Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2023.2 Aside from updates for existing tools, a new Kali version usually comes with new tools. This time around it’s: Cilium-cli – For installing and managing Kubernetes clusters Cosign – For signing containers Eksctl – A CLI for Amazon EKS (managed Kubernetes service) Evilginx – A standalone MITM attack framework for … More →

The post Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more! appeared first on Help Net Security.

In this Help Net Security interview, Deepika Chauhan, CPO at DigiCert, talks about the importance of maintaining high trust assurance levels for businesses in today’s digital landscape. How does DigiCert define “digital trust,” and why is it essential for businesses to maintain high trust assurance levels in today’s digital landscape? Our world today is hyper connected. Devices are everywhere. People are online constantly. Sensitive data has moved to the cloud. Even core operational technology is … More →

The post The strategic importance of digital trust for modern businesses appeared first on Help Net Security.

In this Help Net Security video, Jason Lewkowicz, Chief Services Officer at Optiv, discusses mental health in cybersecurity, which needs more attention. There is a confluence of factors – from the cybersecurity talent shortage and reductions in force to volatile financial markets and stagnant budgets – forcing cybersecurity professionals at all levels to work beyond their standard capacity on any given day, leading to emotional stress and burnout. Add a cyber incident to the mix, … More →

The post Managing mental health in cybersecurity appeared first on Help Net Security.

Protecting operational technology (OT) systems is now more critical than ever as more organizations connect their OT environments to the internet, according to Fortinet. Although IT/OT convergence has many benefits, it is being hampered and handicapped by advanced and destructive cyberthreats. The spillover of these attacks is increasingly targeted at OT environments. “Fortinet’s report shows that while OT organizations have improved their overall cybersecurity posture, they also have continued opportunity for improvement. Networking and IT … More →

The post Organizations are placing OT cybersecurity responsibility on CISOs appeared first on Help Net Security.

Organizations of all sizes are increasingly falling victim to ransomware attacks and inadequately protecting against this rising cyberthreat, according to Veeam. One in seven organizations will see almost all (>80%) data affected as a result of a ransomware attack – pointing to a significant gap in protection. Attackers almost always target backups Veeam found that attackers almost always (93%+) target backups during cyberattacks and are successful in debilitating their victims’ ability to recover in 75% … More →

The post Attackers leave organizations with no recovery option appeared first on Help Net Security.

Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability (CVE-2023-2868) resulted in the deployment of three types of malware and data exfiltration. The company did not say how many organizations have been breached, but has comfirmed that the “earliest identified evidence of exploitation of CVE-2023-2868 is currently October 2022.” Zeor-day exploited, Barracuda ESG appliances backdoored On May 23, Barracuda Networks publicly acknowledged that attackers have been … More →

The post Attackers hacked Barracuda ESG appliances via zero-day since October 2022 appeared first on Help Net Security.

API calls make up the majority of our digital lives. Take, for example, the everyday use of a cloud-based food delivery app, which could involve up to 25 API calls. Between the order being placed, transmission to the restaurant, the coordination of delivery, and the processing of payments, this multi-party transaction includes at least four third-party providers, and a high volume of sensitive data shared between them. The top two highest-impact breach vectors for API … More →

The post The root causes of API incidents and data breaches appeared first on Help Net Security.

Building a custom cracking rig for research can be expensive, so penetration tester Max Ahartz built one on AWS. In this Help Net Security interview, he takes us through the process and unveils the details of his creation. What motivated you to undertake this project, and what were your objectives in creating the automated cracking rig? I embarked on this project with a dual motivation: my interest in automation and my recent exploration of AWS … More →

The post Penetration tester develops AWS-based automated cracking rig appeared first on Help Net Security.

Threat actors are abusing generative AI to carry out child sex abuse material (CSAM), disinformation, fraud and extremism, according to ActiveFence. “The explosion of generative AI has far-reaching implications for all corners of the internet,” said Noam Schwartz, CEO and founder of ActiveFence. “We’ve identified three key areas of concern. First, we’re seeing that threat actors are now able to accelerate and amplify their operations, leading to an unprecedented mass production of malicious content. Second, … More →

The post Generative AI: The new attack vector for trust and safety appeared first on Help Net Security.

Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organization, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. Barracuda Networks research finds 24% of organizations studied had at least one email account compromised through account takeover. The research shows that cybercriminals continue to barrage organizations with targeted email attacks, and many companies are struggling to keep up. While spear-phishing attacks are low-volume, they are … More →

The post Organizations spend 100 hours battling post-delivery email threats appeared first on Help Net Security.

Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. Any vulnerabilities within this software supply chain can jeopardize your and your customers’ safety. In this Help Net Security video, Tim Mackey, Head of Software Supply Chain Risk Strategy at Synopsys, discusses supply chain security practices and approaches.

The post CISO-approved strategies for software supply chain security appeared first on Help Net Security.

Media and entertainment (M&E) companies are rapidly turning to cloud storage in efforts to upgrade their security measures, according Wasabi. Survey findings highlighted that, while M&E organizations are still relatively new to cloud storage (69% of respondents had been using cloud storage for three years or less), public cloud storage use is on the rise, with 89% of respondents looking to increase (74%) or maintain (15%) their cloud services. Balancing budgets, security, and data loss … More →

The post Top public cloud security concerns for the media and entertainment industry appeared first on Help Net Security.

65% of organizations in the enterprise sector suffered a cyberattack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to Netwrix. Larger organizations are a more frequent target for cyberattacks The most common security incidents are also the same: phishing, ransomware and user account compromise. However, larger organizations are a more frequent target for ransomware or other malware attacks: 48% of enterprises experienced this type of … More →

The post Company size doesn’t matter when it comes to cyberattacks appeared first on Help Net Security.

Over the past year, 4 in 5 financial companies had experienced an increase in the number of verification cases involving foreign documents, according to Regula.

The post Digital nomads drive changes in identity verification appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Wireless Broadband Alliance CEO on key drivers for Wi-Fi adoption in enterprise networks This Help Net Security interview with Tiago Rodrigues, CEO at Wireless Broadband Alliance (WBA), delves into the future of enterprise networking, exploring the significant role of Wi-Fi 6E and Private 5G. Navigating the quantum leap in cybersecurity In this Help Net Security interview, we sit down with … More →

The post Week in review: Zyxel firewalls vulnerability, phishing campaign targets ChatGPT users appeared first on Help Net Security.

Keysight Technologies introduces the Keysight E5081A ENA-X, the midrange vector network analyzer (VNA) that produces error vector magnitude (EVM) measurements and accelerates the characterization of 5G component designs by up to 50%. Demand for ever-increasing data speeds with ultra-low latency is pushing the next generation of wireless communications systems to operate at higher radio frequencies (RF). To ensure 5G New Radio (NR) transmitters meet these operational demands, RF engineers must fully test the design and … More →

The post Keysight E5081A ENA-X produces error vector magnitude measurements appeared first on Help Net Security.

Edgewater Wireless Systems has announced its next-generation of Wi-Fi Spectrum Slicing powered silicon solutions targeting residential, enterprise and prosumer applications. Building on the latest Wi-Fi standard, WiFi7 (802.11BE), Edgewater’s platform offers more physical channel capacity than single-channel, legacy Wi-Fi architectures — bringing lower latency and reduced contention for existing and new devices. With ‘Beta’ Spectrum Slicing capable silicon now available for select partner evaluations, engineering samples of Edgewater’s WiFi7 silicon are targeted by the end … More →

The post Edgewater Wireless launches MLX 488 WiFi7 Spectrum Slicing platform appeared first on Help Net Security.

Hopr has secured $500K in funding from TEDCO, that has invested an additional $300K, doubling down on their initial investment of $200K, which occurred last year. “The outlook for startups has been rocky over the past 12 months due to liquidity and profitability concerns, but TEDCO’s second—and increased—investment in our company is evidence of strong investor confidence, which is a testament to both our company and its technology’s ability to generationally improve cybersecurity,” said Tom … More →

The post Hopr raises $500K to accelerate product-led go-to-market strategy appeared first on Help Net Security.

Coalesce has announced a new partner program to expand training options and teamwork, as well as to help Snowflake Data Cloud customers more effectively manage their modern data stack. The Coalesce Partner Program now features three tiers – Select, Premier, and Elite – offering various incentives including training, sales and marketing, and referral commissions. Coalesce partners are equipped with resources to build their Coalesce expertise and bring innovative joint solutions to the data market. “Since … More →

The post Coalesce Partner Program helps automate the modern data stack appeared first on Help Net Security.

Cognigy has entered into a strategic reseller partnership with Black Box. By combining Cognigy’s conversational AI-based technology with Black Box’s comprehensive CX solution practice, including a global network of CX professionals, the companies will deliver AI-based solutions that drive customer experiences. The benefits to customers of the partnership include increased automation and efficiency, as well as improved customer satisfaction and loyalty. By automating routine customer interactions with AI-based virtual assistants, businesses can free up contact … More →

The post Cognigy and Black Box partnership to accelerate deployment of conversational AI appeared first on Help Net Security.