In late 2021, a never before seen macOS backdoor was delivered to pro-democracy individuals in Hong Kong via fake and compromised sites (for example, that of local radio station D100) by exploiting vulnerabilities in Webkit, the browser engine powering Safari, and XNU, the macOS and iOS kernel. On Tuesday, ESET researchers shared their knowledge about the attacks and the results of the analysis of that final malicious payload: a macOS backdoor with many capabilities, including … More →

The post DazzleSpy: macOS backdoor delivered through watering hole attacks appeared first on Help Net Security.

A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by local unprivileged users to gain full root privileges. While the vulnerability is not exploitable remotely and doesn’t, in itself, allow arbitrary code execution, it can be used by attackers that have already gained a foothold on a vulnerable host to escalate their privileges and achieve that capability. About the vulnerability (CVE-2021-4034) … More →

The post PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034) appeared first on Help Net Security.

Open source has transformed the software world, tremendously reducing the cost of introducing new technology by enabling broad reuse across products and industries. However, organizations pulling their code from open source will often find themselves in scenarios where they have created a Frankensteined final artifact, with extremely fragmented origins. This can cause problems when organizations fail to consider long-term support of the open-source libraries they rely on, and at worst can create security problems within … More →

The post Open-source code: How to stay secure while moving fast appeared first on Help Net Security.

As cybersecurity and regulatory compliance become the two largest concerns of corporate boards (Gartner, 2021), many organizations are adding cybersecurity experts specifically to scrutinize security and risk issues. Modern hybrid data center architectures span on-premises, physical and virtual machines (VMs), or multiple public cloud infrastructures. To meet and control the unique requirements of complex hybrid environments is time-consuming for IT teams. With increasing budgetary requirements, companies have to balance between high maintenance costs and having … More →

The post Product showcase: CIOs can optimize and secure hybrid IT environments with Runecast appeared first on Help Net Security.

Anchore released its second annual report of executive insights into managing enterprise software supply chain security practices. The report compiles responses from 428 leaders and executives in IT, security and development roles to identify the latest trends on how organizations are adapting to new security challenges of the software supply chain. The survey was conducted in December 2021, both before and after the Log4j zero-day vulnerability was published. The impact was seen immediately, with respondents … More →

The post Proactive software supply chain security becoming critical as threats rise appeared first on Help Net Security.

Experian released its annual forecast, which reveals five fraud threats for the new year. With consumers continuing to take a digital-first approach to everything from shopping, dating and investing, fraudsters are finding new and innovative ways to commit fraud. Buy now, pay never The Buy Now, Pay Later (BNPL) space has grown massively recently. In fact, the number of BNPL users in the US has grown by more than 300 percent per year since 2018, … More →

The post Buy now, pay later fraud, romance and cryptocurrency schemes top the list of threats this year appeared first on Help Net Security.

Spurred on by economic shutdowns, cyber criminals have become more cunning and brazen than ever before, executing ransomware attacks against organizations of all sizes across all industries. JBS Meats, Colonial Pipeline, Air India and CWT Global are among the massive headlines of 2021, drawing record-breaking ransoms and FBI involvement. Despite best efforts from security personnel to federal involvement, ransomware is still the biggest threat organizations will face this year. These attacks have the potential to … More →

The post How to achieve greater cyber resiliency appeared first on Help Net Security.

Nation states will ramp up mobile cyber attacks; hyperscalers will mimic Google and introduce powerful proprietary encryption protocols; and new edge clouds could make the last mile vulnerable. These are amongst the major 2022 mobile industry trends trends Enea has highlighted in its report. Mobile industry trends in 2022 State-sponsored cyber attacks accelerate and evolve 2022 will undoubtedly bring an increase in the number and sophistication of nation state cyber attacks on mobile telecom infrastructure. … More →

The post What’s in for mobile operators this year? appeared first on Help Net Security.

The global DDoS protection and mitigation market size is expected to grow from $3.3 billion in 2021 to $6.7 billion by 2026, at a Compound Annual Growth Rate (CAGR) of 15.1% from 2021 to 2026, according to ResearchAndMarkets. The major factors fueling the DDoS protection and mitigation market include growing demand for sophisticated security solutions, evolving regulatory landscape, and growing volumes of business data across industries. Cyberattacks on websites are increasing at an alarming rate … More →

The post DDoS protection and mitigation market to reach $6.7 billion by 2026 appeared first on Help Net Security.

SafeBreach has launched the ransomware challenge, a free assessment designed to help customers understand their level of vulnerability to specific ransomware attacks and provide actionable intelligence about the immediate steps they can take to minimize their risk. The ransomware challenge will showcase post-exploitation behaviors including command and control communications, reconnaissance, credential theft, as well as malware transfer and execution of select ransomware variants. Participants will receive a customized report with key findings and remediation guidance. … More →

The post SafeBreach’s free assessment allows enterprises to utilize breach and attack simulation appeared first on Help Net Security.

LiveAction released ThreatEye NV, a network detection and response platform (NDR) that combines next-generation data collection, advanced behavior analysis and streaming machine learning to give SecOps teams visibility into encrypted traffic, threats and network anomalies. Utilizing Deep Packet Dynamics (DPD) that eliminates the need for payload inspection, the platform analyzes more than 150 packet traits and behaviors across multi-vendor, multi-domain and multi-cloud network environments. This helps accelerate real-time threat detection, eliminates encryption blindness, validates encryption … More →

The post LiveAction ThreatEye NV provides visibility into encrypted traffic and network anomalies appeared first on Help Net Security.

CyberSheath has introduced a new service that provides all federal contractors with a cost-effective, scalable solution to meet cybersecurity requirements across security, IT, and compliance. Federal Enclave is both a common-sense approach to protecting data amid ever-increasing cybersecurity requirements and the most comprehensive Defense Federal Acquisition Regulation Supplement (DFARS) compliant enclave. It ensures users that handle sensitive data always have secure access to an out-of-the-box compliant environment, secured and managed by CyberSheath. Based on Microsoft … More →

The post CyberSheath Federal Enclave offers cybersecurity compliance requirements for federal contractors appeared first on Help Net Security.

Ivanti announced new integrated solutions: Ivanti Neurons for Patch Management, Ivanti Neurons Digital Assistant, and enhancements to Ivanti Neurons for Healing with automatic ticket classification. With these releases, Ivanti continues to deliver on its mission of enabling and securing the Everywhere Workplace. Ivanti Neurons is a hyperautomation platform that leverages artificial intelligence and machine learning to address the growing demands placed on IT and security teams amid the global shift to remote and hybrid work. … More →

The post Ivanti announces solutions and enhancements to automate complicated workflows appeared first on Help Net Security.

Information Services Group (ISG) launched ISG Executive Insights, a market intelligence and data analytics platform that addresses the challenges of managing increasingly complex supplier ecosystems. With ISG Executive Insights, organizations can now gather insights in one platform to optimize provider relationships, risk and compliance. The new data-analytics-as-a-solution offering is powered by ISG’s data repository, a comprehensive, curated database of global IT, business process and engineering outsourcing contracts—paired with ISG’s patented IT price benchmarking, market cost … More →

The post ISG Executive Insights helps users manage their complex supplier ecosystems appeared first on Help Net Security.

Samsung Electronics introduced its new fingerprint security IC (integrated circuit) ─ S3B512C ─ with enhanced security features. The new solution is EMVCo and Common Criteria Evaluation Assurance Level (CC EAL) 6+ certified and performs in line with Mastercard’s latest Biometric Evaluation Plan Summary (BEPS) specifications for biometric payment cards. “S3B512C combines a fingerprint sensor, Secure Element (SE) and Secure Processor, adding an extra layer of authentication and security in payment cards,” said Kenny Han, vice … More →

The post Samsung’s fingerprint security IC prevents fraudulent transactions made with stolen cards appeared first on Help Net Security.

Accenture and Celonis have formed a strategic alliance to help organizations gain the insights they need to continuously update and optimize their business processes. Accenture has embedded Celonis’ data-driven execution management capabilities into its tools and platforms, including myConcerto and SynOps, to provide new levels of transparency and insights to inform decision-making. The strategic collaboration brings together Accenture’s vast functional capabilities, with its lifecycle management and automation experience to extend the process mining and execution … More →

The post Accenture collaborates with Celonis to help organizations optimize business processes appeared first on Help Net Security.

Cato Networks and Expereo announced that Expereo will be offering Cato SASE Cloud services worldwide. Cato also certified Expereo as an MSP Premium Partner, the highest certification Cato awards MSPs, attesting to the thorough SASE training and expertise of the Expereo team. Along with extensive design and implementation experience, Expereo brings unmatched global reach, delivering last-mile access in over 190 countries. “We are delighted to be partnering with Expereo,” says Mark Draper, EMEA Channel Director … More →

The post Expereo partners with Cato Networks to offer managed SASE services worldwide appeared first on Help Net Security.

Splunk announced the appointment of Rolddy Leyva to Chief Diversity Officer. Reporting to Kristen Robinson, Chief People Officer, Leyva will lead worldwide diversity, equity and inclusion (DEI) and employee experience for the data platform leader for security and observability. In his role, Leyva will work closely with Splunk leaders to grow a diverse workforce, nurture a culture of inclusion in the workplace, and drive positive change in the marketplace for Splunk and its customer and … More →

The post Splunk appoints Rolddy Leyva as Chief Diversity Officer appeared first on Help Net Security.

Equifax announced the international expansion of its verification services, powered by the company’s multi-year investment in the Equifax Cloud. Verification Exchange, a secure, automated cloud-based service that streamlines the process of verifying employment and income information, is now available in Australia and the United Kingdom – rapidly following the service’s rollout and success in Canada and the availability of Equifax employment verification services in India. “Equifax has a deep expertise in verification services. Over the … More →

The post Equifax announces international expansion of its verification services appeared first on Help Net Security.

The European Union is, once again, calling on bug hunters to delve into specific open source software and report bugs. This time around, the list of software that should be probed for weaknesses includes: LibreOffice – a free office suite Mastodon – free and open-source software for running self-hosted social networking services Odoo – a suite of business management software Cryptpad – a browser-based encrypted open-source collaboration platform that allows people to work together online … More →

The post EU launches bug bounty programs for five open source solutions appeared first on Help Net Security.