Key strategies for ISO 27001 compliance adoption
In this Help Net Security interview, Robin Long, founder of Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001…
Category: HelpnetSecurity
How AI is revolutionizing identity fraud
Nearly half of businesses reported a growth in synthetic identity fraud, while biometric spoofs and counterfeit ID fraud attempts also increased, according to AuthenticID. Consumers…
LassPass is not LastPass: Fraudulent app on Apple App Store
A fraudulent app named “LassPass Password Manager” that mimics the legitimate LastPass mobile app can currently be found on Apple’s App Store, the password manager…
Akira, LockBit actively searching for vulnerable Cisco ASA devices
Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning.…
SOAPHound: Open-source tool to collect Active Directory data via ADWS
SOAPHound is an open-source data collection tool capable of enumerating Active Directory environments through the Active Directory Web Services (ADWS) protocol. How SOAPHound works SOAPHound…
Choosing the right partner when outsourcing cybersecurity
In this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing cybersecurity services.…
10 tips for creating your security hackathon playbook
For more than 12 years, I’ve been organizing and running hackathons with the goal of finding security vulnerabilities and fixing them before a product hits…
As-a-Service tools empower criminals with limited tech skills
As-a-service attacks continue to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up the majority of malicious tools in use by…
Qualys TotalCloud 2.0 measures cyber risk in cloud and SaaS apps
Qualys unveiled TotalCloud 2.0. This significant upgrade to Qualys’ AI-powered cloud native application protection platform (CNAPP) delivers a single prioritized view of cloud risk and…
Chinese hackers breached Dutch Ministry of Defense
Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as…
The fight against commercial spyware misuse is heating up
Though there are organizations out there investigating how commercial spyware is misused to target journalists, human rights defenders and dissidents, the growing market related to…
On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)
JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About CVE-2024-23917 CVE-2024-23917 could allow an unauthenticated threat…