CampusCoin Student Feed Aggregator

+ CISA: Use Signal or other secure communications app—In the wake of the widespread compromise of US telecom giants’ networks by Chinese hackers and the FBI advising Americans to use end-to-end encr...

+ Another NetWalker affiliate sentenced to 20 years in prison—A 30-year old Romanian man was sentenced to 20 years in prison for leveraging the Netwalker ransomware to extort money from victims, the US Department...

+ Why cybersecurity is critical to energy modernization—In this Help Net Security interview, Anjos Nijk, Managing Director of the European Network for Cyber security (ENCS), discusses cybersecurity in the e...

+ AI is becoming the weapon of choice for cybercriminals—This article highlights key findings from 2024 reports on AI and GenAI technologies, focusing on their potential and major challenges. Overreliance on...

+ 46% of financial institutions had a data breach in the past 24 months—As the financial industry is the most targeted sector for data breaches in 2024, it’s now more important than ever to strengthen the industry moving i...

+ New infosec products of the week: December 20, 2024—Here’s a look at the most interesting products from the past week, featuring releases from Appdome, GitGuardian, RunSafe Security, Stairwell, and Netw...

+ Cryptocurrency hackers stole $2.2 billion from platforms in 2024—$2.2 billion worth of cryptocurrency was stolen from various platforms in 2024, Chainalysis’ 2025 Crypto Crime Report has revealed. Of that sum,...

+ NETSCOUT uses AI/ML technology to secure critical IT infrastructure—NETSCOUT updates its Arbor Edge Defense (AED) and Arbor Enterprise Manager (AEM) products as part of its Adaptive DDoS Protection Solution to combat A...

+ CISA orders federal agencies to secure their Microsoft cloud environments—The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD 25-01) requiring federal civilian agenc...

+ Legit Security provides insights into the enterprise’s secrets posture—Legit Security announced enhancements to its secrets scanning product. Available as either a stand-alone product or as part of a broader ASPM platform...

+ Ukrainian hacker gets prison for infostealer operations—Ukrainian national Mark Sokolovsky was sentenced to 60 months in federal prison for one count of conspiracy to commit computer intrusion. According to...

+ Netwrix 1Secure enhances protection against data and identity access risks—Netwrix released a new version of its SaaS platform, Netwrix 1Secure. The latest version builds on its existing security monitoring functionality with...

+ NetSPI introduces external attack surface management solutions—NetSPI introduced three tiers of external attack surface management (EASM) solutions, delivered through the The NetSPI Platform. The new offerings add...

+ Ataccama ONE platform enhancements accelerate enterprise data quality initiatives—Ataccama announced enhancements to the Ataccama ONE unified data trust platform v15.4 that enable customers to have confidence in using their data for...

+ Enpass simplifies compliance and security controls for password management—Enpass added Single Sign-On (SSO) for its admin console in support for its Business Enterprise customers. Enpass integrates seamlessly with prominent ...

+ Are threat feeds masking your biggest security blind spot?—Security teams that subscribe to threat feeds get lists of known malicious domains, IPs, and file signatures that they can leverage to blacklist and p...

+ Leadership skills for managing cybersecurity during digital transformation—In this Help Net Security interview, Dan Lohrmann, CISO at Presidio, discusses the need for organizations to rethink their leadership and operational ...

+ Ransomware in 2024: New players, bigger payouts, and smarter tactics—In 2024, ransomware remained the top cybersecurity threat to organizations worldwide. New groups filled the void left by law enforcement crackdowns, t...

+ European companies hit with effective DocuSign-themed phishing emails—A threat actor looking to take over the Microsoft Azure cloud infrastructure of European companies has successfully compromised accounts of multiple v...

+ BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356)—BeyondTrust has fixed an unauthenticated command injection vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS...

+ Appdome protects applications running on mobile-enabled platforms—Appdome announced that the Appdome Mobile Defense Platform now protects applications running on mobile-enabled platforms like Apple macOS, Apple visio...

+ Stairwell Core boosts threat intelligence for security teams—Stairwell announces Stairwell Core, which enables organizations to privately collect, store, and continuously reassess executable files so they can co...

+ GitGuardian launches multi-vault integration to combat secrets sprawl—GitGuardian unveiled a comprehensive Non-Human Identity (NHI) security strategy with integrations across major secrets management platforms, addressin...

+ CISO accountability: Navigating a landscape of responsibility—What was once primarily a technical role, CISOs now find themselves accountable for organizational risk, regulatory compliance, and even legal liabili...

+ Key steps to scaling automated compliance while maintaining security—In this Help Net Security interview, Vivek Agarwal, Privacy Program Manager at Meta Platforms, shares insights on strategies for reducing time to mark...

+ Vanir: Open-source security patch validation for Android—Google’s open-source tool Vanir enables Android developers to quickly scan custom platform code for missing or applicable security patches. By a...

+ Consumers wrongly attribute all data breaches to cybercriminals—Breaches in 2024 had less impact on consumers’ trust in brands compared to the previous year (a 6.5% decrease from 62% in 2023 to 58% in 2024), accord...

+ Researchers reveal OT-specific malware in use and in development—Malware that’s made specifically to target industrial control systems (ICS), Internet of Things (IoT) and operational technology (OT) control de...

+ Malvertising on steroids serves Lumma infostealer—A large-scale malvertising campaign distributing the Lumma infostealer malware via intrusive “ads” leading to fake CAPTCHA pages has been ...

+ RunSafe Security Platform enhances risk management with automation—RunSafe Security has released the RunSafe Security Platform that automates risk identification, exploit prevention, and runtime software monitoring. N...

+ Arctic Wolf acquires BlackBerry’s Cylance endpoint security assets—Arctic Wolf and BlackBerry announced they have entered into a definitive agreement for Arctic Wolf to acquire BlackBerry’s Cylance endpoint security a...

+ Kali Linux 2024.4 released! 14 new shiny tools added—Kali Linux 2024.4 includes a broad set of updates and changes. The summary of the changelog since the 2024.3 release from September: Python 3.12 ̵...

+ The shifting security landscape: 2025 predictions and challenges—As the borderless threat ecosystem poses new challenges for companies and governments worldwide, CISA’s 2025-2026 International Plan aims to add...

+ Balancing security and user experience to improve fraud prevention strategies—In this Help Net Security interview, Jennifer White, Senior Director for Banking and Payments Intelligence at J.D. Power, discusses how financial inst...

+ Cybersecurity jobs available right now: December 17, 2024—CISO ONE Security | Israel | Hybrid – View job details As a CISO, you will be responsible for overseeing information security, cyberse...

+ Serbian government used Cellebrite to unlock phones, install spyware—Serbian police and intelligence officers used Cellebrite forensic extraction software to unlock journalists’ and activists’ phones and ins...

+ MUT-1244 targeting security researchers, red teamers, and threat actors—A threat actor tracked as MUT-1244 by DataDog researchers has been targeting academics, pentesters, red teamers, security researchers, as well as othe...

+ Risk Aperture AI360 manages AI-specific vulnerabilities and threats—Risk Aperture launched AI360, a solution designed to address the growing cybersecurity risks posed by artificial intelligence (AI). AI360 leverages pr...

+ Evasive Node.js loader masquerading as game hack—Malware peddlers are using NodeLoader, a loader written in Node.js, to foil security solutions and deliver infostealers and cryptominers to gamers. Th...

+ With DORA approaching, financial institutions must strengthen their cyber resilience—The clock is ticking for financial institutions across the EU as the January 17, 2025, deadline for the Digital Operational Resilience Act (DORA) appr...

+ Rubrik Turbo Threat Hunting accelerates cyber recovery—As organizations around the world struggle with extended downtime and revenue loss due to widespread cyberattacks, Rubrik announces Rubrik Turbo Threa...

+ Celigo Private Cloud enhances security and connectivity—Celigo introduced Celigo Private Cloud, a transformative solution offering enterprises fully private automation instances. Designed for businesses tha...

+ FuzzyAI: Open-source tool for automated LLM fuzzing—FuzzyAI is an open-source framework that helps organizations identify and address AI model vulnerabilities in cloud-hosted and in-house AI models, lik...

+ Tackling software vulnerabilities with smarter developer strategies—In this Help Net Security interview, Karl Mattson, CISO at Endor Labs, discusses strategies for enhancing secure software development. Mattson covers ...

+ CISOs need to consider the personal risks associated with their role—70% of cybersecurity leaders felt that stories of CISOs being held personally liable for cybersecurity incidents have negatively affected their opinio...

+ New infosec products of the week: December 13, 2024—Here’s a look at the most interesting products from the past week, featuring releases from Cato Networks, Horizon3.ai, SecureAuth, Stamus Networks, Tr...

+ Cleo patches zero-day exploited by ransomware gang—Cleo has released a security patch to address the critical vulnerability that started getting exploited while still a zero-day to breach internet-faci...

+ Krispy Kreme cybersecurity incident disrupts online ordering—Popular US doughnut chain Krispy Kreme has been having trouble with its online ordering system as well as digital payments at their brick-and-mortar s...

+ 27 DDoS-for hire platforms seized by law enforcement—As part of an ongoing international crackdown known as Operation PowerOFF, international law enforcement has seized over two dozen platforms used to c...

+ We must adjust expectations for the CISO role—Cybersecurity has become one of the most high-stakes facets of business operations in the past few years. The chief information security officer (CISO...

+ Jetico Search locates and manages sensitive data—Jetico launches Search, a PII and sensitive data discovery tool integrated with BCWipe to locate and securely erase files beyond forensic recovery. Ad...

+ Citrix acquires deviceTRUST and Strong Network—With the widespread adoption of hybrid work models, where teams operate across geographical regions on managed and unmanaged devices, every connection...

+ Only Cynet delivers 100% protection and detection visibility in the 2024 MITRE ATT&CK Evaluation—Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments ...

+ Shaping effective AI governance is about balancing innovation with humanity—In this Help Net Security interview, Ben de Bont, CISO at ServiceNow, discusses AI governance, focusing on how to foster innovation while ensuring res...

+ Exposed APIs and issues in the world’s largest organizations—In this Help Net Security video, Tristan Kalos, CEO of Escape, discusses the results of its 2024 State of API Exposure report. The study highlights si...

+ Keycloak: Open-source identity and access management—Keycloak is an open-source project for identity and access management (IAM). It provides user federation, strong authentication, user management, auth...

+ Microsoft enforces defenses preventing NTLM relay attacks—Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and...

+ BadRAM: $10 hack unlocks AMD encrypted memory—Cybersecurity researchers have identified a vulnerability (CVE-2024-21944, aka BadRAM) affecting ADM processors that can be triggered by rogue memory ...

+ Picus provides automated pentesting testing to help uncover critical risks—Picus Security announced new innovations to its Attack Path Validation (APV) product. The new Picus APV now offers security teams accurate, risk-free,...

+ Cato Networks extends SASE-based protection to IoT/OT environments—With the introduction of Cato IoT/OT Security, Cato Networks is enabling enterprises to simplify the management and security of Internet of Things (Io...

+ Trellix Drive Encryption enhances security against insider attacks—Trellix announced Trellix Drive Encryption upgrades for on-premises and SaaS management. Customers benefit from the flexibility needed for encryption ...

+ CyTwist’s detection engine combats AI-generated malware—CyTwist launches its patented detection engine to combat the insidious rise of AI-generated malware. Enhancing an organization’s existing securi...

+ Open source malware up 200% since 2023—Sonatype’s 2024 Open Source Malware Threat Report reveals that the number of malicious packages has surpassed 778,500 since tracking began in 20...

+ Why crisis simulations fail and how to fix them—In this Help Net Security interview, Allison Ritter, Head of Cyber Experiential Exercising at Cyberbit, shares her insights on the key differences bet...

+ Containers have 600+ vulnerabilities on average—Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are strug...

+ Microsoft fixes exploited zero-day (CVE-2024-49138)—On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s...

+ US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks—The Department of the Treasury is sanctioning Chinese cybersecurity company Sichuan Silence, and one of its employees, Guan Tianfeng, for their roles ...

+ Stamus Networks Clear NDR uncovers unauthorized activity—Stamus Networks announced Clear NDR, an open and transparent NDR system that empowers cyber defenders to uncover and stop serious threats and unauthor...

+ Horizon3.ai NodeZero Insights enables executives to visualize changes in their security posture—Horizon3.ai launched NodeZero Insights, a platform designed for security leaders, CIOs, CISOs and practitioners. This new solution delivers real-time ...

+ Versa Endpoint DLP prevents data exfiltration—Versa announced Versa Endpoint DLP, an integrated endpoint data loss prevention (DLP) capability delivered by the Versa SASE Client as part of the Ver...

+ Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)—Attackers are exploiting a vulnerability (CVE-2024-50623) in file transfer software by Cleo – LexiCo, VLTransfer, and Harmony – to gain ac...

+ 21 years since its inception, GNU Shepherd 1.0.0 is released—GNU Shepherd is a service manager designed to oversee the system’s daemons. It functions both as an “init” system (PID 1) and as a t...

+ SecureAuth protects sensitive information with biometric continuous identity assurance—SecureAuth is releasing biometric continuous identity assurance (BCIA). This ability is designed to safeguard a company’s sensitive information ...

+ Preventing data leakage in low-node/no-code environments—Low-code/no-code (LCNC) platforms enable application development by citizen developers, often generating “shadow engineering” projects that evade secu...

+ Strengthening security posture with comprehensive cybersecurity assessments—In this Help Net Security interview, Phani Dasari, CISO at HGS, discusses key aspects of cybersecurity assessments, including effective tools and meth...

+ Neosync: Open-source data anonymization, synthetic data orchestration—Neosync is an open-source, developer-centric solution designed to anonymize PII, generate synthetic data, and synchronize environments for improved te...

+ Cybersecurity jobs available right now: December 10, 2024—Cloud Security Engineer Sendbird | USA | Hybrid – View job details As a Cloud Security Engineer, you will work with engineering teams ...

+ TPM 2.0: The new standard for secure firmware—Connected devices are better protected from cyberattacks and less likely to be compromised by errors thanks to the new TPM 2.0 specification from the ...

+ Who handles what? Common misconceptions about SaaS security responsibilities—In this Help Net Security interview, James Dolph, CISO at Guidewire, addresses common misconceptions about security responsibilities in cloud environm...

+ What makes for a fulfilled cybersecurity career—In this Help Net Security video, Richard Hummel, NETSCOUT’s Director of Threat Intelligence, talks about his journey into cybersecurity and offe...

+ Top cybersecurity books for your holiday gift list—The holiday season is approaching, and with it, the tradition of gift-giving. For professionals and enthusiasts alike, a well-chosen book can provide ...

+ Businesses plagued by constant stream of malicious emails—36.9% of all emails received by businesses (20.5 billion) in 2024 were unwanted, according to Hornetsecurity’s analysis of 55.6+ billion emails ...

+ Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast—Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam plugs serious holes in Service Provider Consol...

+ Resecurity introduces AI-powered GSOC at NATO Edge 2024—Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC) during NATO Edge 2024, the ...

+ Windows, macOS users targeted with crypto-and-info-stealing malware—Downloading anything from the internet is a gamble these days: you might think that you are downloading an innocuous app from a legitimate firm but th...

+ Echoworx enhances secure access to encrypted messages—Echoworx announced the addition of 2-Step Verification (2SV) when using OAuth and Passkeys for authentication for encrypted messages. This latest enha...

+ How to choose secure, verifiable technologies?—The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published a guidance document titled Choosing Secure and Verifi...

+ December 2024 Patch Tuesday forecast: The secure future initiative impact—It seems like 2024 just started, but the final Patch Tuesday of the year is almost here! In retrospect, it has been a busy year with continued Windows...

+ Teenagers leading new wave of cybercrime—Global data breaches show no signs of slowing down as this year has already exceeded 2023 in the number of data breaches and consumers impacted, accor...

+ Building a robust security posture with limited resources—In this Help Net Security interview, Gareth Lindahl-Wise, CISO at Ontinue, discusses how business leaders can align innovation with cybersecurity, tac...

+ GenAI makes phishing attacks more believable and cost-effective—GenAI is a powerful tool that can be used by security teams to protect organizations, however, it can also be used by malicious actors, making phishin...

+ New infosec products of the week: December 6, 2024—Here’s a look at the most interesting products from the past week, featuring releases from Datadog, Fortinet, Radiant Logic, Sweet Security, Tenable, ...

+ Law enforcement shuts down Manson Market cybercrime marketplace—Europol has supported the dismantling of a sophisticated criminal network responsible for facilitating large-scale online fraud. In an operation led b...

+ Mitek Digital Fraud Defender combats AI generated fraud—Mitek announced Digital Fraud Defender (DFD), an advanced, multi-layered solution to safeguard digital identity verification processes against sophist...

+ Mitel MiCollab zero-day and PoC exploit unveiled—A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr rese...

+ Bitdefender GravityZone XDR enhancements protect business data stored in the cloud—Bitdefender announced enhancements to its GravityZone XDR platform with the addition of its new Business Applications sensor, designed to protect corp...

+ Netography introduces AI-powered ransomware detection capabilities—Netography announced new ransomware detection capabilities that enable organizations to respond to malicious activity in real-time before it disrupts ...

+ Middesk Address Risk Insights strengthens onboarding processes—Middesk introduced Address Risk Insights, a critical new addition to its core Know Your Business (KYB) product Verify and its recently introduced risk...

+ 8 US telcos compromised, FBI advises Americans to use encrypted communications—FBI and Cybersecurity and Infrastructure Security Agency (CISA) officials have advised Americans to use encrypted call and messaging apps to protect t...

+ SurePath AI Discover classifies AI use by intent and detects sensitive data violations—SurePath AI launched SurePath AI Discover, a new offering that provides visibility into a company’s employee use of public AI services. By class...

+ Download: The Ultimate Guide to the CCSP—Even the brightest minds benefit from guidance on the journey to success. The Ultimate Guide to the CCSP covers everything you need to know about the ...

+ Tenable Patch Management prevents problematic updates—Tenable released Tenable Patch Management, an autonomous patch solution built to close vulnerability exposures in a unified solution. A strategic part...

+ LogicGate helps organizations quantify the value of GRC programs—LogicGate introduced the Governance, Risk, and Compliance (GRC) Program Value Realization Tool, available to customers through the Risk Cloud platform...

+ Preparing for Q-day: The essential role of cloud migration in securing enterprise data—As the era of quantum computing draws closer, businesses face a new and unprecedented threat to data security: “Q-day.” This looming turni...

+ How the Shadowserver Foundation helps network defenders with free intelligence feeds—In this Help Net Security interview, Piotr Kijewski, CEO of The Shadowserver Foundation, discusses the organization’s mission to enhance internet secu...

+ Building trust in tokenized economies—As the tokenized economy expands, the digital landscape is reshaped by decentralized systems and new forms of asset ownership. In this Help Net Securi...

+ Solana’s popular web3.js library backdoored in supply chain compromise—A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the ...

+ How widespread is mercenary spyware? More than you think—A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one...

+ Product showcase: Securing Active Directory passwords with Specops Password Policy—Password policies are a cornerstone of cybersecurity for any organization. A good password policy ensures every end user has a strong and unique passw...

+ PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)—Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress Whats...

+ FortiAppSec Cloud simplifies web application security management—Fortinet announced FortiAppSec Cloud, a new cloud-delivered platform that integrates key web application security and performance management tools int...

+ AttackIQ Flex 3.0 empowers security teams to take control of their detection strategies—AttackIQ announced AttackIQ Flex 3.0, agentless security control validation that integrates natively with Splunk to deliver a fully seamless user expe...

+ Veeam Data Platform v12.3 encompasses three key objectives for enterprises—Veeam Software released Veeam Data Platform v12.3. This release encompasses three key objectives for enterprises: protecting identity and access manag...

+ Elastic expands cloud detection and response capabilities from a single SIEM—Elastic announced Elastic Security now offers expanded cloud detection and response (CDR) capabilities from a single SIEM to reduce tool fragmentation...

+ Veza Access Requests reduces the risk of identity-based threats—Veza announced Veza Access Requests product, enabling organizations to reduce the risk of identity-based threats with automated access policy intellig...

+ Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams—Nextcloud has unveiled Nextcloud Talk, an open-source alternative to Microsoft Teams. It’s a privacy-compliant collaboration platform for hybrid...

+ Thales Data Risk Intelligence identifies risks to sensitive data—Thales launched Data Risk Intelligence, an Imperva Data Security Fabric (DSF) solution that proactively addresses the risks to data wherever it reside...

+ Treat AI like a human: Redefining cybersecurity—In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professiona...

+ Best practices for staying cyber secure during the holidays—In this Help Net Security video, Sean Tufts, managing partner for critical infrastructure and operational technology at Optiv, discusses best practice...

+ Cybersecurity jobs available right now: December 3, 2024—Application Security Engineer TE Connectivity | USA | Remote – View job details As an Application Security Engineer, you will design, ...

+ The shocking speed of AWS key exploitation—It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by at...

+ Datadog Cloud SIEM accelerates security investigations—Datadog announced its modern approach to Cloud SIEM, which doesn’t require dedicated staff or specialized teams to activate the solution. This a...

+ Skyflow protects sensitive data flowing in and out of AI agents—Skyflow unveiled new capabilities for Agentic AI. These allow enterprises to build and deploy AI agents with a security and privacy trust layer with f...

+ Radiant Logic provides continuous identity hygiene assessments via real-time streaming data—Radiant Logic announces the expansion of its central intelligence hub solution, RadiantOne, to now include Identity Observability. Building on the ide...

+ Veracode unveils innovations for secure software development—Veracode announced innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem...

+ AWS offers incident response service—Amazon Web Services (AWS) has launched a new service to help organizations prepare for and recover from ransomware attacks, account takeovers, data br...

+ $400M seized, 5,500 arrested in global operation targeting cyber fraud—A coordinated international operation involving law enforcement agencies from 40 countries led to the arrest of over 5,500 individuals linked to finan...

+ 5 reasons to double down on network security—Cybersecurity programs have evolved significantly over the past few decades. The advent of cloud computing shattered the conventional corporate perime...

+ Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges—In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most danger...

+ How AI is transforming human risk management—While human error has always posed a cybersecurity risk, AI and emerging tech are playing an evolving role in Human Risk Management – uncovering new n...

+ Data scientists create tool to spot fake images—Pixelator v2 is a tool to spot fake images. It uses a new combination of image veracity techniques with capability beyond what can be seen by the huma...

+ Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine—Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Researchers reveal exploitable flaws in corporate VP...

+ The effect of compliance requirements on vulnerability management strategies—In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including pr...

+ Modernizing incident response in the AI era—In this Help Net Security video, Gourav Nagar, Director of Information Security at Bill, discusses modernizing incident response in the era of AI and ...

+ Infosec products of the month: November 2024—Here’s a look at the most interesting products from the past month, featuring releases from: Absolute, Arkose Labs, Atakama, BlackFog, Eurotech, Hidde...

+ AI-based tools designed for criminal activity are in high demand—Multiple regional conflicts, such as Russia’s continued invasion of Ukraine and the Israel-Hamas conflict, have resulted in a surge in cyberattacks an...

+ Zyxel Networks SecuPilot simplifies threat analysis and reporting—Zyxel Networks has launched SecuPilot, an AI assistant feature within its SecuReporter Cloud Analytics Service. By leveraging advanced generative AI, ...

+ Why cybersecurity leaders trust the MITRE ATT&CK Evaluations—In today’s dynamic threat landscape, security leaders are under constant pressure to make informed choices about which solutions and strategies they e...

+ How the role of observability is changing within organizations—In this Help Net Security video, Nic Benders, Chief Technical Strategist at New Relic, discusses the key findings of a recent 2024 Observability Forec...

+ VPN vulnerabilities, weak credentials fuel ransomware attacks—Attackers leveraging virtual private network (VPN) vulnerabilities and weak passwords for initial access contributed to nearly 30% of ransomware attac...

+ Crypto companies are losing ground to deepfake attacks—The crypto sector stands out as the only surveyed industry where deepfake fraud surpasses traditional document fraud in prevalence, according to Regul...

+ Ransomware payments are now a critical business decision—Despite the efforts of law enforcement agencies to stop and bring to justice those responsible for ransomware attacks, the situation is not improving....

+ QScanner: Linux command-line utility for scanning container images, conducting SCA—QScanner is a Linux command-line utility tailored for scanning container images and performing Software Composition Analysis (SCA). It is compatible w...

+ Choosing the right secure messaging app for your organization—In this Help Net Security interview, Liad Shnell, CTO at Rakuten Viber, discusses what organizations should look for in secure messaging apps, includi...

+ Zero-day data security—In this Help Net Security video, Carl Froggett, CIO of Deep Instinct, discusses the complexities of modern cloud architectures and why current defense...

+ Supply chain managers underestimate cybersecurity risks in warehouses—32% of warehouse respondents report that social engineering is one of the most-used entry points in warehouse cyberattacks – tied with software vulner...

+ Hottest cybersecurity open-source tools of the month: November 2024—This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environ...

+ Researchers reveal exploitable flaws in corporate VPN clients—Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN c...

+ Authorities disrupt major cybercrime operation, 1000+ suspects arrested—Authorities across 19 African countries have arrested 1,006 suspects and dismantled 134,089 malicious infrastructures and networks thanks to a joint o...

+ Starbucks, grocery stores impacted by Blue Yonder ransomware attack—Supply chain management SaaS vendor Blue Yonder announced on November 21 that it experienced a ransomware attack that impacted its managed services ho...

+ Commvault Clumio Backtrack helps recover data from errors, accidents, or cyberattacks—Commvault announced Clumio Backtrack, a new capability that will enable enterprises to use automation to rapidly revert objects – or pieces of data – ...

+ Black Friday shoppers targeted with thousands of fraudulent online stores—Building fake, fraudulent online stores has never been easier: fraudsters are registering domain names for a pittance, using the SHOPYY e-commerce pla...

+ Deploy a SOC using Kali Linux in AWS—The Kali SOC in AWS project enables the deployment of a Security Operations Center (SOC) in AWS, utilizing the Kali Linux toolset for purple team acti...

+ Assessing AI risks before implementation—In this Help Net Security video, Frank Kim, SANS Institute Fellow, explains why more enterprises must consider many challenges before implementing adv...

+ Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified—Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 2,000 Palo Alto Networks devices compromised in late...

+ Security for AI Copilots in SaaS apps identifies risky access permissions—Securiti announced a new solution – Security for AI Copilots in SaaS apps. The biggest impediment in adopting AI Copilots, like Microsoft 365 Co...

+ SentinelOne AI-SPM detects misconfigurations and vulnerabilities in AI applications—SentinelOne announced new AI security posture management (AI-SPM) capabilities to protect and secure the use of AI services in the workplace. Built on...

+ Proxmox Virtual Environment 8.3: SDN-firewall integration, faster container backups, and more!—The Proxmox Virtual Environment 8.3 enterprise virtualization solution features management tools and a user-friendly web interface, allowing you to de...

+ The limits of AI-based deepfake detection—In this Help Net Security interview, Ben Colman, CEO of Reality Defender, discusses the challenges of detecting high-quality deepfakes in real-world a...

+ Why the NIS2 Directive causes growing pains for businesses—In this Help Net Security video, Dror Liwer, co-founder of Coro, discusses how the EU’s NIS2, its latest security directive for businesses, offi...

+ Cybercriminals turn to pen testers to test ransomware efficiency—Threat actors are recruiting pen testers to test and improve the reliability of their ransomware for affiliate programs, according to Cato Networks. A...

+ Deepfake attacks occur every five minutes—As cybercriminals continue to adapt their techniques to find new ways through defenses, AI-assisted fraud is growing increasingly sophisticated and fr...

+ New infosec products of the week: November 22, 2024—Here’s a look at the most interesting products from the past week, featuring releases from Aon, Arkose Labs, HiddenLayer, Hornetsecurity, Radware, and...

+ US charges five alleged members of Scattered Spider gang—Law enforcement unsealed criminal charges against five alleged members of Scattered Spider, who allegedly targeted employees of companies nationwide w...

+ Active network of North Korean IT front companies exposed—An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide ha...

+ 2,000 Palo Alto Networks devices compromised in latest attacks—Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474...

+ HP Enterprise Security Edition protects PC hardware and firmware from physical attacks—HP announced HP Enterprise Security Edition, a suite of security capabilities designed to enhance the physical security of HP business class PCs. HP E...

+ HiddenLayer Automated Red Teaming prevents malicious manipulation of AI models—HiddenLayer launched Automated Red Teaming solution for artificial intelligence, a transformative tool that enables security teams to rapidly and thor...

+ Researchers unearth two previously unknown Linux backdoors—ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. The goal of the backdoors and too...

+ Lenovo introduces ThinkShield Firmware Assurance—Lenovo introduced ThinkShield Firmware Assurance as part of its portfolio of enterprise-grade cybersecurity solutions. ThinkShield Firmware Assurance ...

+ Owl Cyber Defense Solutions unveils all-in-one PCIe data diode card—Owl Cyber Defense Solutions announced the latest release of Owl Talon, which includes integration with a new all-in-one PCIe data diode card – Owl Tal...

+ Vanta announces new products to enhance GRC and trust programs—Vanta announced a number of new and upcoming products enabling customers to build, demonstrate and enhance their GRC and trust programs. The new offer...

+ Deep Instinct delivers malware and ransomware prevention for cloud data stored in S3 buckets—Deep Instinct launched Deep Instinct DSX for Cloud Amazon S3. As organizations increasingly rely on the cloud to power their digital transformation, b...

+ Belden announces products designed to enhance data security—Belden announces new network and data infrastructure products designed for secure, high-quality performance in critical applications. Data orchestrati...

+ Dev + Sec: A collaborative approach to cybersecurity—The age-old tension between development and security teams has long been a source of friction in organizations. Developers prioritize speed and effici...

+ Why AI alone can’t protect you from sophisticated email threats—In this Help Net Security interview, Riaz Lakhani, CISO at Barracuda Networks, discusses the effectiveness of AI-based behavioural analysis in combati...

+ Open-source and free Android password managers that prioritize your privacy—We’re often told to use strong, unique passwords, especially for important accounts like email, banking, and social media. However, managing different...

+ Google report shows CISOs must embrace change to stay secure—Google’s latest report, conducted in partnership with Hypothesis Group, reveals a stark reality for organizations: incremental security measures...

+ Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)—Palo Alto Networks has released fixes for two vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in its next-generation firewalls that have been exploi...

+ Major security audit of critical FreeBSD components now available—The FreeBSD Foundation, in partnership with the Alpha-Omega Project, has released the results of an extensive security audit of two critical FreeBSD c...

+ Navigating the compliance labyrinth: A CSO’s guide to scaling security—Imagine navigating a labyrinth where the walls constantly shift, and the path ahead is obscured by fog. If this brings up a visceral image, you’ve eit...

+ Transforming code scanning and threat detection with GenAI—In this Help Net Security interview, Stuart McClure, CEO of Qwiet AI, discusses the evolution of code scanning practices, highlighting the shift from ...

+ Evaluating GRC tools—According to Gartner, the broad range of pricing for government, risk, and compliance (GRC) tools requires enterprise risk management (ERM) leaders to...

+ ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps—ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) co...

+ How and where to report cybercrime: What you need to know—Cybercrime reporting mechanisms vary across the globe, with each country offering different methods for citizens to report cybercrime, including onlin...

As of 12/21/24 8:06am. Last new 12/20/24 11:46pm.  Score: 368