The importance of a good API security strategy
In 2024, API requests accounted for 57% of dynamic internet traffic around the globe, according to the Cloudflare 2024 API Security & Management Report, confirming…
Category: HelpnetSecurity
TruffleHog: Open-source solution for scanning secrets
TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. “TruffleHog was originally a research tool I independently authored…
Alleged Raccoon Infostealer operator extradited, verification site set up for victims
A Ukrainian national was extradited to the United States from the Netherlands after being indicted for crimes related to fraud, money laundering, and aggravated identity…
LockBit disrupted by international law enforcement task force
On Monday afternoon, LockBit’s leak site has been taken over by a coalition of law enforcement agencies and is showing a seizure notice that promises…
LockBit takedown: Infrastructure disrupted, criminals arrested, decryption keys recovered
In the wake of yesterday’s surprise law enforcement takeover of LockBit’s leak site, the UK National Crime Agency (NCA) and Europol have shared more information…
Clean links and sophisticated scams mark new era in email attacks
Analysis of 7 billion emails shows clean links are duping users, malicious EML attachments increased 10-fold in Q4, and social engineering attacks are at all-time…
36% of code generated by GitHub CoPilot contains security flaws
Security debt, defined as flaws that remain unfixed for longer than a year, exists in 42% of applications and 71% of organizations, according to Veracode.…
How to make sense of the new SEC cyber risk disclosure rules
SEC’s new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18,…
How decentralized identity is shaping the future of data protection
In this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the promises and implications of decentralized identity (DCI) in cybersecurity. By…
RCE vulnerabilities fixed in SolarWinds enterprise solutions
SolarWinds has released updates for Access Rights Manager (ARM) and (Orion) Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations.…
Inside the strategy of Salesforce’s new Chief Trust Officer
Recently, Salesforce named Brad Arkin, previously Chief Security & Trust Officer at Cisco, the company’s new Chief Trust Officer. This was the perfect opportunity to…
CVE Prioritizer: Open-source tool to prioritize vulnerability patching
CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog…