433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (813) 563-2652

Picus provides automated pentesting testing to help uncover critical risks

Picus Security announced new innovations to its Attack Path Validation (APV) product. The new Picus APV now offers security teams accurate, risk-free, and continuous automated penetration testing to uncover critical risks, while significantly reducing business disruptions and time spent on threat research. Combined with its Breach and Attack Simulation technology, Picus provides a comprehensive approach to Adversarial Exposure Validation for enterprise organizations. By pairing evasive automated penetration testing alongside attack path-mapping capabilities, Picus allows users … More → The post Picus provides automated pentesting testing to help uncover critical risks appeared first on Help Net Security.
http://news.poseidon-us.com/TGjxbX

Cato Networks extends SASE-based protection to IoT/OT environments

With the introduction of Cato IoT/OT Security, Cato Networks is enabling enterprises to simplify the management and security of Internet of Things (IoT) and operational technology (OT) devices. Cato IoT/OT Security converges device discovery and classification, policy enforcement, and threat prevention in a SASE platform. Cato IoT/OT Security is a native feature in the Cato SASE Cloud Platform, which allows enterprises to instantly activate the new solution with a click of a button. There is … More → The post Cato Networks extends SASE-based protection to IoT/OT environments appeared first on Help Net Security.
http://news.poseidon-us.com/TGjxYQ

Trellix Drive Encryption enhances security against insider attacks

Trellix announced Trellix Drive Encryption upgrades for on-premises and SaaS management. Customers benefit from the flexibility needed for encryption protection deployment to safeguard their data and devices from unauthorized access. “The majority of lost and stolen assets reported this past year resulted in a data disclosure, making it essential for organizations to have strong drive encryption implementation,” said Gareth Maclachlan, CPO, Trellix. “Trellix continuously innovates our encryption offerings to provide protection against data leaks and … More → The post Trellix Drive Encryption enhances security against insider attacks appeared first on Help Net Security.
http://news.poseidon-us.com/TGjsZW

CyTwist’s detection engine combats AI-generated malware

CyTwist launches its patented detection engine to combat the insidious rise of AI-generated malware. Enhancing an organization’s existing security stack, CyTwist’s solution profiles threat actors using field-proven counterintelligence methodologies and hyper-targeted probability algorithms, resulting in detection of a suspected attack within minutes. Validated by a red team live attack simulation with a prominent telecoms provider, mirrored on the September 2024 attack against French government agencies and private companies, CyTwist’s platform’s results are unambiguous – successfully … More → The post CyTwist’s detection engine combats AI-generated malware appeared first on Help Net Security.
http://news.poseidon-us.com/TGjsZB

Open source malware up 200% since 2023

Sonatype’s 2024 Open Source Malware Threat Report reveals that the number of malicious packages has surpassed 778,500 since tracking began in 2019. In 2024, researchers examined how threat actors leverage malicious open-source packages to target developers, particularly as enterprises increasingly adopt open-source tools to build custom AI models. Source: Sonatype Open source malware thrives in ecosystems with low entry barriers, no author verification, high usage, and diverse users. Platforms like npm and PyPI, which handle … More → The post Open source malware up 200% since 2023 appeared first on Help Net Security.
http://news.poseidon-us.com/TGjlRp

Why crisis simulations fail and how to fix them

In this Help Net Security interview, Allison Ritter, Head of Cyber Experiential Exercising at Cyberbit, shares her insights on the key differences between in-person and virtual cyber crisis simulations and what makes each approach effective. Ritter highlights the need for effective communication, clearly defined roles, and realistic scenarios to help teams perform under pressure. The post Why crisis simulations fail and how to fix them appeared first on Help Net Security.
http://news.poseidon-us.com/TGjlRN

Containers have 600+ vulnerabilities on average

Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are struggling to get container security right. Issues from misconfigured clouds, containers, and networks to uncertainty over who owns container security throughout the software’s lifecycle persist. And yet, according to a 2022 Anchore report, enterprises plan to expand container adoption over the next 24 months, with 88% planning to increase container use and 31% planning to … More → The post Containers have 600+ vulnerabilities on average appeared first on Help Net Security.
http://news.poseidon-us.com/TGjlQT

ISC Stormcast For Wednesday, December 11th, 2024 https://isc.sans.edu/podcastdetail/9250, (Wed, Dec 11th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/TGjgzZ

Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary], (Wed, Dec 11th)

[This is a Guest Diary by Jean-Luc Hurier, an ISC intern as part of the SANS.edu BACS program]
http://news.poseidon-us.com/TGjgyV

Patch Tuesday, December 2024 Edition

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common… Read More »
http://news.poseidon-us.com/TGjdL2