CYBER45

The dire shortage of information security experts has left organizations struggling to keep up with the growing demand for their skills. Still, getting a job in cybersecurity tends to take time and effort. In this Help Net Security interview, Joseph Cooper, C…

Recently, I was asked to imagine that I had been granted an hour with top officials at the Cybersecurity and Infrastructure Security Agency (CISA) – what advice would I offer to help it have an even bigger impact in 2023 and beyond? It was only in 2018 that t…

One thing is clear. The "business value" of data continues to grow, making it an organization's primary piece of intellectual property.
From a cyber risk perspective, attacks on data are the most prominent threat to organizations. 
Regulators, cyber insurance…

AtlasVPN is hoping to lure new subscribers with massive discounts and a few months' free thrown in.

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild.
Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine t…

Despite the widespread belief that understanding the cyber threat actors who could be targeting their organization is important, 79% of respondents stated that their organizations make the majority of cybersecurity decisions without insights into the threat a…

Canonical released real-time Ubuntu 22.04 LTS, providing a deterministic response to an external event, aiming to minimise the response time guarantee within a specified deadline. The new enterprise-grade real-time kernel is ideal for stringent low-latency re…

The number of DDoS attacks we see around the globe is on the rise, and that trend is likely to continue throughout 2023, according to Corero. We expect to see attackers deploy a higher rate of request-based or packets-per-second attacks. In this Help Net Secu…

Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America.
The tech giant's Security Intelligence team is tracking the cluster under the emerging moniker DEV-0147, describing the acti…

Expel managed detection and response (MDR) for Kubernetes enables customers to secure their business across their Kubernetes environment and adopt new technologies at scale without being hindered by security concerns. “Organizations are adopting Kubernetes as…

Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!

Apple has released security updates that fix a WebKit zero-day vulnerability (CVE-2023-23529) that "may have been actively exploited." The bug has been fixed in iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3.1, and possibly also i

“Swiss Army knife” malware – multi-purpose malware that can perform malicious actions across the cyber-kill chain and evade detection by security controls – is on the rise, according to the results of Picus Security’s analysis of over 550,000 real-world malwa…

Malicious actors have published more than 451 unique Python packages on the official Python Package Index (PyPI) repository in an attempt to infect developer systems with clipper malware.
Software supply chain security company Phylum, which spotted the librar…

Cybercriminals remained active in spying and information stealing, with lottery-themed adware campaigns used as a tactic to obtain people’s contact details, according to Avast. Threats using social engineering to steal money, such as refund and invoice fraud …

A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal information or sharing their crypto wallet’s secret recovery phrase. Attention @Namec…

Let's face it, security teams are only as good as the next problem they face. But why is keeping up so difficult? New/evolving requirements, lengthy/confusing acronyms, and countless moving parts plague compliance regulations. In this Help Net Securit

Recently, at Cybertech Tel Aviv 2023, I met with Luigi Lenguito, CEO at Bfore.AI, who introduced me to their technology. In this Help Net Security interview, Lenguito talks about threat prevention challenges and how his company can predict cyber attacks befor…

Domain registrar Namecheap had their email account breached Sunday night, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients' personal information and cryptocurrency wallets.

There have been a number of reports of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as production systems are commonly connecte…

A new ransomware group going by the name 'DarkBit' has hit Technion - Israel Institute of Technology, one of Israel's leading research universities. The ransom note posted by DarkBit is littered with messaging protesting tech layoffs and promoting anti-Israel…

Integreon has unveiled the development of CyberHawk-AI, an advanced automated technology that utilizes artificial intelligence (AI) to streamline the process of extracting and analyzing sensitive data following cyber breaches. This technology will be integrat…

The concept of zero trust – as a way to improve the security of and access to an organization’s network, systems, and data – has gained traction in recent years. The basic premise is that no user or device should be trusted by default and all access to data a…

A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information.
Enterprise security company Proofpoint, which is tracking the activity cluster under the name Screentime, s…

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: While governments pass privacy laws, companies struggle to change In this Help Net Security interview, Bill Tolson, VP of Compliance and eDiscovery at Archive360…

CyberData Pros has partnered with Ketch to provide data security and compliance services for clients worldwide. CyberData Pros specializes in data security, compliance, consulting, and due diligence, allowing their analysts to provide solution-oriented awaren…

Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts.
The attackers "use several highly obfuscated and under-developm…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild.
Included among the three is CVE-2022-24990, a bug affecting TerraMa…

State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory.
The attacks…

Acalvio launched Identity Threat Detection and Response (ITDR) solution that offers identity attack surface area visibility and management, and Active Defense against identity threats. By incorporating Active Defense, Acalvio’s ITDR solution changes the envir…

Socure has joined the FIDO (Fast IDentity Online) Alliance to advance identity verification standards that make it easy to verify identity online and protect against identity fraud across industries. Socure’s mission is to verify 100% of good identities in re…

Members of the Health-ISAC can ingest threat indicators directly into Chronicle to investigate whether the threat is present in their environment.

N-able launched N-able Managed Endpoint Detection and Response (Managed EDR), a threat monitoring, hunting, and response service designed for MSPs that have standardized on N-able Endpoint Detection and Response (EDR). Managed EDR supplements EDR with dedicat…

Here are three of the worst breaches, attacker tactics and techniques of 2022, and the security controls that can provide effective, enterprise security protection for them.
#1: 2 RaaS Attacks in 13 Months
Ransomware as a service is a type of attack in which …

With Veza and GitHub integration, Veza customers who use GitHub can now keep company IP out of the hands of threat actors by managing access permissions to the organization’s codebase. Identity-related attacks continue to be the top culprit behind data breach…

IT and security teams are consolidating management and security functions to help better deliver new applications to end users, improve regulatory compliance, and reduce cyberattacks resulting from poor coordination between endpoint security and management te…

Strike Graph has integrated a new solution which allows customers to go through security audits powered by technology at a fraction of the cost and time. This new streamlined offering was made available in 2022 and resulted in over 80% of customers choosing S…

SecuriThings announced a new Managed Service Platform for the physical security space that enables managed service providers to manage, visualize and maintain customer environments from a single pane of glass. Organizations across the globe invest extensively…

Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems.
The company bla…

75% of the organizations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average potential costs of more than $1 million for their most expensive attack, according to a new Barracuda Networks rep

Adaptive Shield has partnered with Datadog to provide joint customers with the ability to stream and visualize SaaS security alerts from Adaptive Shield. For all SaaS apps, users, and associated devices, the Adaptive Shield platform continuously monitors and …

Popular social news website and forum Reddit has been breached (again) and the attacker “gained access to some internal docs, code, as well as some internal dashboards and business systems,” but apparently not to primary production systems and user data. How …

What is the analyst on a penetration testing team, what role they perform at Kaspersky, and why is their job vital to the success of the project?

SentryBay adds to its family of Armored Client products with a solution specifically designed to address the client-side security gaps of Microsoft Azure Virtual Desktop and Windows 365 – while harnessing the strengths of Intune. Users of endpoint devices tha…

Here’s a look at the most interesting products from the past week, featuring releases from Cequence Security, Deepwatch, Neustar Security Services, OPSWAT, and SecuriThings. OPSWAT MetaDefender Kiosk K2100 secures critical networks in challenging environments…