In this video for Help Net Security, Andy Thompson, Global Research Evangelist at CyberArk, talks about Wi-Fi security. He walks you through various protocols we see in the wild, and introduces specific hacking techniques to crack Wi-Fi passwords. CyberArk researchers have already proven the ease with which attackers can access Wi-Fi networks, having recently gone on wardriving exercises in San Francisco, Dallas and Tel Aviv to uncover how many Wi-Fi networks could be could cracked … More →

The post Exploring the insecurity of readily available Wi-Fi networks appeared first on Help Net Security.

Executive performance evaluations will be increasingly linked to ability to manage cyber risk; almost one-third of nations will regulate ransomware response within the next three years; and security platform consolidation will help organizations thrive in hostile environments, according to the top cybersecurity predictions revealed by Gartner. In the opening keynote at the Gartner Security & Risk Management Summit in Sydney, Richard Addiscott, Senior Director Analyst and Rob McMillan, Managing VP at Gartner discussed the top … More →

The post Trends to watch when creating security strategy for the next two years appeared first on Help Net Security.

Abnormal Security released new research that showcases a rising trend in financial supply chain compromise as threat actors impersonate vendors more than ever before. In January 2022, the number of business email compromise (BEC) attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations in each month since. In May 2022, external, third-party impersonation made up 52% of all BEC attacks seen by … More →

The post Threat actors increasingly use third parties to run their scams appeared first on Help Net Security.

Imperva released a new study that uncovers the rising global costs of vulnerable or insecure APIs. The analysis of nearly 117,000 unique cybersecurity incidents estimates that API insecurity results in $41-$75 billion of losses annually. The study, conducted by the Marsh McLennan Cyber Risk Analytics Center, found that larger organizations were statistically more likely to have a higher percentage of API-related incidents. In fact, enterprises with revenues of at least $100 billion were 3-4x more … More →

The post Properly securing APIs is becoming increasingly urgent appeared first on Help Net Security.

MITRE has promoted Beth Meinert from vice president to Senior Vice President and General Manager, MITRE Public Sector (MPS) after a competitive search for the role. In this position, she will set the strategy and growth priorities of MPS, engage key senior sponsors, and oversee the work of the federally funded research and development centers (FFRDCs) that MITRE operates for civilian government agencies, including the Center for Government Effectiveness and Modernization (CGEM), Center for Securing … More →

The post MITRE promotes Beth Meinert to SVP and General Manager of MITRE Public Sector appeared first on Help Net Security.

Hexagon AB announced that Paolo Guglielmini will succeed Ola Rollén as President and CEO of Hexagon AB, effective 31 December 2022. Gun Nilsson has decided to step down as CEO for Hexagon’s principal shareholder MSAB on 1 October and consequently leave her position as Chairman of Hexagon AB at the Annual General Meeting (AGM) 2023. MSAB, in consultation with Hexagon’s nomination committee, has the intention to propose Ola Rollén as new Chairman of the Board … More →

The post Hexagon appoints Paolo Guglielmini as CEO appeared first on Help Net Security.

XM Cyber announced the acquisition of Cyber Observer, an innovator in Continuous Controls Monitoring (CCM) and Cloud Security Posture Management (CSPM). This marks the latest growth milestone for XM Cyber in a year that has found the company significantly increasing its leadership position in the cybersecurity industry. Organizations are evolving more quickly than ever before, influenced by increased regulation, competition, and customer expectations. Traditional risk management approaches are no longer cost-effective and cannot provide the … More →

The post XM Cyber acquires Cyber Observer to help organizations improve their security posture appeared first on Help Net Security.

Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and environment variables. All those credentials and metadata then get uploaded to one or more endpoints, and anyone on the web can see this. Going up a directory level showed hundreds of TXT files containing sensitive information and secret. In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, explains the … More →

The post Python packages with malicious code expose secret AWS credentials appeared first on Help Net Security.

In this Help Net Security interview, Dawn Cappelly, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are facing, offers advice on how they can overcome obstacles that prevent them improving their cybersecurity posture, and explains how the recently set up OT-CERT she’s heading can help asset owners and operators of industrial infrastructure. [The answers have been lightly edited for clarity] Supply chain risks are compounded … More →

The post OT security: Helping under-resourced critical infrastructure organizations appeared first on Help Net Security.

The latest APWG’s Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million. There were 384,291 attacks in March 2022, which was a record monthly total. In this video for Help Net Security, Joshua Crumbaugh, CEO, PhishFirewall, talks about how cybercriminals are taking their phishing attacks to … More →

The post How phishing attacks are becoming more sophisticated appeared first on Help Net Security.

The UK’s Information Commissioner’s Office (ICO) has issued its third largest ever fine of £7.5m. It was imposed on Clearview AI, the controversial facial recognition company that has already been on the wrong end of similar decisions from regulators in Italy, France and Australia. Clearview collected more than 20 billion images of people’s faces from Facebook and other social media platforms. It then sold access to those to private companies and institutions such as police … More →

The post Clearview fine: The unacceptable face of modern surveillance appeared first on Help Net Security.

Resecurity, Inc. (USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. The identified resources in one of the malicious campaigns impersonated various services appearing to be legitimately created on the “azurefd.net” domain. This allows the bad actors to trick users and spread phishing content to intercept credentials from business applications and e-mail accounts. Notably, most phishing resources were designed to target SendGrid, Docusign … More →

The post Cybercriminals use Azure Front Door in phishing attacks appeared first on Help Net Security.

Panther Labs surveyed 400 active security practitioners, primarily, security analysts and security engineers, to reflect the “boots on the ground” perspective for security teams. The goal of the research was to better understand how effective their current tools and processes are, improvements they recommend making going forward, the challenges they face, and projections for the future. Key findings The biggest challenge is efficiency. Most respondents say efficiency issues, like time wasted on false positives and … More →

The post 48% of security practitioners seeing 3x increase in alerts per day appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: QNAP NAS devices hit by DeadBolt and ech0raix ransomware Taiwan-based QNAP Systems is warning consumers and organizations using their network-attached storage (NAS) appliances of a new DeadBolt ransomware campaign. Fake voicemail notifications are after Office365, Outlook credentials A phishing campaign using fake voicemail notifications has been and is still targeting various US-based organizations, in an attempt to grab employees’ Office365 … More →

The post Week in review: Log4Shell exploitation, DevSecOps myths, 56 vulnerabilities impacting OT devices appeared first on Help Net Security.

Claroty announced the appointment of Heather Young as regional vice president of public sector sales. Young will lead Claroty engagements in the public sector that are focused on safeguarding U.S. critical infrastructure systems. This appointment comes on the heels of multiple initiatives by Claroty to partner with the U.S. government to strengthen the nation’s critical infrastructure security: OT Cyber Coalition: In April 2022, Claroty joined a diverse group of cybersecurity leaders to launch the Operational … More →

The post Claroty appoints Heather Young as RVP Public Sector Sales appeared first on Help Net Security.

Ascent Solutions announced the appointment of Sophanny Schwartz as Managing Director of Human Resources. Schwartz brings over 20 years of global human resource experience in technology, consulting, manufacturing and retail, including her last role at Schwan’s Company as the Vice President of HR Global Supply Chain, Logistics and Strategic Capital Investments and spent over a decade at Accenture. “Ascent is experiencing explosive growth,” JD Harris, CEO, said. “Sophanny has an incredible wealth of experience in … More →

The post Sophanny Schwartz joins Ascent Solutions as Managing Director of Human Resources appeared first on Help Net Security.

Cyware announces the successful completion of the System and Organization Controls (SOC) 2 Type 2 Audit for the trust services criteria relevant to Security (“applicable trust services criteria”) set forth in TSP section 100, Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria). The achievement highlights the company’s commitment to the highest levels of data security. SOC 2 is a reporting framework created by the American Institute of Certified … More →

The post Cyware completes SOC 2 Type 2 Compliance for data security appeared first on Help Net Security.

Bectran has released an identity validation solution designed to streamline the customer onboarding process with increased security. The Bectran All-in-One Credit, Collections & Accounts Receivable Management Platform can now validate driver’s license information through automation as part of the initial customer credit worthiness evaluation process, which isolates and reduces instances of fraud in new customer set up. Fraud-proof credit management processes require that businesses verify the identity and risks involved in maintaining a business relationship … More →

The post Bectran releases driver’s license verification solution to help businesses mitigate fraud in real-time appeared first on Help Net Security.

Datadog released Datadog Audit Trail, a new service that enables customers to audit all changes within the Datadog platform. Together with Datadog Sensitive Data Scanner and role-based access control (RBAC), Datadog Audit Trail helps businesses build a more complete compliance strategy for their observability data by mitigating the risk of significant data breaches, unauthorized user access and unintended configuration changes. Regulatory requirements such as FedRAMP, GDPR and HIPAA require businesses to audit their platform activity … More →

The post Datadog Audit Trail enables businesses to achieve their compliance and governance objectives appeared first on Help Net Security.

IOTech released Edge XRT 2.0, an open software platform designed for time-critical and embedded OT applications at the industrial IoT edge. Edge XRT 2.0 greatly simplifies the development of OT applications and enables faster time-to-market for new edge systems. It is hardware agnostic, independent of the silicon provider (Intel or ARM) and operating system. Users have complete deployment flexibility. They can deploy it as a native application, containerized and/or into a virtualized environment. With its … More →

The post IOTech Edge XRT 2.0 simplifies the development of time-critical OT applications appeared first on Help Net Security.