433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (813) 563-2652

Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287)

Oracle has released a security patch for CVE-2024-21287, a remotely exploitable vulnerability in the Oracle Agile PLM Framework that is, according to Tenable researchers, being actively exploited by attackers. About CVE-2024-21287 Oracle Agile PLM Framework is an enterprise product lifecycle management solution that enables collaboration between the various teams involved. CVE-2024-21287 affects version 9.3.6 of the Agile PLM Framework – more specifically, the Agile Software Development Kit and the Process Extension components. “This vulnerability is … More → The post Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287) appeared first on Help Net Security.
http://news.poseidon-us.com/TGGDpZ

Phobos ransomware administrator faces US cybercrime charges

The Justice Department unsealed criminal charges against Evgenii Ptitsyn, 42, a Russian national, for allegedly administering the sale, distribution, and operation of Phobos ransomware. Ptitsyn made his initial appearance in the US District Court for the District of Maryland on Nov. 4 after being extradited from South Korea. Phobos ransomware, through its affiliates, victimized more than 1,000 public and private entities in the United States and around the world, and extorted ransom payments worth more … More → The post Phobos ransomware administrator faces US cybercrime charges appeared first on Help Net Security.
http://news.poseidon-us.com/TGGDpT

Aon Cyber Risk Analyzer empowers organizations to evaluate cyber risk

Aon launched its Cyber Risk Analyzer, a digital application that allows risk managers to make data-driven, technology-enabled decisions to mitigate cyber risk. The tool is the latest in a series of new offerings, which brings together Aon’s data, tools and analytics professionals to support clients through an evolving risk landscape across sectors. “As cyber threats continue to grow in frequency, sophistication and severity, organizations face an array of complex risks—from ransomware and business interruption to … More → The post Aon Cyber Risk Analyzer empowers organizations to evaluate cyber risk appeared first on Help Net Security.
http://news.poseidon-us.com/TGGDmF

AlmaLinux 9.5 released: Security updates, new packages, and more!

AlmaLinux is a free, open-source, enterprise-grade Linux distribution. Governed and owned by the community, it offers a production-ready platform with binary compatibility to Red Hat Enterprise Linux. AlmaLinux 9.5, codenamed Teal Serval, is now available. Security updates: The OpenSSL TLS toolkit is upgraded to version 3.2.2. OpenSSL now supports certificate compression extension (RFC 8879) and Brainpool curves have been added to the TLS 1.3 protocol (RFC 8734). The SELinux policy now provides a boolean that … More → The post AlmaLinux 9.5 released: Security updates, new packages, and more! appeared first on Help Net Security.
http://news.poseidon-us.com/TGGDlS

Belden announces products designed to enhance data security

Belden announces new network and data infrastructure products designed for secure, high-quality performance in critical applications. Data orchestration & management Hirschmann EAGLE40-6M Train Firewalls meet the demands of railway rolling stock with industrial firewall capabilities and multiple industry-relevant certifications. Their robust design allows them to withstand moving trains while providing maximum data security by performing deep packet inspection of onboard rolling stock communication protocols. Hirschmann OpEdge-4D Industrial Edge Gateways feature hazardous location approvals and run … More → The post Belden announces products designed to enhance data security appeared first on Help Net Security.
http://news.poseidon-us.com/TGG80H

Detecting the Presence of a Debugger in Linux, (Tue, Nov 19th)

Hello from Singapore where I'm with Johannes and Yee! This week, I'm teaching FOR710[1]. I spotted another Python script that looked interesting because, amongst the classic detection of virtualized environments, it also tries to detect the presence of a debugger. The script has been developed to target both environments: Windows & Linux.
http://news.poseidon-us.com/TGG2n3

Dev + Sec: A collaborative approach to cybersecurity

The age-old tension between development and security teams has long been a source of friction in organizations. Developers prioritize speed and efficiency, aiming to deliver features and products quickly with a fast-paced, iterative development cycle and move on efficiently. On the other hand, security teams strive to balance risk and innovation but must focus on protecting sensitive data and systems with guardrails and ensuring compliance with stringent regulations. These contrasting priorities and communication gaps lead … More → The post Dev + Sec: A collaborative approach to cybersecurity appeared first on Help Net Security.
http://news.poseidon-us.com/TGG1pt

Why AI alone can’t protect you from sophisticated email threats

In this Help Net Security interview, Riaz Lakhani, CISO at Barracuda Networks, discusses the effectiveness of AI-based behavioural analysis in combating sophisticated email threats like BEC and VEC. Lakhani also explains how AI tools help detect malicious email activity and address the limitations of traditional security measures. How effective is AI based behavioural analysis in combating sophisticated email threats like BEC and supply chain VEC, and what are its limitations? Attackers can leverage generative AI … More → The post Why AI alone can’t protect you from sophisticated email threats appeared first on Help Net Security.
http://news.poseidon-us.com/TGG0cR

Open-source and free Android password managers that prioritize your privacy

We’re often told to use strong, unique passwords, especially for important accounts like email, banking, and social media. However, managing different passwords for numerous accounts can be challenging. Password managers simplify this by securely storing all your passwords so you don’t have to remember them. In this article, you’ll find a list of free, open-source password managers for Android devices worth checking out. KeyGo KeyGo is a secure, open-source password manager for Android that encrypts … More → The post Open-source and free Android password managers that prioritize your privacy appeared first on Help Net Security.
http://news.poseidon-us.com/TGG0c9

Google report shows CISOs must embrace change to stay secure

Google’s latest report, conducted in partnership with Hypothesis Group, reveals a stark reality for organizations: incremental security measures are no longer sufficient. The study, involving over 2,000 decision-makers across the US, UK, India, and Brazil, paints a picture of escalating risks, outdated strategies, and a pressing need for transformative change. The status quo is unsustainable Despite high confidence among security leaders (96% feel capable of managing their environments), a gap exists between perception and reality. … More → The post Google report shows CISOs must embrace change to stay secure appeared first on Help Net Security.
http://news.poseidon-us.com/TGG0bZ