Help net Security

• Too many ICS assets are exposed to the public internet

  The enterprise attack surface is expanding in multiple ways, becoming more numerous and more specific, according to runZero. “Our research reveals alarming gaps and unexpected trends in enterprise infrastructure, including the decay of network segmentation, persistent challenges in attack surface management, and the increasing volume of dark matter on modern networks,” said HD Moore, CEO. IT and OT are converging, expanding the attack surface of organizations and requiring new techniques to discover and manage assets. … More →

  The post Too many ICS assets are exposed to the public internet appeared first on Help Net Security.

• New infosec products of the week: May 17, 2024

  Here’s a look at the most interesting products from the past week, featuring releases from Calix, FireMon, ManageEngine, and OWASP Foundation. Calix strengthens SmartBiz security with automated alerts and anti-spam compliance tools Calix unveiled updates to SmartBiz, a purpose-built small business solution for broadband service providers (BSPs), that expand an existing set of security capabilities. These enhancements help BSPs ensure the safety, security, and compliance of critical small business online activities at scale. Updates include … More →

  The post New infosec products of the week: May 17, 2024 appeared first on Help Net Security.

• Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)

  New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely execute code during a “clone” operation. About Git Git is a widely-popular distributed version control system for collaborative software development. It can be installed on machines running Windows, macOS, Linux, and various *BSD distributions. Web-based software development platforms GitHub and GitLab are based on Git. Visual Studio, Microsoft’s integrated development environment, … More →

  The post Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) appeared first on Help Net Security.

• Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)

  For the third time in the last seven days, Google has fixed a Chrome zero-day vulnerability (CVE-2024-4947) for which an exploit exists in the wild. About CVE-2024-4947 CVE-2024-4947 is a type confusion vulnerability in V8, Chrome’s JavaScript and WebAssembly engine. And while the two Chrome zero days fixed in the past few days have been attributed to an anonymous researcher, this time around the reporters are known: Kaspersky threat researchers Vasiliy Berdnikov and Boris Larin. … More →

  The post Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) appeared first on Help Net Security.

• Palo Alto Networks partners with IBM to deliver AI-powered security offerings

  Palo Alto Networks and IBM announced a broad-reaching partnership to deliver AI-powered security outcomes for customers. The announcement is a testament to Palo Alto Networks’ and IBM’s commitment to each other’s platforms and innovative capabilities. The expanding and complex enterprise technology landscape, driven by digital transformation and the rapid growth of AI, presents significant cybersecurity challenges. To address increasingly sophisticated threats and evolving attack surfaces, organizations are prioritizing comprehensive security platforms that are underpinned by … More →

  The post Palo Alto Networks partners with IBM to deliver AI-powered security offerings appeared first on Help Net Security.

• Is an open-source AI vulnerability next?

  AI has captured widespread interest and offers numerous benefits. However, its rapid advancement and widespread adoption raise concerns, especially for those of us in cybersecurity. With so much interest, there are lots of insecure applications finding their way onto our devices and other endpoints, opening more pathways for the “bad guys” to steal our data. Applications developed within open-source communities often face more significant security challenges because they are free and widely available, supported by … More →

  The post Is an open-source AI vulnerability next? appeared first on Help Net Security.

• OWASP dep-scan: Open-source security and risk audit tool

  OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies. It supports local repositories and container images as input sources, making it suitable for integration with ASPM/VM platforms and use in CI environments. OWASP dep-scan features Caroline Russell, Staff Security Engineer at AppThreat, outlines the most important features: Depscan utilizes cdxgen to produce Software Bill-of-Materials (SBOMs), which allows us to support many different … More →

  The post OWASP dep-scan: Open-source security and risk audit tool appeared first on Help Net Security.

• Ebury botnet compromises 400,000+ Linux servers

  ESET researchers released its deep-dive investigation into one of the most advanced server-side malware campaigns. It is still growing and has seen hundreds of thousands of compromised servers in its at least 15-year-long operation. The Ebury group and botnet have been involved in the spread of spam, web traffic redirections, and credential stealing over the years. In recent years, they have diversified to credit card and cryptocurrency theft. Additionally, Ebury has been deployed as a … More →

  The post Ebury botnet compromises 400,000+ Linux servers appeared first on Help Net Security.

• Product showcase: Block ads, cookie pop-ups, trackers with CleanWeb

  A study by PageFair revealed that ad blocker usage surged by 30% in 2016 alone, reflecting a growing public concern for privacy and uninterrupted browsing. Fast-forward to today, and the numbers are even more dramatic. According to Forbes, Americans are bombarded with over 5K ads per day. That’s a stark increase, which ramps up the urgent need for comprehensive tools that shield against digital clutter. And Surfshark’s CleanWeb is the tool to do it. It’s … More →

  The post Product showcase: Block ads, cookie pop-ups, trackers with CleanWeb appeared first on Help Net Security.

• Cloud security incidents make organizations turn to AI-powered prevention

  Cloud security incidents are alarmingly on the rise, with 61% of organizations reporting breaches within the last year, marking a significant increase from 24% the year before, according to Check Point. This trend underscores the escalating risk landscape in cloud environments. The 2024 Cloud Security Report gathers insights from over 800 cloud and cybersecurity professionals. Cloud security incidents on the rise The latest survey from Check Point reveals a concerning trend: while most organizations continue … More →

  The post Cloud security incidents make organizations turn to AI-powered prevention appeared first on Help Net Security.