Who owns customer identity? – Help Net Security
When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team…
Category: HelpnetSecurity
92% of enterprises unprepared for AI security challenges
Most industries continue to run almost two or more months behind in patching software vulnerabilities, endpoints remain vulnerable to threats, and most enterprise PCs must…
Bots dominate internet activity, account for nearly half of all traffic
49.6% of all internet traffic came from bots in 2023, a 2% increase over the previous year, and the highest level Imperva has reported since…
Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation
While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be as easy a disabling the devices’ telemetry, it has…
Thinking outside the code: How the hacker mindset drives innovation
Keren Elazari is an internationally recognized security analyst, author, and researcher. Since 2000, Keren has worked with leading Israeli security firms, government organizations, innovative start-ups,…
Damn Vulnerable RESTaurant: Open-source API service designed for learning
Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game.…
IT and security professionals demand more workplace flexibility
The concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a…
PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)
A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased”…
Cisco Duo provider breached, SMS MFA logs compromised
Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-factor authentication) SMS message logs…
Tanium Automate reduces manual processes for repeatable tasks
Alongside Tanium Guardian and its partnership with Microsoft Copilot for Security, Tanium Automate serves as another critical component in support of the autonomous endpoint management…
New open-source project takeover attacks spotted, stymied
The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ…
IDnow VideoIdent Flex blends AI technology with human interaction
IDnow has unveiled VideoIdent Flex, a new version of its expert-led video verification service that blends advanced AI technology with human interaction. The human-based video…