Security News

Identity-related threats pose an increasing risk to those protecting networks because attackers - ranging from financially motivated crime gangs and nation-state backed crews - increasingly prefer to log in using stolen credentials instead of exploiting vulnerabilities or social engineering. In two separate reports published on Wednesday, IBM X-Force and security biz CrowdStrike found a huge surge in cyber attacks using valid credentials and other techniques spoofing legitimate users.

Europe's General Data Protection Regulation has led European firms to store and process less data, recent economic research suggests, because the privacy rules are making data more costly to manage. The consequence of Europe's privacy regime, according to the researchers, is that "EU firms decreased data storage by 26 percent and data processing by 15 percent relative to comparable US firms, becoming less 'data-intensive.'".

End-to-end encrypted (E2EE) messaging app Signal said it’s piloting a new feature that allows users to create unique usernames (not to be confused with profile names) and keep the phone numbers...

Cybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-related disinformation. The activity has been linked to...

At Help Net Security, we've been following the cybersecurity business landscape closely for the past 25 years. FundingIn March 2023, the company closed a $16 million Series A funding round led by Google Ventures, with participation from Boldstart Ventures and Preface.

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the...

TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. "TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning Git revision history for secrets. My hunch was a lot of secrets buried in older versions of code, but no tools existed to look for them. My hunch was right. The tool quickly took off and became very popular. These days, it's been starred on GitHub ~14,000 times and is wildly adopted in the industry," Dylan Ayrey, CEO at Truffle Security and original author of TruffleHog, told Help Net Security.

Last year was challenging for the global market, and the market downturn greatly affected even the historically resilient cybersecurity ecosystem. In this Help Net Security video, Merav Ben Avi, Content Manager at YL Ventures, talks about how the Israeli cybersecurity industry, much like the global one, skyrocketed in 2021 with record-breaking capital and an exceptional number of new startups and unicorns.

China's censorship regime remains pervasive and far reaching, but the bureaucratic apparatus implementing it is unevenly developed and is not always well funded, according to a report released on Tuesday. The document analyzes censorship practices in the Middle Kingdom and concludes that "Despite the importance the CCP places on domestic information control, its censorship apparatus is unevenly developed and plagued by unfunded mandates."

In 2024, API requests accounted for 57% of dynamic internet traffic around the globe, according to the Cloudflare 2024 API Security & Management Report, confirming that APIs are a crucial component of modern software development. Poor API security practices can also have regulatory and legal consequences, cause disruption to company operations and even result in intellectual property theft.