433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Why Phishers Love New TLDs Like .shop, .top and .xyz

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.
http://news.poseidon-us.com/TGYffD

Sweet Security helps organizations protect their cloud environments

Sweet Security introduces unified Cloud Native Detection and Response platform, designed to transform the way organizations protect their cloud environments in real time. Sweet’s platform integrates the capabilities of Application Detection and Response (ADR), Cloud Detection and Response (CDR), and Cloud Workload Protection Platform (CWPP) into one comprehensive solution. This approach delivers detection and response capabilities, unifying insights from every layer of the cloud stack. “The Sweet team has worked tirelessly to build a platform … More → The post Sweet Security helps organizations protect their cloud environments appeared first on Help Net Security.
http://news.poseidon-us.com/TGYfSj

Phishers send corrupted documents to bypass email security

Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last week about email campaigns luring users with promises of payments, benefits and end-of-the-year bonuses. Recipients are instructed to dowload the attached document – an archive file (ZIP) or an MS Office file (e.g., DOCX) – and open it, but the file is corrupted. The recipients are then prompted … More → The post Phishers send corrupted documents to bypass email security appeared first on Help Net Security.
http://news.poseidon-us.com/TGYfPm

Push Security introduces verified stolen credentials detection capability

Push Security unveiled verified stolen credentials detection capability, a new feature designed to reshape how security teams combat identity threats. By analyzing threat intelligence (TI) on stolen credentials and comparing it against active credentials in customer environments, the Push platform eliminates false positives, delivering only actionable alerts to help organizations protect compromised workforce identities. This paradigm shift promises to drastically reduce the noise security teams face, empowering them to act swiftly on verified threats without … More → The post Push Security introduces verified stolen credentials detection capability appeared first on Help Net Security.
http://news.poseidon-us.com/TGYfJw

Skills-based hiring is helping tech companies dig out of a talent shortage, report finds

Most IT companies have tackled skills-based hiring by gauging existing abilities, according to IT staffing firm Motion Recruitment.
http://news.poseidon-us.com/TGYXTr

US government, energy sector contractor hit by ransomware

ENGlobal, a Texas-based engineering and automation contractor for companies in the energy sector, has had its data encrypted by attackers. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. The preliminary investigation has revealed that a threat actor illegally accessed the Company’s information technology (“IT”) system and encrypted some of its data files,” the company shared in an 8-K filed on Monday with the US Securities and Exchange Commission. The … More → The post US government, energy sector contractor hit by ransomware appeared first on Help Net Security.
http://news.poseidon-us.com/TGYRx5

Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams

Nextcloud has unveiled Nextcloud Talk, an open-source alternative to Microsoft Teams. It’s a privacy-compliant collaboration platform for hybrid teams that gives companies complete control over their data. Nextcloud Talk collaboration software delivers highly secure, GDPR-compliant communication while providing all the essential features modern teams require, from chat and video conferencing to webinars. Its open architecture enables integration with existing systems and allows for the customization of solutions tailored to specific needs. Nextcloud Talk highlights High-security … More → The post Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams appeared first on Help Net Security.
http://news.poseidon-us.com/TGYNKz

Thales Data Risk Intelligence identifies risks to sensitive data

Thales launched Data Risk Intelligence, an Imperva Data Security Fabric (DSF) solution that proactively addresses the risks to data wherever it resides. This is the first solution uniting the risk and threat identification capabilities of the Imperva Data Security Fabric with the data protection capabilities of the Thales CipherTrust Data Security Platform, following Thales’s strategic acquisition of Imperva in December 2023. With data and operations spread across cloud, on-premises and hybrid systems, security teams require … More → The post Thales Data Risk Intelligence identifies risks to sensitive data appeared first on Help Net Security.
http://news.poseidon-us.com/TGYNJ7

Extracting Files Embedded Inside Word Documents, (Tue, Dec 3rd)

I found a sample that is a Word document with an embedded executable. I'll explain how to extract the embedded executable with my tools.
http://news.poseidon-us.com/TGYHhl

Treat AI like a human: Redefining cybersecurity

In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professionals use AI tools. He discusses how this shift encourages a more collaborative approach while acknowledging AI’s limitations. Kersten also discusses the need for strong oversight and accountability to ensure AI aligns with business goals and remains secure. Treating AI like a human can accelerate its development. Could you elaborate on how … More → The post Treat AI like a human: Redefining cybersecurity appeared first on Help Net Security.
http://news.poseidon-us.com/TGY8DP