Blog

Review: Passwork 7.0, self-hosted password manager for business

Over the years, the number of services we use has exploded, and so has the need to protect our credentials. Back in what I like to call “the age of innocence,” we scribbled passwords on paper or reused “password123” across five different accounts. Let’s be honest: those days are over. Whether we like it or not, password managers have become essential to good cybersecurity hygiene and one of the first lines of defense against unauthorized … More → The post Review: Passwork 7.0, self-hosted password manager for business appeared first on Help Net Security.
http://news.poseidon-us.com/TLykmv

Socure Workforce Verification detects manipulated or fabricated identities

Socure launched Workforce Verification solution to address the growing threat of employee fraud. Socure’s Workforce Verification adapts its enterprise-grade identity verification and fraud prevention specific to hiring workflows, detecting manipulated or fabricated identities before they enter organizations and addressing workforce risk at its source: identity. “Identity fraud is no longer confined to the consumer realm, it’s infiltrating the workforce at an accelerating rate and has become a foundational risk to cybersecurity, compliance, and organizational trust … More → The post Socure Workforce Verification detects manipulated or fabricated identities appeared first on Help Net Security.
http://news.poseidon-us.com/TLydG4

Legit Security delivers automated security reviews for AppSec and development teams

Legit Security announced enhanced capabilities for significant code change and workflow orchestration within its platform. These capabilities provide insight into changes in code, configuration, or infrastructure that can impact an application’s security or compliance posture. With visibility into where everyday code changes are occurring and the appropriate workflows to resolve them, AppSec and development teams can overcome the challenges of disconnected tool sprawl, duplicate alerts, remediation without context, and hidden or unnoticed code. Detecting, documenting, … More → The post Legit Security delivers automated security reviews for AppSec and development teams appeared first on Help Net Security.
http://news.poseidon-us.com/TLydDF

Akeyless SecretlessAI protects machine-to-machine communication

Akeyless has launched Akeyless SecretlessAI, a solution purpose-built to secure AI agents and Model Context Protocol (MCP) servers. As enterprises accelerate AI adoption, these autonomous systems are increasingly entrusted with accessing sensitive data, APIs, and internal tools to fulfill their tasks. This shift demands a new security paradigm — one that protects machine-to-machine communication at scale, without compromising agility or trust. AI agents now operate in dynamic, distributed environments and frequently act on behalf of … More → The post Akeyless SecretlessAI protects machine-to-machine communication appeared first on Help Net Security.
http://news.poseidon-us.com/TLydBj

Hiding Payloads in Linux Extended File Attributes, (Thu, Jul 17th)

This week, it's SANSFIRE[1]! I'm attending the FOR577[2] training (“Linux Incident Response & Threat Hunting”). On day 2, we covered the different filesystems and how data is organized on disk. In the Linux ecosystem, most filesystems (ext3, ext4, xfs, …) support “extended file attributes”, also called “xattr”. It's a file system feature that enables users to add metadata to files. These data is not directly made available to the user and may contain anything related to the file (ex: the author's name, a brief description, …). You may roughly compare this feature to the Alternate Data Stream (ADS) available in the Windows NTFS filesystem.
http://news.poseidon-us.com/TLyd0B

What a mature OT security program looks like in practice

In this Help Net Security interview, Cindy Segond von Banchet CC, Cybersecurity Lead at Yokogawa Europe, shares her insights on what defines a sustainable OT security program. She outlines the key differences between short-term fixes and long-term resilience, and discusses how organizations can embed OT security within broader risk frameworks. From addressing legacy system vulnerabilities to integrating OT into existing SOC operations, she covers topics such as visibility, training, and alignment with global standards like … More → The post What a mature OT security program looks like in practice appeared first on Help Net Security.
http://news.poseidon-us.com/TLyZ5g

Why silent authentication is the smarter way to secure BYOD

In this Help Net Security video, Andy Ulrich, CISO at Vonage, explains how silent authentication offers a smarter, seamless solution to the security and productivity challenges of BYOD. He breaks down how it works, why it matters, and how businesses can boost both user experience and compliance without compromising protection. Read more: Aegis Authenticator: Free, open-source 2FA app for Android Why should companies or organizations convert to FIDO security keys? Product showcase: Secure digital and … More → The post Why silent authentication is the smarter way to secure BYOD appeared first on Help Net Security.
http://news.poseidon-us.com/TLyVD3

What Fortune 100s are getting wrong about cybersecurity hiring

Many companies say they can’t find enough cybersecurity professionals. But a new report suggests the real problem isn’t a lack of talent, but how those jobs are structured and advertised. Expel’s 2025 Enterprise Cybersecurity Talent Index looked at more than 5,000 cybersecurity-related job postings from Fortune 100 companies. The findings point to hiring practices that may be turning qualified candidates away, not drawing them in. “We often hear about the cybersecurity talent or skills gap … More → The post What Fortune 100s are getting wrong about cybersecurity hiring appeared first on Help Net Security.
http://news.poseidon-us.com/TLyVCz

Tired of gaps in your security? These open-source tools can help

When it comes to spotting threats, security teams need tools that can pull data from all over and make it easier to analyze. In this article, we’ll take a look at some popular open-source tools that help with everything from log management to network and host monitoring, and even incident response. These tools give teams the visibility they need to catch threats early and act fast. Cortex Cortex is developed by TheHive Project to help … More → The post Tired of gaps in your security? These open-source tools can help appeared first on Help Net Security.
http://news.poseidon-us.com/TLyVB8

TAFE NSW charts $22m ERP upgrade

Comes as SAP ECC 6.0 platform approaches end of life.
http://news.poseidon-us.com/TLyS3m