Category: Help Net Security

Kyndryl introduced a managed Secure Access Service Edge (SASE) solution powered by Fortinet, which aims to help customers enable advanced network security initiatives. The solution combines Fortinet’s cloud-delivered security and secure networking solutions with Kyndryl’s network and security services to…

Read more →

ThreatBlockr and GreyNoise announced a partnership that will enhance the ThreatBlockr platform. By leveraging GreyNoise data, ThreatBlockr customers now have automatic access to this enhanced cyber intelligence and the largest cyber intelligence data set that protects against false positives. “False…

Read more →

DigiCert announced a partnership to provide DigiCert ONE, the platform for digital trust, on Oracle Cloud Infrastructure (OCI). Customers will benefit from DigiCert ONE’s fast time to value combined with OCI’s high-performance and security-first architecture for single and multi-cloud deployments.…

Read more →

Waterfall Security Solutions and Atlantic Data Security announced a partnership to protect data centers, building automation systems and critical infrastructure facilities. With attacks on OT networks becoming more powerful and pervasive, this new partnership provides owners and operators with solutions…

Read more →

SafePaaS announces its Unified Privileged Access Management (UPAM) solution to protect the digital enterprise without the complexity of traditional PAM solutions that fail to meet the evolving needs of today’s dynamic, complex organizations. SafePaaS’ UPAM offering enables in-depth cyber mechanisms…

Read more →

Webb Protocol raised $7 million in a seed funding round co-led by Polychain and Lemniscap, with participation from Zeeprime, CMS Holdings among others. The funding will go towards growing Webb’s staff base, accelerating the development of innovative privacy tools and…

Read more →

Microsoft has enabled number matching for Microsoft Authenticator push notifications to improve user sign-in security. Authenticator MFA number matching in action (Source: Microsoft) “If the user has a different default authentication method, there’s no change to their default sign-in. If…

Read more →

OpenVPN has introduced Device Identity Verification & Enforcement (DIVE) to their cloud-based solution, CloudConnexa (previously known as OpenVPN Cloud). This powerful new feature will take your ZTNA structure to the next level. With the rapid growth of remote and hybrid…

Read more →

With increased data breaches, errors, ransomware and hacks, digital trust can be the difference between retaining reputations and customer loyalty after a major incident and suffering serious, time-consuming, and expensive losses, according to ISACA. From digital trust to business success…

Read more →

DEF CON’s AI Village will host the first public assessment of large language models (LLMs) at the 31st edition of the hacker convention this August, aimed at finding bugs in and uncovering the potential for misuse of AI models. The…

Read more →

API sprawl is a prevalent issue in modern enterprises, as APIs are being developed and deployed at an unprecedented rate. As highlighted by Postman’s 2022 State of the API Report, “89% of respondents said organizations’ investment of time and resources…

Read more →

In this Help Net Security video, Devon Kerr, Team Lead, Elastic Security Labs, talks about the 2023 Global Threat Report Spring edition. Key takeaways In this report, the Elastic Security team highlights how they’ve noticed a slight increase in Linux…

Read more →

Organizations need to be able to match the ingenuity and resources of cybercriminals to better defend themselves against the increasing number of threats and attacks that could paralyze their business. Unfortunately, some laws restrict genuine security research. As we await…

Read more →

Cloudflare has partnered with Kyndryl to help enterprises modernize and scale their corporate networks with managed WAN-as-a-Service and Cloudflare zero trust. The partnership couples Kyndryl’s expert managed end-to-end networking services with Cloudflare’s robust technology platform to enable enterprises to streamline…

Read more →

Privoro announced a new partnership with Samsung to provide a security capability for mobile devices. The new capability provides a critical shield against the invisible threat posed by modern cyberweapons via high-assurance control over the radios, sensors and other peripherals…

Read more →

Waratek introduced API security to its Java Security Platform, giving customers the ability to scale strategic risk mitigation in the enterprise. This unique combination provides turnkey protection against bytecode and serialization vulnerabilities, classpath manipulation, and sandbox escapes that are unique…

Read more →

The cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company’s private code signing keys on their dark web site. The breach MSI (Micro-Star International) is a corporation that develops and sells computers (laptops, desktops, all-in-one PCs,…

Read more →

The Western Digital online store is offline as a result of the “network security incident” it suffered in March 2023. Users have been notified On May 5, 2023, the company emailed its customers to say that an unauthorized party obtained…

Read more →

AI technology is fueling a rise in online voice scams, with just three seconds of audio required to clone a person’s voice, according to McAfee. McAfee surveyed 7,054 people from seven countries and found that a quarter of adults had…

Read more →

The rise of AI-generated identity fraud like deepfakes is alarming, with 37% of organizations experiencing voice fraud and 29% falling victim to deepfake videos, according to a survey by Regula. In this Help Net Security video, Henry Patishman, Executive VP…

Read more →

A key term when discussing encryption these days is end-to-end (E2E) encryption. The idea with E2E encryption is that data is kept confidential between the encryptor and the intended receiver. This might seem an obvious requirement, but not all so-called…

Read more →

Paul Cha is a cyber and product security leader, serving as the VP of Cybersecurity at LG Electronics Vehicle component Solutions. Paul held critical positions at Synopsis, Ford Motor Company, and Samsung before joining LG. He found his way to…

Read more →

Businesses worldwide are eagerly embracing the potential for AI to provide personalized customer experiences, but customers remain cynical, according to Twilio. This year’s report underscores the value of an AI-driven personalization strategy for brands looking to both retain existing customers…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Former Uber CSO avoids prison for concealing data breach Joe Sullivan, the former Uber CSO who has been convicted last year for attempting to cover…

Read more →

CACI announced a strategic partnership to provide the DarkPursuit capability within the Torchlight Catalyst platform. This partnership will provide Torchlight customers, mainly Special Operations Forces (SOF), with safe and secure access to browse the open, deep, and dark web. “We…

Read more →

Mirantis announced the latest update of open source k0s, which adds compatibility with the latest release of Kubernetes 1.27, as well as improvements and bug fixes to k0s. The latest update of Mirantis k0s makes improvements that simplify installation and…

Read more →

AutoCrypt KEY enables OEMs and suppliers to manage all types of cryptographic keys used for the components of connected and electric vehicles. Modern vehicles function through communications, including internal communications between ECUs and application processors, and external connections with nearby…

Read more →

Joe Sullivan, the former Uber CSO who has been convicted last year for attempting to cover up a data breach Uber suffered in 2016 and kept it hidden from the Federal Trade Commission (FTC), has been sentenced to three years…

Read more →

Edgecore Networks has partnered with Wedge Networks to offer a next-generation network security solution to its customers. Wedge Networks’ Wedge Cloud Network Defense (WedgeCND), a cloud-managed security service designed to provide comprehensive security protection, is now available as an add-on…

Read more →

Cisco has revealed the existence of a critical vulnerability (CVE-2023-20126) in the web-based management interface of Cisco SPA112 2-Port Phone Adapters. The adapters are widely used to integrate analog phones into VoIP networks without the need for an upgrade. About…

Read more →

OneTrust announces AI-driven document classification to help organizations more accurately and completely identify and classify unstructured data and automatically apply governance and protection policies. “An organization’s data is what fuels innovation and gives them a competitive edge,” said Blake Brannon,…

Read more →

Edgecore Networks has partnered with Wedge Networks to offer a next-generation network security solution to its customers. Wedge Networks’ Wedge Cloud Network Defense (WedgeCND), a cloud-managed security service designed to provide comprehensive security protection, is now available as an add-on…

Read more →

The April Patch Tuesday releases were unusual because we saw a whopping 62 vulnerabilities addressed in the Microsoft Server 2012 KBs. Granted there was a lot of overlap with the CVEs addressed in Windows 10 and 11, but compared to…

Read more →

Satori released Universal Data Permissions Scanner, a free, open-source tool that enables companies to understand which employees have access to what data, reducing the risks associated with overprivileged or unauthorized users and streamlining compliance reporting. Who has access to what…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Dashlane, Immersive Labs, Intruder, Private AI, Vanta, and Veza. Immersive Labs Resilience Score strengthens executive decision making in cyber crises Immersive Labs Resilience Score helps…

Read more →

In the first quarter of 2023 there was a significant increase in cyberattacks exploiting trust in established tech brands Microsoft and Adobe, according to Avast. The Avast report also found a 40% rise in the share of phishing and smishing…

Read more →

Cyber-risk levels have improved from “elevated” to “moderate” for the first time, but insiders represent a persistent threat for global organizations, according to Trend Micro. Jon Clay, VP of threat intelligence at Trend Micro: “For the first time since we’ve…

Read more →

AppOmni announced free Salesforce Community Cloud Scanner to help organizations secure their Salesforce Community websites from data exposure risks and misconfigurations. Salesforce data leaks recently identified by Krebs on Security have resulted in exposure of numerous Salesforce Community Cloud customers’…

Read more →

The City of Dallas, Texas, has suffered a ransomware attack that resulted in disruption of several of its services. What do we know so far? “Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a…

Read more →

Airgap Networks announced that it is bringing the power of AI to its Zero Trust Firewall with ThreatGPT. Built on an advanced AI/ML model designed to protect enterprises from evolving cyber threats, ThreatGPT delivers a new level of insight and…

Read more →

HUB Security entered into an agreement for up to $16 million in gross proceeds from Lind Global Asset Management VI LLC, an investment entity managed by The Lind Partners, a New York based institutional fund manager (together, “Lind”). This investment…

Read more →

Criminal IP, an OSINT-based search engine provided by AI Spera, launched a new WordPress plugin called Anti-Brute Force, Login Fraud Detector, also known as Criminal IP FDS (Fraud Detection System). This latest development promises to revolutionize the digital security landscape…

Read more →

Arthur introduced a powerful addition to its suite of AI monitoring tools: Arthur Shield, a firewall for large language models (LLMs). This patented new technology enables companies to deploy LLM applications like ChatGPT more safely within an organization, helping to…

Read more →

Intruder has launched its continuous attack surface monitoring capabilities. The company’s new premium plan offering takes vulnerability management to the next level with continuous coverage, increasing visibility and transparency of external attack surfaces. On average, 65 new vulnerabilities are discovered…

Read more →

Protecto announced it has been able to boost the performance of its privacy models on NVIDIA GPUs, allowing the discovery of privacy issues up to 10x faster than before. With the help of powerful NVIDIA GPU technology, Protecto has delivered…

Read more →

Employing proprietary architecture, the Aegis NVX is the first Apricorn encrypted device to feature an NVME SSD inside, to address the immediate protection of raw data delivered directly from its source at high speeds. Initial capacity offerings will be 500GB,…

Read more →

“Since the beginning of 2023 until the end of April, out of 13,296 new domains created related to ChatGPT or OpenAI, 1 out of every 25 new domains were either malicious or potentially malicious,” Check Point researchers have shared on…

Read more →

BSidesLjubljana 0x7E7, a non-profit conference organized by the information security community, will take place on June 16, 2023, at the C111 Computer Museum. The deadline for the call for papers (CFP), initially set for April 30, has been extended for…

Read more →

The success of ChatGPT, a text-generation chatbot, has sparked widespread interest in generative AI among millions of people worldwide. According to Jumio’s research, 67% of consumers globally are aware of generative AI technologies, and in certain markets, such as Singapore,…

Read more →

Ensuring the security of the open-source software that modern organizations depend on is a crucial responsibility of the open source maintainers, especially as attacks on the software supply chain are increasingly common, according to Tidelift. Open source software security In…

Read more →

75% of organizations typically change or update their APIs on a daily or weekly basis, creating a significant challenge for protecting the changing API attack surface, according to Data Theorem and ESG. Insecure APIs plague organizations In a related finding,…

Read more →

Amazon Inspector is designed to manage vulnerabilities by continuously scanning your AWS workloads for software vulnerabilities and unintended network exposure across your entire organization. Upon activation, Amazon Inspector automatically detects all your Amazon Elastic Compute Cloud (EC2) instances, container images…

Read more →

Avetta has released the Cyber Risk Solution, providing a quantitative score that evaluates cyber health in 10 areas and delivers an aggregate grade for each supplier. The Avetta One feature offers a diagnostic cyber health check that identifies potential risk…

Read more →

Keysight Technologies has launched a new cybersecurity partnership program for managed security service providers (MSSP) to improve the security posture of organizations using the breach and attack simulation (BAS) capabilities of Keysight Threat Simulator. Cyberattacks are on the rise and…

Read more →

Dashlane introduced Passwordless Login, a technology that eliminates the need to create a master password to access Dashlane. The company was the first password manager to offer an extension that supports passkeys and this is the next step in that…

Read more →

Five years ago, security researcher Fernandez Ezequiel discovered a vulnerability (CVE-2018-9995) in many digital video recorder (DVR) brands and released a tool for exploiting it. The vulnerability is still being exploited in the wild, FortiGuard Labs warns: the company’s intrusion…

Read more →

ManageEngine announced that its identity security solution, ADSelfService Plus, now offers offline MFA for Windows. This new feature allows organizations to secure their data with next-gen authentication methods that prevent unsecured access to remote machines even when they are disconnected…

Read more →

Vanta launched Vendor Risk Management (VRM) solution, enabling organizations to accelerate, automate and simplify third-party vendor security reviews and due diligence. Featuring vendor auto-discovery and continuous vendor assessment and remediation workflows, Vanta’s VRM offering significantly reduces the time and costs…

Read more →

Users can now create passkeys for their Google account, the company has announced on Wednesday. Passkeys will enable users to sign in to their Google account on all major platforms and browsers with their fingerprint, face recognition, or a local…

Read more →

Location-tracking devices help users find personal items like their keys, purse, luggage, and more through crowdsourced finding networks. However, they can also be misused for unwanted tracking of individuals. Apple and Google jointly submitted a proposed industry specification to help…

Read more →

Immersive Labs announced the launch of the Immersive Labs Resilience Score. The score measures an organization’s workforce preparedness for cyber attacks and breaches based on Immersive Labs’ years of benchmarking data across industry verticals. The score will help organizations identify…

Read more →

T-Mobile has revealed a second data breach that occurred in 2023, which reportedly exposed customer data and account PINs, leaving many T-Mobile users vulnerable to potential fraud and identity theft. What happened? The attack started on February 24 and lasted…

Read more →

In September 2023, Google Chrome will stop showing the lock icon when a site loads over HTTPS, partly due to the now ubiquitous use of the protocol. The misunderstood Lock icon It took many years, but the unceasing push by…

Read more →

Attackers are finding new ways to evade detection and blend in with normal network traffic using HTTP and HTTPS to deliver malware, according to Netskope. On average, five out of every 1,000 enterprise users attempted to download malware in Q1…

Read more →

Development teams utilize automation through Infrastructure as Code (IaC) to facilitate rapid and frequent changes to their cloud-native architectures. Security teams must adopt automation and incorporate security measures into code to keep up with the quickly evolving software development. Now,…

Read more →

As outside economic pressures continue to shape how organizations think and allocate resources, data security continues to be a high priority. Due to their dependence on data to innovate and reduce expenses, many businesses are significantly more exposed to the…

Read more →

Veza has unveiled Veza for SaaS Apps, a solution to deliver access security and governance across SaaS applications, including Salesforce, JIRA, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. The solution allows customers to automate access reviews, find and fix privilege…

Read more →

KnectIQ has introduced SelectiveTRUST, the zero trust-based platform that prevents credential misuse to mount initial intrusions and credential-based privilege escalation by bad actors. Additionally, the security architecture and flexibility of SelectiveTRUST: Assures Trusted Connectivity, secure communication, and data sharing, at…

Read more →

Hopefully, you’ve been working with the Center for Internet Security (CIS) on securing your cloud infrastructure for a while now. Initially, you might have used our CIS Benchmarks and other free resources to manually configure your operating systems in the…

Read more →

Box unveiled Box AI, a new suite of capabilities that will natively integrate advanced AI models into the Box Content Cloud, bringing Box’s enterprise-grade standards for security, compliance, and privacy to this breakthrough technology. Box AI will make it easier…

Read more →

CYTRIO has introduced a data privacy UX platform that includes consent and preference management, do not sell my information, Data Subject Access Request (DSAR) management, and policy templates in one data privacy compliance platform. Businesses of all sizes can now…

Read more →

Trellix expanded support for Amazon Security Lake from AWS, designed to automatically centralize security data from cloud, on-premises, and custom sources into a purpose-built data lake. This offering is designed to enable simpler and faster delivery of Trellix XDR solutions…

Read more →

Spin.AI has partnered with Google to integrate its new Chrome Extension Risk Assessment in Chrome Browser Cloud Management. This free tool gives administrators increased visibility into browser extensions detected across the Chrome ecosystem and allows SecOps teams to better assess…

Read more →

Conceal announced partnership with Moruga to help organizations of all sizes monitor and detect malicious activity at the edge. Moruga’s proprietary Cybhermetics security platform aggregates industry-leading cybersecurity companies to create the Zero Day Protection Suite. This cybersecurity bundle combines a…

Read more →

Appdome has released a pre-built integration between its platform and GitLab that is part of Appdome’s Dev2Cyber Partner initiative to accelerate delivery of secure mobile apps globally. “This new integration allows mobile brands to use GitLab to build any of…

Read more →

A recently patched vulnerability (CVE-2023-21932) in Oracle Opera, a property management system widely used in large hotel and resort chains, is more critical than Oracle says it is and could be easily exploited by unauthenticated remote attackers to access sensitive…

Read more →

There has been a noted increase in malvertising via Google Ads this year, aimed at tricking users into downloading malware; among these malicious payloads is LOBSHOT, an infostealer that can also establish and keep long-term remote control of target computers…

Read more →

The security updating of iPhones, iPads and Macs has entered a new stage: Apple has, for the first time, released a Rapid Security Response to owners of the devices running the latest versions of its operating systems. Apple Rapid Security…

Read more →

Researchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that’s capable of copying saved credentials from the Google Chrome login data folder. ChatGPT has not released an official desktop client, but this bogus version looks remarkably similar…

Read more →

Private AI launched PrivateGPT, a new product that helps companies safely leverage OpenAI’s chatbot without compromising customer or employee privacy. “Generative AI will only have a space within our organizations and societies if the right tools exist to make it…

Read more →

Onfido announced that its Real Identity Platform services are now available for Salesforce Financial Services Cloud customers. Financial Services Cloud customers now have access to a suite of Onfido’s services, including Onfido’s library of global identity verification tools, Studio, Onfido’s…

Read more →

Security analysts face the demanding task of investigating and resolving increasing volumes of alerts daily, while adapting to an ever-changing threat landscape and keeping up with new technology. To complicate matters further, the cybersecurity workforce gap – which increased by…

Read more →

Organizations have strengthened security measures and become more resilient, but threat actors are still finding ways through, according to BakerHostetler. “We launched the Data Security Incident Response Report nine years ago because we recognized that organizations were making data-driven decisions…

Read more →

Insider attacks such as fraud, sabotage, and data theft plague 71% of U.S. businesses, according to Capterra. These schemes can cost companies hundreds of thousands of dollars and the vast majority of businesses (79%) say they take longer to uncover…

Read more →

In this Help Net Security interview, Filipe Beato, Lead, Centre for Cybersecurity, World Economic Forum, shares his expertise on the correlation between the digitization of the manufacturing sector and the rise in cyberattacks. He delves into the far-reaching impact of…

Read more →

Excessive privileges are a continuing headache for security professionals. As more organizations migrate assets to the cloud, users with excessive permissions can expand the blast radius of an attack, leaving organizations open to all sorts of malicious activity. Cloud environments…

Read more →

Companies’ operating models today are significantly more complex than they were just a couple of years ago, according to BeyondTrust. Remote employees accessing key systems and data, more applications, and information stored and flowing through the cloud, are all helping…

Read more →

Bot attacks were previously seen as relatively inconsequential type of online fraud, and that mentality has persisted even as threat actors have gained the ability to cause significant damage to revenue and brand reputation, according to HUMAN. Bad bot traffic…

Read more →

In this Help Net Security video interview, cybersecurity entrepreneur, founder, innovator, and investor William Lin discusses his new book – The VC Field Guide. In this book, Lin demystifies the inner workings of venture capital. He offers a guide on…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Abnormal Security, Arista Networks, Armorblox, BigID, Binarly, Cofense, Cyera, Cynalytica, D3 Security, Eclypsium, GitGuardian, Guardz, Halo Security, Immuta, Malwarebytes, ManageEngine, Netskope, Obsidian Security, Searchlight Cyber,…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RSA Conference 2023 RSA Conference 2023 took place at the Moscone Center in San Francisco. Check out our microsite for related news, photos, product releases,…

Read more →

The UK Cyber Security Councilv has launched the first phase of its certification mapping tool. It has been created to map all available cyber security certifications onto the 16 specialisms identified by the Council, with the first phase now available.…

Read more →

Codenotary has unveiled SBOMcenter, providing a central, secure place for software producers and consumers to freely generate, store and share Software Bills of Materials (SBOMs). In May 2021, the US government issued an executive order requiring federal agencies to adopt…

Read more →

CSI has released its new robust IT Governance Services, which is available within its Advisory Services offering. Coupled with CSI’s Compliance & Risk Management Services, IT Governance Services combines domain expertise with leading compliance technology. The result is a holistic…

Read more →

The Commission adopted the first designation decisions under the Digital Services Act (DSA), designating 17 Very Large Online Platforms (VLOPs) and 2 Very Large Online Search Engines (VLOSEs) that reach at least 45 million monthly active users. These are: Very…

Read more →

Password resets could unnecessarily cost FTSE 100 businesses over $156 million every month, according to MyCena Security Solutions. This raises the question of the necessity of password resets, at a time when organisations must identify cost savings to survive the…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, Arista Networks, Cyera, Eclypsium, Halo Security, Immuta, ManageEngine, and Traceable AI. Abnormal Security expands its platform and launches new products Abnormal Security launched…

Read more →

Generative AI has captured the imagination of millions worldwide, largely driven by the recent success of ChatGPT, the text-generation chatbot. Our new research showed that globally, 67% of consumers have heard of generative AI technologies, and in some markets, like…

Read more →

5G connectivity has reached a tipping point globally as 5G networks are now active in 47 of the world’s 70 largest economies by GDP, according to Viavi. VIAVI revealed that there are 2,497 cities globally with commercial 5G networks, across…

Read more →

Over the last two years, respondents reported a continued reliance on the least secure forms of authentication, including traditional usernames and passwords and one-time passwords (OTPs), according to Yubico. Not all MFA is equal The results are surprising considering 59%…

Read more →