Security News
In this Help Net Security interview, Travis Smith, VP of the Qualys TRU, talks about the 2023 Qualys TruRisk Threat Research Report, which provides security teams with data-backed insights to help them better understand how adversaries exploit vulnerabilities and render attacks. What tactics have threat actors used to exploit the most critical vulnerabilities, and what can organizations do to protect themselves?
If AI-based cybersecurity tools leveraged RLHF, they would be immensely powerful, intuitive, and effective and could improve detection and response times to even the most sophisticated threats. RLHF can be used to train AI-based models to detect and respond to potential threats more effectively by using human feedback to learn from real-world examples.
The RIG exploit kit touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. Exploit kits are programs used to distribute malware to large numbers of victims by taking advantage of known security flaws in commonly-used software such as web browsers.
SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, talks about the key findings:...
KQL is an interesting hybrid of scripting and query tools, so it's familiar to anyone who's used Python for data science or SQL for working with databases. It's designed to work against tables of data, with the ability to create variables and constants that can help control the flow of a set of KQL statements.
VMware has fixed two critical and two important security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility and intelligent analytics.Reported by Trend Micro's Zero Day Initiative, none of the flaws are currently exploited by attackers in the wild, but given threat actors' predilection for targeting widely used VMware solutions, fixing these sooner rather than later is a good idea.
VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight that could expose users to remote code execution attacks. Tracked as CVE-2022-31706 and CVE-2022-31704, the directory traversal and broken access control issues could be exploited by a threat actor to achieve remote code execution irrespective of the difference in the attack pathway.
A cyber security risk that comes from within an organization is referred to as an insider threat. Insider threats might be carried out purposefully or accidentally.
1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.
I recently had the opportunity to meet and speak with several luminaries of the global security ecosystem: Roger Hale - Chief Security Officer; BigID, Sounil Yu - CISO and Head of Research at JupiterOne; Debbie Taylor Moore - VP and Senior Partner Global Cybersecurity at IBM Consulting; and Jay Leek, Managing Partner and Co-founder of SYN Ventures. As the aftershocks of 2021 begin to clear, I was interested in getting CISOs' take on ensuing challenges and upcoming hurdles that require the attention of all security and business stakeholders.