433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (813) 563-2652

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)

Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for enterprises. CVE-2024-8785 and the PoC exploit CVE-2024-8785 stems from the incorrect use of a privileged application programming interface (API) that may allow attackers to overwrite the Windows Registry. The API endpoint in question – NmAPI.exe – can be exploited by unauthenticated, remote attackers to change an existing registry value or … More → The post PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) appeared first on Help Net Security.
http://news.poseidon-us.com/TGZsJc

FortiAppSec Cloud simplifies web application security management

Fortinet announced FortiAppSec Cloud, a new cloud-delivered platform that integrates key web application security and performance management tools into a single offering. The platform streamlines web and API security, advanced bot defense, and global server load balancing, among other capabilities, so customers can confidently secure and manage their hybrid and multi-cloud environments. “Web applications are foundational to the success of modern enterprises, but they are extremely challenging to secure, leaving businesses with a substantial attack … More → The post FortiAppSec Cloud simplifies web application security management appeared first on Help Net Security.
http://news.poseidon-us.com/TGZjvJ

AttackIQ Flex 3.0 empowers security teams to take control of their detection strategies

AttackIQ announced AttackIQ Flex 3.0, agentless security control validation that integrates natively with Splunk to deliver a fully seamless user experience. A growing need for efficient and accurate threat detection As cyber threats grow more sophisticated, organizations are struggling to detect and mitigate breaches. In 2024, it takes organizations on average about 10 days to detect an attacker, while it only takes an adversary mere hours to accomplish their objective. Meanwhile, most organizations’ threat detection … More → The post AttackIQ Flex 3.0 empowers security teams to take control of their detection strategies appeared first on Help Net Security.
http://news.poseidon-us.com/TGZjvG

Veeam Data Platform v12.3 encompasses three key objectives for enterprises

Veeam Software released Veeam Data Platform v12.3. This release encompasses three key objectives for enterprises: protecting identity and access management with support for backing up Microsoft Entra ID, powering proactive threat analysis with Recon Scanner and Veeam Threat Hunter, and utilizing Generative AI to deliver more intelligent protection of enterprise data with advanced reporting powered by Veeam Intelligence. In addition, Veeam Data Platform v12.3 expands data portability by offering complete Nutanix AHV protection with application-aware … More → The post Veeam Data Platform v12.3 encompasses three key objectives for enterprises appeared first on Help Net Security.
http://news.poseidon-us.com/TGZjtD

Elastic expands cloud detection and response capabilities from a single SIEM

Elastic announced Elastic Security now offers expanded cloud detection and response (CDR) capabilities from a single SIEM to reduce tool fragmentation and streamline cloud security. The additional features include agentless ingestion, cloud asset inventory, extended protections, and graph view that enables out-of-the-box correlation and context enrichment using customers’ existing data. Legacy security solutions have complex workflows and lack cloud-specific context, making them inadequate for the scale and complexity of cloud environments. Using standalone CDR tools … More → The post Elastic expands cloud detection and response capabilities from a single SIEM appeared first on Help Net Security.
http://news.poseidon-us.com/TGZfJJ

Veza Access Requests reduces the risk of identity-based threats

Veza announced Veza Access Requests product, enabling organizations to reduce the risk of identity-based threats with automated access policy intelligence for application access. Veza Access Requests ensures that users requesting access are automatically provisioned according to the principle of least privilege from day one. For the first-time ever, access requests are now built on the power of permissions – the purest form of access – to help organizations truly embrace identity transformation towards the principle … More → The post Veza Access Requests reduces the risk of identity-based threats appeared first on Help Net Security.
http://news.poseidon-us.com/TGZfJH

42Gears SureAccess secures organizations from unauthorized access

42Gears launched SureAccess, a Zero Trust Network Access (ZTNA) solution. This solution reinforces the company’s commitment to enterprise security by ensuring that only authenticated users and verified devices can access corporate resources from anywhere, anytime. “SureAccess represents our response to evolving security challenges, offering organizations a robust solution that verifies every access attempt, regardless of location or device,” said Onkar Singh, CEO of 42Gears. SureAccess (42Gears’ ZTNA solution) is designed to protect organizations from unauthorized access, data breaches, … More → The post 42Gears SureAccess secures organizations from unauthorized access appeared first on Help Net Security.
http://news.poseidon-us.com/TGZfHn

SafeLine: Open-source web application firewall (WAF)

SafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks. “SafeLine WAF was created to protect web applications for small and medium-sized enterprises from cyber threats by monitoring and filtering HTTP/HTTPS traffic. More importantly, with the widespread use of Gen AI, automated website traffic has become increasingly overwhelming, negatively impacting the normal user experience and business operations. Therefore, we aim to create a WAF with robust anti-bot and anti-HTTP … More → The post SafeLine: Open-source web application firewall (WAF) appeared first on Help Net Security.
http://news.poseidon-us.com/TGZWHh

Securing AI’s new frontier: Visibility, governance, and mitigating compliance risks

In this Help Net Security interview, Niv Braun, CEO at Noma Security, discusses the difficulties security teams face due to the fragmented nature of AI processes, tools, and teams across the data and AI lifecycle. Braun also shares insights on how organizations can address these challenges and improve their AI security posture. How is the growing AI model sprawl impacting governance, and what strategies are being implemented to mitigate compliance risks? The new focus on … More → The post Securing AI’s new frontier: Visibility, governance, and mitigating compliance risks appeared first on Help Net Security.
http://news.poseidon-us.com/TGZWGX