Invicti API Security uncovers hidden and undocumented APIs
Invicti announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution. The growth of service-based architectures has driven an…
Category: HelpnetSecurity
Most GitHub Actions workflows are insecure in some way
Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose major…
Overlooked essentials: API security best practices
In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect,…
SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain…
CSA updates its vendor-neutral cloud security training with CCSK v5 release
The Cloud Security Alliance (CSA) demonstrated its commitment to improving its vendor-neutral cloud security training with the release of the Certificate of Cloud Security Knowledge…
Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware…
SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube.…
Firmware update hides Bluetooth fingerprints
A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user–until now. A team of researchers has developed a simple firmware update that…
ChatGPTriage: How can CISOs see and control employees’ AI use?
It’s been less than 18 months since the public introduction of ChatGPT, which gained 100 million users in less than two months. Given the hype,…
Managing exam pressure: Tips for certification preparation
In this Help Net Security interview, Seth Hodgson, SVP of Engineering at Udemy, discusses effective study techniques for cybersecurity certification exams. Hodgson discusses the role…
Major data breaches that have rocked organizations in 2024
This article provides an overview of the major data breaches we covered in 2024 so far, highlighting incidents involving Trello, AnyDesk, France Travail, Nissan, MITRE,…
Paris 2024 Olympics to face complex cyber threats
While previous Olympic games have faced cybersecurity threats, the Games of the XXXIII Olympiad, also known as Paris 2024, will see the largest number of…