Security News
The 14-year-old company and single sign-on market share leader announced this month that it is adding a key element of visibility, the Security Center, to its Auth0-powered Okta Customer Identity Cloud. The Security Center dashboard is designed to give near real-time asset visibility to teams focused on customer identity, user experience and security.
Brian Behlendorf, CTO at the Open Source Security Foundation, shares insights on the influence of his experiences with the White House CTO office, World Economic Forum, and Linux Foundation on leading the OpenSSF and addressing open-source security challenges. Like all software projects, open source software projects are never over-staffed; they are volunteers struggling not just to write the functionality they need but also to fix the bugs they and others find, paying down technical debt and implementing better security practices and tools often fall way behind in priority compared to new feature work and bug-fixing.
For its recent research focusing on web entities, Censys leveraged its internet-wide scan data to understand better the applications and services that have become core to our existence, evaluating the state of security on the modern internet. In this Help Net Security video, Himaja Motheram, Security Researcher at Censys, offers insight into the assets and weaknesses across organizations' internet infrastructure.
Organizations have strengthened security measures and become more resilient, but threat actors are still finding ways through, according to BakerHostetler. "We launched the Data Security Incident Response Report nine years ago because we recognized that organizations were making data-driven decisions about other areas of risk and compliance and that there was no source for that purpose for data security," said Theodore J. Kobus III, chair of BakerHostetler's Digital Assets and Data Management Practice Group.
In this Help Net Security interview, Travis Smith, VP of the Qualys TRU, talks about the 2023 Qualys TruRisk Threat Research Report, which provides security teams with data-backed insights to help them better understand how adversaries exploit vulnerabilities and render attacks. What tactics have threat actors used to exploit the most critical vulnerabilities, and what can organizations do to protect themselves?
If AI-based cybersecurity tools leveraged RLHF, they would be immensely powerful, intuitive, and effective and could improve detection and response times to even the most sophisticated threats. RLHF can be used to train AI-based models to detect and respond to potential threats more effectively by using human feedback to learn from real-world examples.
The RIG exploit kit touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. Exploit kits are programs used to distribute malware to large numbers of victims by taking advantage of known security flaws in commonly-used software such as web browsers.
SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, talks about the key findings:...
KQL is an interesting hybrid of scripting and query tools, so it's familiar to anyone who's used Python for data science or SQL for working with databases. It's designed to work against tables of data, with the ability to create variables and constants that can help control the flow of a set of KQL statements.
VMware has fixed two critical and two important security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility and intelligent analytics.Reported by Trend Micro's Zero Day Initiative, none of the flaws are currently exploited by attackers in the wild, but given threat actors' predilection for targeting widely used VMware solutions, fixing these sooner rather than later is a good idea.