Help Net Security

Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed

Helga Labus — Mon, 28 Aug 2023 11:34:18 +0000

Financial and risk advisory firm Kroll has suffered a SIM-swapping attack that allowed a threat actor to access files containing personal information of clients of bankrupt cryptocurrency platforms FTX, BlockFi and Genesis. The Kroll SIM-swapping attack On Saturday, August 19, 2023, an attacker targeted a Kroll employee’s T-Mobile US account “in a highly sophisticated SIM swapping attack”. “Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred that employee’s phone number … More →

The post Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed appeared first on Help Net Security.

PoC for no-auth RCE on Juniper firewalls released

Zeljka Zorz — Mon, 28 Aug 2023 10:20:06 +0000

Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Junos OS vulnerabilities and fixes Earlier this month, Juniper Networks published an out-of-cycle security bulletin notifying customers using its SRX firewalls and EX switches of vulnerabilities that, chained together, would allow attackers to remotely execute code on vulnerable appliances. The four vulnerabilities … More →

The post PoC for no-auth RCE on Juniper firewalls released appeared first on Help Net Security.

Uncovering a privacy-preserving approach to machine learning

Help Net Security — Mon, 28 Aug 2023 05:00:29 +0000

In the era of data-driven decision making, businesses are harnessing the power of machine learning (ML) to unlock valuable insights, gain operational efficiencies, and solidify competitive advantage. Although recent developments in generative artificial intelligence (AI) have raised unprecedented awareness around the power of AI/ML, they have also illuminated the foundational need for privacy and security. Groups like IAPP, Brookings, and Gartner’s recent AI TRiSM framework have outlined key considerations for organizations looking to achieve the … More →

The post Uncovering a privacy-preserving approach to machine learning appeared first on Help Net Security.

Adapting authentication to a cloud-centric landscape

Mirko Zorz — Mon, 28 Aug 2023 04:30:22 +0000

In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies. What are some real-world consequences of ineffective authorization, and how can they be prevented? Ineffective authorization can have multiple negative consequences, some of them include: Data breaches: When unauthorized individuals have access to sensitive … More →

The post Adapting authentication to a cloud-centric landscape appeared first on Help Net Security.

What true diversity in the cybersecurity industry looks like

Help Net Security — Mon, 28 Aug 2023 04:00:56 +0000

In this Help Net Security video, Larry Whiteside, Jr., CISO at RegScale and President of Cyversity, discusses how, now more than ever, the cybersecurity industry needs the diversity of thought to address the increasingly complex and technology-driven challenges organizations face.

The post What true diversity in the cybersecurity industry looks like appeared first on Help Net Security.

Experts demand clarity as they struggle with cloud security prioritization

Help Net Security — Mon, 28 Aug 2023 03:30:48 +0000

Cloud Native Application Protection Platforms (CNAPPs) have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively securing multi-cloud environments, according to Cloud Security Alliance. Secure cloud computing environment Much of CNAPPs popularity has been driven by their ability to consolidate the capabilities of the numerous security tools organizations current deploy, namely Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), and Cloud Infrastructure Entitlement Management (CIEM), network … More →

The post Experts demand clarity as they struggle with cloud security prioritization appeared first on Help Net Security.

Customizing LLMs for domain-specific tasks

Help Net Security — Mon, 28 Aug 2023 03:00:57 +0000

The expansion of large language models (LLMs) in recent times has brought about a revolutionary change in machine learning processes and has introduced fresh perspectives on the potential of AI, according to Predibase. Based on survey data from organizations experimenting with LLMs, researchers have found that enterprises are looking for ways to customize and deploy open-source LLMs without giving commercial vendors access to proprietary data, and they are exploring other use cases beyond generative AI … More →

The post Customizing LLMs for domain-specific tasks appeared first on Help Net Security.

Week in review: Security Onion 2.4 released, WinRAR vulnerable to RCE

Help Net Security — Sun, 27 Aug 2023 08:00:32 +0000

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Network detection and response in the modern era In this Help Net Security interview, David Gugelmann, CEO at Exeon, sheds light on the current cyber threats and their challenges for network security. He discusses the role of Network Detection and Response (NDR) solutions that leverage machine learning algorithms to improve threat detection and streamline incident response. Lazarus Group exploited ManageEngine … More →

The post Week in review: Security Onion 2.4 released, WinRAR vulnerable to RCE appeared first on Help Net Security.

ClearSale launches Client Portal to help customers view and manage fraud prevention data

Industry News — Fri, 25 Aug 2023 15:00:41 +0000

ClearSale has released its new Client Portal. Used by ClearSale customers to view and manage their fraud prevention data, orders, and chargebacks, the portal offers enhanced functionality and a streamlined interface. The ClearSale Client Portal offers the ability to see fraud detection and prevention information from a high level all the way down to individual transactions. Now, with the reimagined interface, customers will have a sleek and intuitive user experience and new features, making understanding … More →

The post ClearSale launches Client Portal to help customers view and manage fraud prevention data appeared first on Help Net Security.

Kyndryl and Cisco expand partnership to help customers respond to cyber incidents

Industry News — Fri, 25 Aug 2023 14:00:42 +0000

Kyndryl has expanded technology partnership with Cisco to deliver services focused on cyber resilience. Through this partnership, Kyndryl will utilize Cisco’s comprehensive portfolio of network software, hardware and equipment with Kyndryl’s cyber resilience framework to help customers proactively address and respond to cyber incidents. Cisco’s open platform (Cisco Security Cloud) will allow Kyndryl to integrate multi-vendor solutions and provide a more cohesive and integrated solution. Kyndryl Consult experts, along with managed services for cyber resilience, … More →

The post Kyndryl and Cisco expand partnership to help customers respond to cyber incidents appeared first on Help Net Security.