US organizations targeted with emails delivering NetSupport RAT
Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method. The malware campaign The campaign, dubbed PhantomBlu, takes.....»»
Message-scraping, user-tracking service Spy Pet shut down by Discord
Bot-driven service was also connected to targeted harassment site Kiwi Farms. Enlarge (credit: Discord) Spy Pet, a service that sold access to a rich database of allegedly more than 3 billion Discord messages and details.....»»
What AI can tell organizations about their M&A risk
Following the past few years of economic turbulence, merger and acquisition (M&A) activity is on the rise in 2024, with several acquisition deals being announced in the first few months of the year valued at billions of dollars. With the surge of AI.....»»
iPhone Upgrade Program glitch gives customers erroneous trade-in ‘canceled’ emails
A curious email from Apple is making its way to iPhone Upgrade Program customers. The message is telling many who upgraded to an iPhone 15 last fall that their completed trade-in has been “canceled” and the paid-off loan will “resume.” mo.....»»
Edgio Client-Side Protection enables organizations to secure critical customer data
Edgio released its Client-Side Protection solution. Designed to monitor scripts and APIs on the browser-side to prevent malicious code from exfiltrating sensitive customer data, Edgio Client-Side Protection allows teams to gain full visibility on cli.....»»
Anatomy IT’s new Security Suite targets healthcare cybersecurity threats, improves incident response
Anatomy IT has announced the launch of an expanded end-to-end cybersecurity product suite designed to safeguard healthcare delivery organizations from evolving and growing IT system threats. A record 133 million individuals were affected by healthcar.....»»
CISOs are nervous Gen AI use could lead to more security breaches
Malicious Gen AI use is on top of everyone's mind, as hackers create convincing phishing emails......»»
Zero Networks unveils identity segmentation solution to prevent credential theft
Zero Networks announced the addition of identity segmentation capabilities within the Zero Networks platform. As stolen credentials remain a top threat facing organizations, this new identity segmentation solution stops privileged account abuse by au.....»»
New Relic AI monitoring helps enterprises use AI with confidence
New Relic announced New Relic AI monitoring with a suite of new features to meet the evolving needs of organizations developing AI applications. New features include in-depth AI response tracing insights with real-time user feedback and model compari.....»»
The relationship between cybersecurity and work tech innovation
As organizations navigate the complexities of hybrid work arrangements and the gradual return to the office, the cybersecurity threat landscape has become increasingly challenging, with issues such as the proliferation of personal devices, the expans.....»»
GenAI can enhance security awareness training
One of the biggest concerns over generative AI is its ability to manipulate us, which makes it ideal for orchestrating social engineering attacks. From mining someone’s digital footprint to crafting highly convincing spear phishing emails, to voice.....»»
Invicti Predictive Risk Scoring identifies highest-risk applications
Invicti announced its new AI-enabled Predictive Risk Scoring capability. The feature assigns predicted risk to applications and helps organizations gain a strategic view of their overall application security risk. Predictive Risk Scoring allows organ.....»»
Veritas enhances cyber resilience with AI-powered solutions
Veritas Technologies announced artificial intelligence (AI)-powered advancements in Veritas 360 Defense. With the self-defending data protection solution, a generative AI-powered operational copilot and new ecosystem partners, organizations can more.....»»
CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)
A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The vulnerability allows attackers to escape their virtual file system and download system.....»»
How to improve response to emerging cybersecurity threats
Cyber resilience is a top priority for global organizations, and understanding threats plays a crucial role in building and maintaining a layered security approach. This Help Net Security round-up presents excerpts from previously recorded videos fea.....»»
Uncertainty is the most common driver of noncompliance
Most compliance leaders tend to focus on building an ethical culture in their organizations to improve employee behavior, but it has a limited impact on addressing uncertainty about how to be compliant, according to a survey by Gartner. Three primary.....»»
European XFEL elicits secrets from an important nanogel
An international team at the world's largest X-ray laser European XFEL at Schenefeld near Hamburg has scrutinized the properties of an important nanogel that is often used in medicine to release drugs in a targeted and controlled manner at the desire.....»»
Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!
More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%,” ransomware incident response firm Coveware.....»»
LastPass users targeted by vishing attackers
The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. “Initially, we learned of a new parked domain (help-lastpass[.]com) and immediately marked the website.....»»
The key pillars of domain security
From branded emails and marketing campaigns to critical protocols, internal portals, and internet traffic, domains are central to digital enterprise operations. They are constantly created for new assets and initiatives. In this Help Net Security vid.....»»
Protobom: Open-source software supply chain tool
Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data ac.....»»