Zero-day exploitation surged in 2023, Google finds
2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer.....»»
Snowflake Data Clean Rooms helps organizations preserve the privacy of their data
Snowflake introduced Snowflake Data Clean Rooms to customers in AWS East, AWS West, and Azure West, revolutionizing how enterprises of all sizes can securely share data and collaborate in a privacy-preserving manner to achieve high value business out.....»»
NHS Scotland confirms ransomware attackers leaked patients’ data
NHS Dumfries and Galloway (part of NHS Scotland) has confirmed that a “recognised ransomware group” was able to “access a significant amount of data including patient and staff-identifiable information,” and has published R.....»»
AppViewX partners with Fortanix to address critical enterprise security challenges
AppViewX and Fortanix announced a partnership to offer cloud-delivered secure digital identity management and code signing. Together the companies make it easy to address critical enterprise security challenges with comprehensive, robust and scalable.....»»
Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV ca.....»»
Debunking compliance myths in the digital era
Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing relian.....»»
Cybercriminals use cheap and simple infostealers to exfiltrate data
The rise in identity-based attacks can be attributed to a rapid increase in malware, according to SpyCloud. Researchers found that 61% of data breaches in 2023, involving over 343 million stolen credentials, were infostealer malware-related. Of these.....»»
AI weaponization becomes a hot topic on underground forums
The majority of cyberattacks against organizations are perpetrated via social engineering of employees, and criminals are using new methods including AI to supercharge their techniques, according to ReliaQuest. Some 71% of all attacks trick employees.....»»
How CISOs tackle business payment fraud
In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise (BEC), cyber attackers’ use of AI, and securing the supply chain. These.....»»
Enterprises increasingly block AI transactions over security concerns
Enterprises must secure a transformation driven by generative AI (GenAI) bidirectionally: by securely adopting GenAI tools in the enterprise with zero trust while leveraging it to defend against the new AI-driven threat landscape, according to Zscale.....»»
AU10TIX’s Digital ID suite identifies potentially fraudulent activities
AU10TIX announced the expansion of its Digital ID solution, which enables businesses to securely verify IDs of all types, including physical, digital, eID, verifiable credentials, and more. AU10TIX’s fully automated Digital ID solution serves a.....»»
CyberArk Secure Browser helps prevent breaches resulting from cookie theft
CyberArk launched CyberArk Secure Browser, an identity-centric secure browser, providing enhanced security and privacy alongside a familiar, productive user experience. Backed by intelligent privilege controls and simple to deploy across devices, Cyb.....»»
Attackers leverage weaponized iMessages, new phishing-as-a-service platform
Scammers are leveraging the Darcula phishing-as-a-service platform, iMessages and Google Messages to great effect. The platform allows them to impersonate a variety of brands based in over 100 different countries: postal services, public and private.....»»
Malwarebytes adds AI functionality to ThreatDown Security Advisor
Malwarebytes has added AI functionality to its Security Advisor, available in every ThreatDown Bundle. Leveraging generative AI technology, the new capabilities will transform Security Advisor into a dynamic experience that allows customers to use si.....»»
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi.....»»
Bedrock Security protects sensitive data within one unified platform
Bedrock Security unveiled its data security platform. Empowering organizations to manage data risk introduced by cloud and generative AI, Bedrock continuously discovers, manages, and protects sensitive data. The platform is powered by data AI Reasoni.....»»
Cybersecurity essentials during M&A surge
The volume of mergers and acquisitions has surged significantly this quarter. Data from Dealogic shows a 130% increase in US M&A activity, totaling $288 billion. Worldwide M&A has also seen a substantial uptick, rising by 56% to $453 billion. Conside.....»»
Drozer: Open-source Android security assessment framework
Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. Drozer features The solution enables the identification of security vulnerabilities in applicati.....»»
Essential elements of a strong data protection strategy
In this Help Net Security interview, Matt Waxman, SVP and GM for data protection at Veritas Technologies, discusses the components of a robust data protection strategy, emphasizing the escalating threat of ransomware. He highlights the importance of.....»»
Cybersecurity jobs available right now: March 27, 2024
Cyber Product Owner UBS | Israel | On-site – View job details Your primary responsibilities will include owning and managing application security testing products, collaborating with the cyber hygiene operational team, and understandi.....»»