of almost any size advance their ...

+ Trellix Database Security protects sensitive data—Trellix announced an enhanced Trellix Database Security, available immediately. Trellix Database Security strengthens customers’ overall security post...

+ 6 tips to implement security gamification effectively—There’s not a CISO in the industry who’s not aware of the extremely short median CISO tenure. That’s why the best CISOs are those who constantly seek ...

+ Cybercrime stats you can’t ignore—In this article, you will find excerpts from various reports that offer stats and insights about the current cybercrime landscape. Behavioral patterns...

+ The strategic advantages of targeted threat intelligence—In this Help Net Security video, Gabi Reish, Chief Business Development and Product Officer at Cybersixgill, discusses the role of threat intelligence...

+ Ransomware activity is back on track despite law enforcement efforts—Despite significant disruptions for high-profile ransomware gangs LockBit and BlackCat, Q1 2024 became the most active first quarter ever recorded — a...

+ Only 45% of organizations use MFA to protect against fraud—Most businesses struggle with identity verification and have concerns over ability to protect against AI, according to Ping Identity. Despite stronger...

+ Swimlane Marketplace simplifies automation for security teams—Swimlane announced the Swimlane Marketplace, a full-stack modular marketplace for security automation. The Swimlane Marketplace goes beyond the typica...

+ Anomali introduces AI-powered Security Operations Platform—Anomali unveiled its AI-powered Security Operations Platform. At the center of it is an omnipresent and intelligent Anomali Copilot that automates imp...

+ Tidal Cyber unveils customizations and integrations that improve data-driven defense—Tidal Cyber announced new innovation in its Tidal Cyber Enterprise Edition with customizations and integrations that improve data-driven defense again...

+ Splunk Asset and Risk Intelligence accelerates security investigations—Splunk announced Splunk Asset and Risk Intelligence, a solution designed to power the SOC of the future by helping businesses streamline compliance, r...

+ NinjaOne platform enhancements help security teams identify potential vulnerabilities—NinjaOne has expanded its platform offerings with endpoint management, patch management, and backup capabilities. Now, organizations can easily access...

+ BlackBasta claims Synlab attack, leaks some stolen documents—The BlackBasta ransomware / cyber extortion gang is behind the recent cyber attack that resulted in the temporary shutdown of operations at Synlab Ita...

+ Proofpoint enhances email security with pre-delivery social engineering and link protection—Proofpoint has unveiled two innovations that redefine email security with the most comprehensive and effective end-to-end email protection across the ...

+ McAfee and Intel collaborate to combat deepfakes with Deepfake Detector—McAfee has unveiled enhancements to its AI-powered deepfake detection technology leveraging the power of the NPU in Intel Core Ultra processor-based P...

+ Strategies for preventing AI misuse in cybersecurity—As organizations increasingly adopt AI, they face unique challenges in updating AI models to keep pace with evolving threats while ensuring seamless i...

+ How to prepare for the CISSP exam: Tips from industry leaders—The Certified Information Systems Security Professional (CISSP) is the most widely recognized certification in the information security industry. CISS...

+ Organizations go ahead with AI despite security risks—AI adoption remains sky high, with 54% of data experts saying that their organization already leverages at least four AI systems or applications, acco...

+ Privacy requests increased 246% in two years—Data Subject Requests (DSRs) — formal requests made to a company by a person to access, delete, or request not to sell/share the personal data that th...

+ How MFA can improve your online security—In this Help Net Security round-up, we present excerpts from previously recorded videos in which security experts talk about multi-factor authenticati...

+ eBook: CISSP fundamentals in focus—From the technical tools that help manage access control to non-technical skills like collaboration, learn about the fundamentals required in cybersec...

+ Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks—Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: CVE-2024-3400 exploitation and ...

+ Bug hunters can get up to $450,000 for an RCE in Google’s Android apps—Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains. “We in...

+ Trellix Wise automates security workflows with AI, streamlining threat detection and remediation—Trellix has unveiled Trellix Wise, a powerful suite of traditional and Generative Artificial Intelligence (GenAI) tools to drastically reduce cyber ri...

+ Microsoft, Google widen passkey support for its users—Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique pa...

+ Cyble Vision X covers the entire breach lifecycle—Cyble is launching Cyble Vision X, the successor to its Cyble Vision 2.0 threat intelligence platform, to elevate the user experience by empowering de...

+ BlackBerry CylanceMDR improves cybersecurity defensive strategy—BlackBerry introduced the new and expanded CylanceMDR, offering comprehensive Managed Detection & Response (MDR) protection powered by the Cylance...

+ FortiGate 200G series boosts campus connectivity for Wi-Fi 7—Fortinet announced a new next-generation firewall (NGFW) appliance with the security and networking performance needed to serve as the backbone of the...

+ Nokod Security Platform secures low-code/no-code development environments and apps—Nokod Security launched the Nokod Security Platform, enabling organizations to protect against security threats, vulnerabilities, compliance issues, a...

+ Lenovo launches AI-based Cyber Resiliency as a Service—Lenovo has launched its new AI-based Cyber Resiliency as a Service (CRaaS) leveraging Lenovo device telemetry and the Microsoft security software port...

+ Edgio ASM reduces risk from web application vulnerabilities—Edgio launched its Attack Surface Management (ASM) solution. ASM is designed to discover all web assets, provide full inventory of technologies, detec...

+ Gurucul REVEAL empowers organizations with full control over data—Gurucul announced REVEAL, a unified security analytics platform. REVEAL delivers Threat Detection, Investigation and Response (TDIR) regardless of dat...

+ Orum No Code Verify helps businesses validate bank accounts—Orum launched No Code Verify, which helps businesses and institutions determine whether a bank account is open and valid before initiating payments — ...

+ Ransom recovery costs reach $2.73 million—Average ransom payment has increased 500% in the last year, according to Sophos. Organizations that paid the ransom reported an average payment of $2 ...

+ Most companies changed their cybersecurity strategy in the past year—Businesses worldwide have faced a rate of change in the threat environment evidenced by 95% of companies reporting cybersecurity strategy adjustments ...

+ What is cybersecurity mesh architecture (CSMA)?—Cybersecurity mesh architecture (CSMA) is a set of organizing principles used to create an effective security framework. Using a CSMA approach means d...

+ 97% of security leaders have increased SaaS security budgets—58% of the organizations were affected by a SaaS security incident in the last 18 months, according to Valence Security’s 2024 State of SaaS Security ...

+ New infosec products of the week: May 3, 2024—Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Cybersixgill, Proofpoint, Secure Code Warrior, Sny...

+ 1Password Extended Access Management secures unmanaged applications and devices—1Password launched 1Password Extended Access Management, a new solution that enables businesses to secure every sign-in to every application from ever...

+ New SOHO router malware aims for cloud accounts, internal company resources—Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credenti...

+ Trend Micro expands AI-powered cybersecurity platform—Trend Micro launched significant additional AI-powered functionality in its platform to secure organizational use of AI and better manage the risks as...

+ HITRUST updates Cyber Threat Adaptive engine to address emerging cyber threats—HITRUST announced a comprehensive update to its Cyber Threat Adaptive engine to enable increased accuracy and timeliness of HITRUST CSF updates to add...

+ Secure Code Warrior SCW Trust Score quantifies the security posture of developer teams—Secure Code Warrior unveiled SCW Trust Score, a benchmark that quantifies the security posture of organizations’ developer teams. SCW Trust Score prov...

+ Proofpoint DLP Transform secures data moving to ChatGPT, copilots, and other GenAI tools—Proofpoint announced Data Loss Prevention (DLP) Transform, including GenAI use cases. Today, businesses struggle with the limitations of legacy DLP so...

+ Appdome launches MobileEDR, merging MTD and EDR to protect enterprise mobile apps—Appdome has released Appdome MobileEDR, a new enterprise mobile app protection service that consolidates Mobile Threat Defense (MTD) and Endpoint Dete...

+ Confluent enhances Apache Flink with new features for easier AI and broader stream processing—Confluent has unveiled AI Model Inference, an upcoming feature on Confluent Cloud for Apache Flink, to enable teams to easily incorporate machine lear...

+ Nord Security unveils NordStellar, a platform for advanced cyber threat detection and response—Nord Security introduces NordStellar, a next-generation threat exposure management platform. Created by developers of VPN solution NordVPN, the enterp...

+ CalypsoAI introduces customizable generative AI security scanners for enterprises—CalypsoAI introduced two AI security solutions to the CalypsoAI SaaS platform: next gen security scanners and enhanced security functionalities for ch...

+ Illumio and Wiz’s integration enhances cyber resilience in the cloud—Illumio has partnered with Wiz and joins Wiz Integrations (WIN) Platform. Illumio enhances WIN by bringing the power of Illumio’s Zero Trust Segmentat...

+ Veracode platform enhancements help organizations reduce application risk—Veracode announced platform innovations that set a new standard for developer-powered application security. New repo risk visibility and analysis from...

+ Dropbox says attackers accessed customer and MFA info, API keys—File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and aut...

+ Skyhawk Security unveils cloud-native CTEM, streamlining security with AI-powered automation—Skyhawk Security has unveiled its cloud native Continuous Threat Exposure Management (CTEM) solution. The agentless approach empowers organizations to...

+ Deep Instinct DIANNA provides malware analysis for unknown threats—Deep Instinct announced the launch of Deep Instinct’s Artificial Neural Network Assistant (DIANNA), an AI-based cybersecurity companion that provides ...

+ Venafi launches 90-Day TLS Readiness Solution—Venafi launched its new 90-Day TLS Readiness Solution to help organizations comply with Google’s proposed 90-day TLS certificate standard, impro...

+ Snyk AppRisk Pro leverages AI and third-party integrations for faster risk mitigation—Snyk has released Snyk AppRisk Pro, pairing artificial intelligence (AI) with application context from third-party integrations to help application se...

+ Bitwarden Authenticator protects online services and applications—Bitwarden launched a standalone app for two-factor authentication (2FA) to protect online services and applications from unauthorized access. Bitwarde...

+ Virsec releases security tools to offer ransomware protection—Virsec released TrustSight and TrustGuardian, its newest security tools in the fight against an ever-expanding threat environment – one where ED...

+ 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element—The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches, according ...

+ Securing your organization’s supply chain: Reducing the risks of third parties—When Stephen Hawking said that “we are all now connected by the internet, like neurons in a giant brain”, very few people understood the gravity of hi...

+ Understanding emerging AI and data privacy regulations—In this Help Net Security interview, Sophie Stalla-Bourdillon, Senior Privacy Counsel & Legal Engineer at Immuta, discusses the AI Act, the Data A...

+ reNgine: Open-source automated reconnaissance framework for web applications—reNgine is an open-source automated reconnaissance framework for web applications that focuses on a highly configurable and streamlined recon process....

+ Women rising in cybersecurity roles, but roadblocks remain—The ISC2 study on women in cybersecurity, a comprehensive research effort that collected responses from 2,400 women, has revealed several significant ...

+ AI-driven phishing attacks deceive even the most aware users—Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics, according to Zscaler. AI auto...

+ A closer look at Apiiro’s SHINE partner program—In this Help Net Security video, Adam LaGreca, Founder of 10KMedia, sat down with John Leon, VP of Partnerships at Apiiro, discusses the company’...

+ Why cloud vulnerabilities need CVEs—When considering vulnerability management’s purpose in a modern world, it’s imperative to recognize the huge transition to new technologies and ...

+ Making cybersecurity more appealing to women, closing the skills gap—In this Help Net Security interview, Charly Davis, CCO at Sapphire, provides insights into the current challenges and barriers women face in the cyber...

+ Cybersecurity jobs available right now: May 1, 2024—Adversary Simulation Specialist LyondellBasell | Poland | On-site – View job details The Adversary Simulation Specialist will be respo...

+ Building a strong cloud security posture—In this Help Net Security video, David Kellerman, Field CTO at Cymulate, discusses how cloud security still seems to lag even as the cloud grows in po...

+ Essential steps for zero-trust strategy implementation—63% of organizations worldwide have fully or partially implemented a zero-trust strategy, according to Gartner. For 78% of organizations implementing ...

+ Infosec products of the month: April 2024—Here’s a look at the most interesting products from the past month, featuring releases from: Akamai, Bitdefender, CyberInt, Fastly, Forcepoint, IDnow,...

+ Adaptive Shield unveils SaaS security for AI—Adaptive Shield announced SaaS Security Posture Management (SSPM) detection and response capabilities for AI-driven applications to enable enterprises...

+ Onyxia launches AI-powered predictive insights to optimize security management—Onyxia Cyber unveiled OnyxAI to deliver insights that enable security leaders to proactively optimize security performance, resource allocation, and r...

+ Island raises $175 million at $3 billion valuation—Island announced its $175 million Series D financing. The new funding round brings Island’s valuation to $3 billion, doubling the last valuation from ...

+ Synopsys Polaris Assist automates repetitive, time-consuming tasks for security and development teams—Synopsys introduced Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform. Polaris Assist c...

+ FCC fines major wireless carriers over illegal location data sharing—The Federal Communications Commission (FCC) fined the nation’s largest wireless carriers for illegally sharing access to customers’ location informati...

+ Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades—There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited...

+ Cybersixgill Third-Party Intelligence module identifies potential supply chain risks—Cybersixgill, the global cyber threat intelligence data provider, broke new ground by introducing its Third-Party Intelligence module. The new module ...

+ ESET launches two MDR subscription tiers for SMBs and enterprises—ESET launched two new Managed Detection and Response (MDR) subscription tiers: ESET PROTECT MDR for small and medium businesses (SMBs) and ESET PROTEC...

+ ThreatX provides always-active API security from development to runtime—ThreatX has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spa...

+ CyberQP unveils solutions to help MSPs proactively prevent security incidents—CyberQP announced QGuard Pro, a solution with enhanced capabilities designed to exponentially increase technician efficiency, and a new API for Deploy...

+ UK enacts IoT cybersecurity law—The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT produc...

+ Silobreaker empowers users with timely insight into key cybersecurity incident filings—Silobreaker announced the addition of automatic collection, AI-enhanced analysis, and alerting on 8-K cybersecurity incident filings made to the US Se...

+ Okta warns customers about credential stuffing onslaught—Credential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originatin...

+ Researchers unveil novel attack methods targeting Intel’s conditional branch predictor—Researchers have found two novel types of attacks that target the conditional branch predictor found in high-end Intel processors, which could be expl...

+ DHS establishes AI Safety and Security Board to protect critical infrastructure—The Department of Homeland Security announced the establishment of the Artificial Intelligence Safety and Security Board (the Board). The Board will a...

+ Prompt Fuzzer: Open-source tool for strengthening GenAI apps—Prompt Fuzzer is an open-source tool that evaluates the security of your GenAI application’s system prompt against dynamic LLM-based threats. Pr...

+ How insider threats can cause serious security breaches—Insider threats are a prominent issue and can lead to serious security breaches. Just because someone is a colleague or employee does not grant inhere...

+ AI is creating a new generation of cyberattacks—Most businesses see offensive AI fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven atta...

+ Closing the cybersecurity skills gap with upskilling programs—The list of skills technologists and organizations need to succeed grows with each new tech advancement, according to Pluralsight. But for many organi...

+ Anticipating and addressing cybersecurity challenges—In this Help Net Security round-up, we present excerpts from previously recorded videos in which security experts talk about how increased adoption of...

+ Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024—Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-da...

+ Most people still rely on memory or pen and paper for password management—Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices. The survey...

+ LSA Whisperer: Open-source tools for interacting with authentication packages—LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. Support is cur...

+ What AI can tell organizations about their M&A risk—Following the past few years of economic turbulence, merger and acquisition (M&A) activity is on the rise in 2024, with several acquisition deals ...

+ Breaking down the numbers: Cybersecurity funding activity recap—Here’s a list of interesting cybersecurity companies that received funding so far in 2024. Aim Security January | $10 million Aim Security ...

+ New infosec products of the week: April 26, 2024—Here’s a look at the most interesting products from the past week, featuring releases from Cyberint, Forcepoint, Invicti Security, Netwrix, Trend Micr...

+ Net neutrality has been restored—The Federal Communications Commission (FCC) today voted to restore a national standard to ensure the internet is fast, open, and fair. Today’s decisio...

+ Stellar Cyber and Acronis team up to provide optimized threat detection solutions for MSPs—Stellar Cyber has revealed a new partnership with Acronis, to deliver an optimized threat detection and response solution enabling MSPs to protect on-...

+ Edgio Client-Side Protection enables organizations to secure critical customer data—Edgio released its Client-Side Protection solution. Designed to monitor scripts and APIs on the browser-side to prevent malicious code from exfiltrati...

+ IBM to buy HashiCorp in $6.4 billion cash deal, expanding cloud portfolio—IBM and HashiCorp have entered into a definitive agreement under which IBM will acquire HashiCorp for $35 per share in cash, representing an enterpris...

+ Dropzone AI raises $16.85 million to combat advanced AI attacks—Dropzone AI has raised $16.85 million in Series A funding. Theory Ventures led the round, adding to their cohort of existing investors Decibel Partner...

+ WhyLabs AI Control Center offers teams real-time control over their AI applications—WhyLabs launched a new type of AI operations platform: the AI Control Center. The new platform, which offers teams real-time control over their AI app...

+ ESET integrates with Arctic Wolf to provide greater security visibility—ESET has unveiled a new integration with Arctic Wolf, to ensure increased visibility and protection against modern threats. By integrating ESET Inspec...

+ Sublime Security secures $20 million to strengthen cloud email security and visibility—Sublime Security has raised $20 million in Series A funding, led by Index Ventures with participation from previous investors Decibel Partners and Slo...

+ 56% of cyber insurance claims originate in the email inbox—56% of all 2023 claims were a result of funds transfer fraud (FTF) or business email compromise (BEC), highlighting the importance of email security a...

+ Anatomy IT’s new Security Suite targets healthcare cybersecurity threats, improves incident response—Anatomy IT has announced the launch of an expanded end-to-end cybersecurity product suite designed to safeguard healthcare delivery organizations from...

+ Fireblocks expands DeFi suite with threat detection features—Fireblocks introduced new security features to its DeFi suite: dApp Protection and Transaction Simulation. As the DeFi sector experiences unprecedente...

+ Nagomi Security raises $30 million to help security teams improve their level of protection—Nagomi Security emerged from stealth with $30 million in funding to fundamentally redefine how security teams optimize effectiveness and drive efficie...

+ BforeAI raises $15 million to prevent attacks before they occur—BforeAI has secured $15 million in Series A funding led by SYN Ventures, with renewed participation from early investors Karma Ventures, Karista, Adde...

+ Applying DevSecOps principles to machine learning workloads—Protecting data and other enterprise assets is an increasingly challenging task, and one that touches nearly every corner of an organization. As the c...

+ Overcoming GenAI challenges in healthcare cybersecurity—In this Help Net Security interview, Assaf Mischari, Managing Partner, Team8 Health, discusses the risks associated with GenAI healthcare innovations ...

+ 25 cybersecurity AI stats you should know—In this article, you will find excerpts from reports we recently covered, which offer stats and insights into the challenges and cybersecurity issues ...

+ 73% of SME security pros missed or ignored critical alerts—Small and medium-sized enterprises (SMEs) IT staff is overwhelmed by the complexity and demands of managing multiple tools in their security stack, le...

+ Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)—A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use...

+ 1Kosmos CSP enables government agencies to digitally verify resident identity—1Kosmos has expanded its offerings for the identity verification and passwordless market with the introduction of a new Credential Service Provider (C...

+ Cyberint platform enhancements boost protection against external threats—Cyberint has unveiled a series of platform updates aimed at bolstering client protection against external threats. Cyberint’s recent platform in...

+ Zero Networks unveils identity segmentation solution to prevent credential theft—Zero Networks announced the addition of identity segmentation capabilities within the Zero Networks platform. As stolen credentials remain a top threa...

+ PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)—More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software...

+ Global attacker median dwell time continues to fall—While the use of zero-day exploits is on the rise, Mandiant’s M-Trends 2024 report reveals a significant improvement in global cybersecurity pos...

+ Comcast Business MDR limits the impact of cyber threats—Comcast Business has expanded its cybersecurity portfolio with the launch of its Comcast Business Managed Detection and Response (MDR) solution. The s...

+ New Relic AI monitoring helps enterprises use AI with confidence—New Relic announced New Relic AI monitoring with a suite of new features to meet the evolving needs of organizations developing AI applications. New f...

+ Secureworks enables users to view known vulnerabilities in the context of threat data—Secureworks announced the ability to integrate vulnerability risk context with threat detection to prevent attackers from exploiting known vulnerabili...

+ GISEC Global 2024 video walkthrough—In this Help Net Security video, we take you inside GISEC Global, which is taking place from April 23 to April 25, 2024, at the Dubai World Trade Cent...

+ GenAI can enhance security awareness training—One of the biggest concerns over generative AI is its ability to manipulate us, which makes it ideal for orchestrating social engineering attacks. Fro...

+ AI set to play key role in future phishing attacks—A staggering increase in QR code phishing (quishing) attacks during 2023 saw them skyrocket up the list of concerns for cyber teams globally, accordin...

+ Cybersecurity jobs available right now: April 24, 2024—Blockchain Security Researcher StarkWare | Israel | On-site – View job details The Security Researcher will be responsible for conduct...

+ The relationship between cybersecurity and work tech innovation—As organizations navigate the complexities of hybrid work arrangements and the gradual return to the office, the cybersecurity threat landscape has be...

+ eBook: Cloud security skills—Demonstrating a sound understanding of cloud security key principles and practices opens various professional opportunities. But first, you need the r...

+ Invicti Predictive Risk Scoring identifies highest-risk applications—Invicti announced its new AI-enabled Predictive Risk Scoring capability. The feature assigns predicted risk to applications and helps organizations ga...

+ Forcepoint DSPM safeguards sensitive information by examining data context and content—Forcepoint has launched Forcepoint Data Security Posture Management (DSPM), driven by AI to deliver real-time visibility, ease privacy compliance and ...

+ Entrust protects users against fraud, phishing and other account takeover attacks—Entrust announced a single-vendor enhanced authentication solution that integrates identity verification (IDV) and identity and access management (IAM...

+ Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)—For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulne...

+ Netwrix 1Secure enhancements accelerate threat detection—Netwrix released a new version of its IT auditing software-as-a-service (SaaS) solution, Netwrix 1Secure. It enables prompt detection of suspicious ac...

+ Veritas enhances cyber resilience with AI-powered solutions—Veritas Technologies announced artificial intelligence (AI)-powered advancements in Veritas 360 Defense. With the self-defending data protection solut...

+ Stellar Cyber launches MITRE ATT&CK Coverage Analyzer—Stellar Cyber launched the MITRE ATT&CK Coverage Analyzer, enabling users to visualize the impact of data source changes on their ability to detec...

+ Veeam acquires Coveware to boost its ransomware protection capabilities—Veeam Software announced the acquisition of Coveware, a provider in cyber-extortion incident response. It brings ransomware recovery and first respond...

+ CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)—A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crow...

+ Trellix Email Security for Microsoft Office 365 improves email defense—Trellix announced Trellix Email Security for Microsoft Office 365. Combining threat detection, threat intelligence, and security expertise, Trellix of...

+ Align introduces ransomware prevention feature, powered by Adlumin—Align announces the inclusion of a new ransomware prevention feature to enhance its Align Guardian Managed Detection and Response offering powered by ...

+ The rising influence of AI on the 2024 US election—We stand at a crossroads for election misinformation: on one side our election apparatus has reached a higher level of security and is better defended...

+ 10 colleges and universities shaping the future of cybersecurity education—Institutions featured on this list often provide undergraduate and graduate degrees, courses, as well as certificate programs tailored to meet the gro...

+ People doubt their own ability to spot AI-generated deepfakes—23% of Americans said they recently came across a political deepfake they later discovered to be fake, according to McAfee. The actual number of peopl...

+ What is multi-factor authentication (MFA), and why is it important?—Setting up MFA can seem daunting for consumers just beginning to clean up their security postures. In this Help Net Security video, Larry Kinkaid, Man...

+ Behavioral patterns of ransomware groups are changing—Q1 saw substantial shifts in activity from some of the most prolific Ransomware-as-a-Service (RaaS) groups, according to GuidePoint Security. RaaS gro...

+ apexanalytix Passkeys protects data with biometric authentication—apexanalytix launched Passkeys, a feature that enables suppliers to securely log into their accounts using biometrics like a fingerprint or face scan,...

+ Binary Defense enhances BDVision to improve security for SMBs—Binary Defense announced several important updates to BDVision, the company’s real-time detection and containment Managed Endpoint Detection & Res...

+ Trend Micro launches AI-driven cyber risk management capabilities—Trend Micro unveiled AI-driven cyber risk management capabilities across its entire flagship platform, Trend Vision One. This seamlessly integrates mo...

+ MITRE breached by nation-state threat actor via Ivanti zero-days—MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. T...

+ The first steps of establishing your cloud security strategy—In this article, we’ll identify some first steps you can take to establish your cloud security strategy. We’ll do so by discussing the cloud security ...

+ How to optimize your bug bounty programs—In this Help Net Security interview, Roy Davis, Manager – Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty progr...

+ Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity—Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioner...

+ Fuxnet malware: Growing threat to industrial sensors—In this Help Net Security video, Sonu Shankar, Chief Strategy Officer at Phosphorus, discusses how Blackjack’s Fuxnet malware should be a wakeup call ...

+ Uncertainty is the most common driver of noncompliance—Most compliance leaders tend to focus on building an ethical culture in their organizations to improve employee behavior, but it has a limited impact ...

+ How to improve response to emerging cybersecurity threats—Cyber resilience is a top priority for global organizations, and understanding threats plays a crucial role in building and maintaining a layered secu...

+ Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack—Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: Public exploits, rising attacks...

+ Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!—More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims t...

+ LastPass users targeted by vishing attackers—The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. “In...

+ Protobom: Open-source software supply chain tool—Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communi...

+ The key pillars of domain security—From branded emails and marketing campaigns to critical protocols, internal portals, and internet traffic, domains are central to digital enterprise o...

+ 51% of enterprises experienced a breach despite large security stacks—Threat actors are continuing to successfully breach across the entire attack surface and the stakes are only getting higher: 93% of enterprises who ad...

+ New infosec products of the week: April 19, 2024—Here’s a look at the most interesting products from the past week, featuring releases from IDnow, Immuta, Privacera, Redgate, ShadowDragon, and Tanium...

+ Gurucul federated search provides insights into data that is not centralized—Gurucul announced enhancements to its federated search capabilities. Gurucul federated search empowers users to run queries from a single console acro...

+ AuditBoard expands executive team to support the next phase of growth—AuditBoard announced it has brought on public SaaS company veteran Jeff Harper as Chief Human Resources Officer (CHRO) to help scale the organization ...

+ Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)—The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vul...

+ Immuta launches Domains policy enforcement to improve security and governance for data owners—Immuta launched Domains policy enforcement, a new capability in the Immuta Data Security Platform that provides additional controls for data owners to...

+ Redgate Monitor Enterprise prevents unauthorized access to sensitive information—Redgate has launched an enterprise version of its popular database monitoring tool, providing a range of new features to address the challenges of sca...

+ SAS unveils products and services to help customers embrace AI—SAS is launching new AI products and services to improve AI governance and support model trust and transparency. Model cards and new AI Governance Adv...

+ Armis acquires Silk Security for $150 million—Armis has acquired Silk Security for a total of $15 million and will integrate the Silk Platform into the Armis Centrix AI-based Vulnerability Priorit...

+ Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation—While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be possible by disabling the devices...

+ Thinking outside the code: How the hacker mindset drives innovation—Keren Elazari is an internationally recognized security analyst, author, and researcher. Since 2000, Keren has worked with leading Israeli security fi...

+ Cybersecurity jobs available right now: April 17, 2024—Client Security Officer Unisys | USA | Remote – View job details The Client Security Officer (CSO) is part of Unisys account managemen...

+ Damn Vulnerable RESTaurant: Open-source API service designed for learning—Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code throug...

+ Understanding next-level cyber threats—In this Help Net Security video, Trevor Hilligoss, VP of SpyCloud Labs, discusses the 2024 SpyCloud Identity Exposure Report, an annual report examini...

+ IT and security professionals demand more workplace flexibility—The concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a...

+ PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)—A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “...

+ Cisco Duo provider breached, SMS MFA logs compromised—Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-facto...

+ Vercara UltraEdge offers protection against internet-based threats—Vercara launched UltraEdge, a comprehensive edge platform that includes an innovative Content Delivery Network (CDN), integrated application security,...

+ Tanium Automate reduces manual processes for repeatable tasks—Alongside Tanium Guardian and its partnership with Microsoft Copilot for Security, Tanium Automate serves as another critical component in support of ...

+ New open-source project takeover attacks spotted, stymied—The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the ...

+ GuidePoint Security introduces IoT Security Assessment—GuidePoint Security announced its IoT Security Assessment, a new cybersecurity service. GuidePoint Security’s team of IoT security and embedded system...

+ Sectigo SCM Pro automates certificate management—Sectigo launched SCM Pro, a solution to bring the robustness of enterprise CLM to Small and midsize enterprises (SMEs), effectively leveling the playi...

+ IDnow VideoIdent Flex blends AI technology with human interaction—IDnow has unveiled VideoIdent Flex, a new version of its expert-led video verification service that blends advanced AI technology with human interacti...

+ 5 free red teaming resources to get you started—Red teaming is evaluating the effectiveness of your cybersecurity by eliminating defender bias and adopting an adversarial perspective within your org...

+ AI set to enhance cybersecurity roles, not replace them—In this Help Net Security interview, Caleb Sima, Chair of CSA AI Security Alliance, discusses how AI empowers security pros, emphasizing its role in e...

+ Audio deepfakes: What they are, and the risks they present—Audio deepfakes are becoming a big problem. Recent cybercriminal campaigns use voice cloning technology to replicate the speech tone and patterns of c...

+ 31% of women in tech consider switching roles over the next year—31% of women in tech are considering leaving their organization over the next 12 months due foremost to poor management, followed by a lack of trainin...

+ Privacera adds access control and data filtering functionality for Vector DB/RAG—Privacera announced the addition of new access control and fine-grained data filtering functionality for Vector DB/RAG to Privacera AI Governance (PAI...

+ A critical vulnerability in Delinea Secret Server allows auth bypass, admin access—Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allo...

+ eBook: Why CISSP?—As new cyber threats emerge daily in our connected world, there’s never been a greater urgency for cybersecurity professionals than now. What can CISS...

+ ShadowDragon Horizon enhancements help users conduct investigations from any device—ShadowDragon announced significant enhancements to its Open-Source Intelligence Investigative platform Horizon. These updates represent a milestone in...

+ How to protect IP surveillance cameras from Wi-Fi jamming—Gone are the days of criminals cutting camera wires to evade detection: with the proliferation of affordable internet-connected cameras, burglars must...

+ Geopolitical tensions escalate OT cyber attacks—In this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology (OT) cyber attac...

+ Exposing the top cloud security threats—Many companies consider AI-powered threats to be the top cloud security threat to their business. Concerningly, less than half are confident in their ...

As of 5/16/24 7:44am. Last new 5/16/24 6:51am.  Score: 247