New infosec products of the week: February 2, 2024
Here’s a look at the most interesting products from the past week, featuring releases from BackBox, ProcessUnity, SentinelOne, and Vade. ProcessUnity unveils all-in-one platform for…
Category: HelpnetSecurity
DDoS attack power skyrockets to 1.6 Tbps
DDoS attack trends for the second half of 2023 reveal alarming developments in their scale and sophistication, according to Gcore. The maximum attack power rose…
Malicious logins from suspicious infrastructure fuel identity-based incidents
69% of identity-based incidents involved malicious logins from suspicious infrastructure, which are hosting providers or proxies that aren’t expected for a user or organization, according…
BackBox introduces ZTNO to automate zero trust security for network operations
In a significant stride towards enhancing network security, BackBox introduces Zero Trust Network Operations (ZTNO). This offering is a best practice framework with six actionable…
FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities
The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell (CVE-2021-44228) and PwnKit (CVE-2021-4034) vulnerabilities…
FBI disrupts Chinese botnet used for targeting US critical infrastructure
The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations.…
Dynatrace provides end-to-end observability of AI applications
Dynatrace announced it has extended its analytics and automation platform to provide holistic observability and security for LLMs and generative AI-powered applications. This enhancement to…
Threat actor used Vimeo, Ars Technica to serve second-stage malware
A financially motivated threat actor tracked as UNC4990 is using booby-trapped USB storage devices and malicious payloads hosted on popular websites such as Ars Technica,…
CVEMap: Open-source tool to query, browse and search CVEs
CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined and…
Custom rules in security tools can be a game changer for vulnerability detection
In this Help Net interview, Isaac Evans, CEO at Semgrep, discusses the balance between speed and thoroughness in CI/CD pipeline security scanning. Stressing the need…
Zero trust implementation: Plan, then execute, one step at a time
82% of cybersecurity professionals have been working on implementing zero trust last year, and 16% should be on it by the end of this year.…
Payment fraud is hitting organizations harder than ever before
96% of US companies were targeted with at least one fraud attempt in the past year, according to Trustpair. 83% of US companies saw an…