Help Net Security Daily information security news with a focus on enterprise security.
');
document.write('
');
document.write('
Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) ');
document.write('The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that US federal civilian agencies implement the patch for it by April 16. As per usual, details about the attack in which the flaw is leveraged have not been shared. About CVE-2023-24955 and CVE-2023-29357 CVE-2023-24955 and CVE-2023-29357, a … More → The post Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) appeared first on Help Net Security.');
document.write('
');
document.write('
Debunking compliance myths in the digital era ');
document.write('Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing reliance on software and other digital services in the cloud. As strange as it may sound, compliance is an enabler of this growth. Businesses usually perceive compliance as a necessity, not a choice. However, besides following regulatory … More → The post Debunking compliance myths in the digital era appeared first on Help Net Security.');
document.write('
');
document.write('
Enterprises increasingly block AI transactions over security concerns ');
document.write('Enterprises must secure a transformation driven by generative AI (GenAI) bidirectionally: by securely adopting GenAI tools in the enterprise with zero trust while leveraging it to defend against the new AI-driven threat landscape, according to Zscaler. AI has already become a part of business as usual, as enterprises leverage and integrate new features and tools into their day-to-day workflows, multiplying the volume of transactions and data generated. The much higher volume is reflected in the … More → The post Enterprises increasingly block AI transactions over security concerns appeared first on Help Net Security.');
document.write('
');
document.write('
How CISOs tackle business payment fraud ');
document.write('In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise (BEC), cyber attackers’ use of AI, and securing the supply chain. These are now occurring frequently within the finance team and targeted payment processes. The post How CISOs tackle business payment fraud appeared first on Help Net Security.');
document.write('
');
document.write('
AI weaponization becomes a hot topic on underground forums ');
document.write('The majority of cyberattacks against organizations are perpetrated via social engineering of employees, and criminals are using new methods including AI to supercharge their techniques, according to ReliaQuest. Some 71% of all attacks trick employees via the use of phishing, and of particular concern is a sharp rise in QR code phishing, which increased 51% last year compared to the previous eight months. Employees are also being duped into downloading fake updates – often to … More → The post AI weaponization becomes a hot topic on underground forums appeared first on Help Net Security.');
document.write('
');
document.write('
Cybercriminals use cheap and simple infostealers to exfiltrate data ');
document.write('The rise in identity-based attacks can be attributed to a rapid increase in malware, according to SpyCloud. Researchers found that 61% of data breaches in 2023, involving over 343 million stolen credentials, were infostealer malware-related. Of these compromised identity records, one in four contained information about the user’s network or physical location, putting the individual’s identity, platforms they have access to, and physical well-being at risk. Infostealer malware exposes user information Taking a deeper look … More → The post Cybercriminals use cheap and simple infostealers to exfiltrate data appeared first on Help Net Security.');
document.write('
');
document.write('
CyberArk Secure Browser helps prevent breaches resulting from cookie theft ');
document.write('CyberArk launched CyberArk Secure Browser, an identity-centric secure browser, providing enhanced security and privacy alongside a familiar, productive user experience. Backed by intelligent privilege controls and simple to deploy across devices, CyberArk Secure Browser is purpose-built for a cloud-first world, providing secure, consistent access to both on-premises resources and SaaS applications. It allows unprecedented visibility, control and governance for security teams, helping to prevent the malicious use of compromised identities, endpoints and credentials both at … More → The post CyberArk Secure Browser helps prevent breaches resulting from cookie theft appeared first on Help Net Security.');
document.write('
');
document.write('
AU10TIX’s Digital ID suite identifies potentially fraudulent activities ');
document.write('AU10TIX announced the expansion of its Digital ID solution, which enables businesses to securely verify IDs of all types, including physical, digital, eID, verifiable credentials, and more. AU10TIX’s fully automated Digital ID solution serves as a verification hub for business owners, enabling more accurate identity verification. It enhances completion rates, improves the customer experience, and drives revenue growth. The solution ensures thorough verification of all digital IDs by validating the cryptographic signature and cross-checks the … More → The post AU10TIX’s Digital ID suite identifies potentially fraudulent activities appeared first on Help Net Security.');
document.write('
');
document.write('
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) ');
document.write('Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo Security, told Help Net Security. “We observed hundreds of compromised clusters in the past three weeks alone. Each cluster uses a public IP address, and most clusters contain hundreds to thousands of servers. There are hundreds of … More → The post AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) appeared first on Help Net Security.');
document.write('
');
document.write('
Malwarebytes adds AI functionality to ThreatDown Security Advisor ');
document.write('Malwarebytes has added AI functionality to its Security Advisor, available in every ThreatDown Bundle. Leveraging generative AI technology, the new capabilities will transform Security Advisor into a dynamic experience that allows customers to use simple natural language requests to search for information about their environment, ask for recommendations on how to optimize their security posture, automatically implement updates, and more. This will allow customers to quickly mitigate threats, reduce risk, and boost efficiency. “As we … More → The post Malwarebytes adds AI functionality to ThreatDown Security Advisor appeared first on Help Net Security.');
document.write('