Category: Help Net Security

Orange Cyberdefense has been selected to carry out cyber crisis management exercises by the GIP SESAN (Groupement Régional d’Appui au Développement de l’eSanté d’Île-de-France) and by CAIH (Centrale d’Achat de l’Informatique Hospitalière) to support healthcare players in the region. These…

Read more →

Too many people have access to company data they don’t need. Also, too many companies focus on authentication (verifying identity) as a security measure and overlook the importance of authorization (verifying right to access). While it’s important to give employees…

Read more →

Almost all IT and security leaders (96%) globally are concerned their organization will be unable to maintain business continuity following a cyberattack, according to Rubrik. Data security is becoming increasingly complex Data security is becoming increasingly complex and the datasets…

Read more →

A recent Code42 report reveals a rapidly growing number of inside risk incidents and a concerning lack of training and technology, further exacerbated by increasing workforce turnover and cloud adoption. In this Help Net Security video, Joe Payne, President at…

Read more →

Venafi has introduced Venafi Firefly, the lightweight machine identity issuer that supports highly distributed, cloud native environments. Part of the Venafi Control Plane for Machine Identities, Firefly enables security teams to easily and securely meet developer-driven machine identity management requirements…

Read more →

NICE Actimize has launched its Suspicious Activity Monitoring (SAM-10) solution. Built to detect more suspicious activity while reducing false positives, NICE Actimize’s SAM-10 introduces enhancements to its anti-money laundering solution, incorporating multiple layers of defense which strengthen the others and…

Read more →

Picus Security has announced the expansion of its continuous threat exposure management (CTEM) solution to help CISOs better answer the question: “what is our cyber risk?”. The company’s new capabilities – Picus Cyber Asset Attack Surface Management (CAASM) and Picus…

Read more →

Worldwide IT and business services revenue is expected to grow (in constant currency) from $1.13 trillion in 2022 to $1.2 trillion in 2023, or 5.7% year-over-year growth, according to IDC. In nominal dollar-denominated revenue based on today’s exchange rate, the…

Read more →

Organizations experienced a significant increase in ransomware – from an average of four attacks over five years in 2021 versus four attacks over the course of one year in 2022, according to ExtraHop. Of those who fell victim, 83% admitted…

Read more →

Tentacle has announced Tentacle AI Control Mapping; a machine learning and natural language processing-fueled feature expected to transform an organization’s ability to centralize and leverage critical cyber security information. AI Control Mapping is the first of a series of machine…

Read more →

VMware has unveiled VMware Cross-Cloud managed services, a set of prescriptive offers with enhanced partner and customer benefits that will enable skilled partners to expand their managed services practices. Cross-Cloud managed services will make building managed services faster for partners…

Read more →

Daon has unveiled TrustX, its next-generation cloud-based platform for identity proofing and authentication to support the creation and deployment of user journeys across their entire digital identity lifecycle. Daon TrustX is optimized by artificial intelligence (AI) and machine learning (ML)…

Read more →

Oracle is introducing new capabilities across Oracle Fusion Cloud Applications Suite that help customers accelerate supply chain planning, increase operational efficiency, and improve financial accuracy. The updates include new planning, usage based pricing, and rebate management capabilities within Oracle Fusion…

Read more →

Digi International has released its latest value-added service — Digi WAN Bonding — to deliver true Gigabit speeds for enhanced network performance. This solution, which is fully integrated into the Digi technology stack, also improves Internet reliability and increases bandwidth…

Read more →

LogRhythm and Zscaler work together to help organizations around the globe increase network insight and address a variety of cloud access security challenges faced by the modern SOC. LogRhythm SIEM and the Zscaler Zero Trust Exchange platform provide visibility and…

Read more →

Looking at configuration data, 56% of decommissioned routers disposed of and sold on the secondary market contained sensitive corporate data, according to ESET. Of the networks that had complete configuration data available: 22% contained customer data 33% exposed data allowing…

Read more →

As cyberattacks increase in frequency and sophistication, small and medium-sized businesses (SMBs) become more vulnerable to cyber threats. Unlike larger enterprises, SMBs often lack the financial and technical resources to secure their networks and data against malicious actors effectively. With…

Read more →

Healthcare, manufacturing, and utilities are suffering long-term financial impact of major cyber attacks, according to ThreatConnect. “With the National Cyber Strategy coming out of the White House focusing on decreasing cyber risk from critical infrastructure and the new SEC Cyber…

Read more →

Destructive ransomware attacks impact enterprises, governments, airlines, hospitals, hotels, and individuals, causing widespread system downtime, economic loss, and reputational damage. In this Help Net Security video, AnnMarie Nayiga, Lead MDR Analyst at Malwarebytes, talks about the dangers of ransomware reinfection.…

Read more →

Mention IT security, and most people immediately think of software-based protections against software-based threats: ransomware, viruses, and other forms of malware. But recognition of the importance of hardware security—upon which all software security is built—is (thankfully) also growing. Established hardware…

Read more →

Versa Networks launched Versa Zero Trust Everywhere, delivering zero trust security for both remote and on-premises users, with optimized user-to-application performance. Hybrid cloud and hybrid work have changed where and how users work, challenging organizations to find ways to secure…

Read more →

With cybersecurity teams struggling to manage the remediation process and monitor for vulnerabilities, organizations are at a higher risk for security breaches, according to Cobalt. As enterprises prioritize efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures…

Read more →

Veracode launches Veracode Fix, a new AI-powered product that suggests remediations for security flaws found in code and open-source dependencies. Shifting the paradigm from merely ‘find’ to ‘find and fix’ “For far too long, organizations have had to choose between…

Read more →

Phylum has added Open Policy Agent (OPA) and continuous reporting to its policy engine. Customers now have more flexibility when creating and enforcing custom policies, and can show compliance with key software supply chain frameworks, regulations and guidelines. “We built…

Read more →

Armis enhanced its Cybersecurity Asset Attack Surface Management (CAASM) Solution giving security teams’ abilities to overcome asset visibility and exposure challenges. Security teams will be able to improve their overall security position by ensuring security controls, security posture, and asset…

Read more →

LastPass has unveiled LastPass University, a training platform featuring live and on-demand coursework to help business administrators, their end users and partners deepen their LastPass product knowledge and password management skills. LastPass University training modules range from basic to comprehensive,…

Read more →

Edgio has released Advanced Bot Management solution that proactively mitigates a wide range of evolving malicious bots while providing observability into good bots. Leveraging massive amounts of data continuously drawn from the platform’s extensive global deployment, Advanced Bot Manager applies…

Read more →

Styra has appointed Mark Pundsack as CEO, effective immediately. Pundsack brings more than thirty years of experience to the role with deep expertise in the software development industry, where he has spent much of his career leading product development teams…

Read more →

DigiCert has unveiled its new unified partner program, designed to provide partners with a comprehensive portfolio that delivers digital trust for the real world. The new program includes more sales motions for all partner types; training, support and tools that…

Read more →

Allurity has closed the acquisition of two new cybersecurity companies, CloudComputing and Securix. The former brings a complete and robust offering in identity, zero trust and information security. The latter adds substantial reinforcement in the areas of identity security, observability…

Read more →

Swimlane announced a strategic partnership with AWS, bringing the power of security automation to AWS environments via a cost-effective solution. The company today also announced Swimlane Turbine is now a cloud-native platform, helping customers automate responses to security data, which…

Read more →

Korea Trade-Investment Promotion Agency (KOTRA) will host 10 Korean cybersecurity companies as Korea Pavilion with Korea Information Security Industry Association (KISIA) at RSA Conference 2023. KOTRA and KISIA will feature companies from across a range of fields including network security,…

Read more →

A well-tuned data breach playbook can provide security teams with a clear roadmap for working through the breach response process. Foreseeing every possible twist and turn of a breach may be impossible, but through extensive wargaming, teams can simulate diverse…

Read more →

In this Help Net Security video, Michael Peters, Principal Software Engineer at Red Hat, discusses how to implement a zero-trust system that uses workload identity across a service mesh in Kubernetes to provide explicit authorization between services, as well as…

Read more →

Within the largest financial institutions, insurers, and retailers, the rise and adoption of AI, an impending recession, and the return of pre-pandemic fraud techniques are driving record rates of fraud attacks for consumers and enterprises alike, according to Pindrop. Researchers…

Read more →

In today’s rapidly evolving technological landscape, it’s more important than ever for Boards and executives to stay informed about the latest advancements and potential risks in technology and digital capability. In this Help Net Security interview, Alicja Cade, Director, Financial…

Read more →

D3 Security has launched its Smart SOAR platform, which expands beyond traditional SOAR with hyperscalable, risk-based autonomous triage and incident remediation across the entire stack. The new capabilities of Smart SOAR build on D3 Security’s designed and maintained integrations, which…

Read more →

Recent warnings by the FBI and FCC have highlighted the risks associated with using public USB chargers. Hackers have created ways to use public USB ports to introduce malware and monitoring software onto the phones of unsuspecting users. Battery Bird‘s…

Read more →

Zyxel Networks enhanced network security and productivity for small and home office users and remote workers with the launch of SCR 50AXE AXE5400 Tri-band WiFi 6E Secure Cloud-managed Router. The new business-class router delivers security and high-performance WiFi 6E as…

Read more →

Imperva and Fortanix signed a partnership agreement, and have each joined the other’s strategic partner program. This partnership brings together two innovative and trusted cybersecurity companies focused on multicloud data protection. The joint offerings from Imperva and Fortanix will provide…

Read more →

lockr has raised $2.5M in pre-seed funding. Mozilla Ventures, Junction Venture Partners, and Grit Capital Partners participated, along with individuals from the digital publishing and data industries. Founded by Keith Petri, an experienced data management executive with two prior 8-figure…

Read more →

Mobb has raised $5.4M in seed funding led by Angel Investor Ariel Maislos and joined by MizMaa Ventures, Cyber Club London and additional investors from US, EU, and Israel. The company has also launched a free community version that allows…

Read more →

With the economy experiencing instability and decline, organizations rely on their technology experts to maintain their innovative edge and generate business value. Despite being instructed to reduce expenses by 65% of the technology team leaders, 72% still intend to boost…

Read more →

Fraudsters are underestimating the power of AI to detect fake IDs, according to a new report from Ondato. Based on an analysis of millions of ID verifications carried out for its customers in 2022, Ondato found that ID cards were…

Read more →

Across all BEC attacks seen over the past year, 57% relied on language as the main attack vector to get them in front of unsuspecting employees, according to Armorblox. In other trends to watch, vendor compromise and fraud are rising…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Making risk-based decisions in a rapidly changing cyber climate In this Help Net Security interview, Nicole reveals the three key indicators she uses to assess…

Read more →

Snowflake has launched the Manufacturing Data Cloud, which enables companies in automotive, technology, energy, and industrial sectors to unlock the value of their critical siloed industrial data by leveraging Snowflake’s data platform, Snowflake- and partner-delivered solutions, and industry-specific datasets. The…

Read more →

CYFIRMA has raised a Pre-Series B round funding from venture fund OurCrowd and Larsen & Toubro’s L&T Innovation Fund. With this, these firms join CYFIRMA’s existing investors Goldman Sachs, Zodius Capital, and Z3 Partners. With the closing of this round,…

Read more →

Khoros and Cerby new partnership allows brands to launch, manage, and analyze their social media profiles quickly and securely from the Khoros platform. Cerby brings security features such as single sign-on (SSO) directly into social accounts and ad accounts for…

Read more →

Tentacle announced a SOC 2 partnership with Oread Risk & Advisory to help organizations achieve SOC 2 reporting goals and establish long-term security infrastructure. With Tentacle’s release of the indexed SOC 2 security framework earlier this year, organizations have access…

Read more →

UltraViolet Cyber has unveiled its launch to provide organizations across the globe with a streamlined approach to address the ever-expanding cyber threat. Created through the combination of four pioneering firms — Metmox, Mosaic451, Stage 2 Security, and W@tchTower — UltraViolet Cyber…

Read more →

Daon is expanding its IdentityX to the healthcare industry to enable organizations to safeguard identities for providers, staff, and patients. As the healthcare industry continues to digitize sensitive healthcare online information, cyber attacks increase and new regulations are established, Daon’s…

Read more →

Cobalt Iron has updated its Compass enterprise SaaS backup platform with new data governance capabilities comprising policy-based controls and an approval framework for decommissioning systems and deleting data. The automation and policy-based discipline for system decommissioning and associated data deletion…

Read more →

Votiro has integrated with Sumo Logic to enable reliable and secure cloud-native applications. Users can now send high-fidelity data and insights discovered by Votiro Cloud into the Sumo Logic Cloud SIEM console. Enterprises are relying on collaboration platforms, cloud workloads…

Read more →

Riskified has unveiled its partnership with Deloitte to empower merchants with real-time insight into how their chargebacks, approval rates and fraud costs compare to similar companies in their space. This benchmarking service is helping retailers formulate a scorecard that can…

Read more →

Thales has joined forces with around twenty deep tech, academic and industry partners, as part of the EuroQCI initiative (European Quantum Communication Infrastructure), which aims to deploy a quantum communication infrastructure for EU member states within three years. By 2040,…

Read more →

WhatsApp will be rolling out three new security features in the coming months, to provide users with increased privacy and control over their messages and to help prevent unauthorized account access and takeover. The new features The first feature is…

Read more →

Cybercriminals have been leveraging social engineering techniques to impersonate the popular US-based digital payments network Zelle and steal money from unsuspecting victims, according to Avanan. The fake Zelle email (Source: Avanan) The phishing email The spoofed email is cleverly crafted…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from BigID, Binarly, Cynalytica, GitGuardian, Netskope, Searchlight Cyber, ThreatX, and Wazuh. Cynalytica OTNetGuard provides visibility into critical infrastructure networks Cynalytica has launced its Industrial Control System…

Read more →

How are data teams conquering the complexity of the modern data stack? Unravel Data has asked 350+ data scientists, engineers, analysts, and others who rely upon real-time data insights for decision-making to share their practices. “For the third year in…

Read more →

On average, organizations store 61% of their sensitive data in the cloud, and most have experienced at least one cybersecurity breach (90%), threat (89%) and/or theft of data (80%), with 75% experiencing all three, according to Skyhigh Security. Overall, the…

Read more →

The illicit market for crypto giveaway scams has expanded, offering various services to facilitate fraudulent activity. The proliferation of fake crypto giveaways can be attributed to the increased availability of tools for scammers, even those with limited technical skills. In…

Read more →

Cymulate has expanded its Attack Surface Management (ASM) solution to close gaps between traditional vulnerability management and ASM. Organizations will now have advanced capabilities to easily visualize risky exposures across hybrid environments. The company achieves this by extending its coverage…

Read more →

Cerbos has released Cerbos Cloud, a managed service offering for Cerbos. Cerbos is an open source authorization layer to easily implement roles and permissions in software applications. It separates authorization logic from the core application code, making the authorization layers…

Read more →

Code42 Software has offered a complete set of response controls to allow security teams to respond to all levels of risk, ranging from unacceptable high risk that must be blocked to the most prevalent user mistakes that require correction. Instructor…

Read more →

Entrust is supporting organizations’ zero trust journey with new foundational identity, encryption, and key management solutions. “Zero trust approaches are reshaping security in a perimeter-less world. While the conversation often starts with identity and network access, organizations are quickly finding…

Read more →

Qwiet AI has released a suite of targeted AppSec and DevSecOps services that help companies address their security function needs without sacrificing time and budget. “We often hear of the notion of doing more with less. However, in today’s environment…

Read more →

DirectDefense has partnered with Claroty which empowers organizations with visibility, protection, and threat detection to secure their Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments. As digital transformation efforts have intensified…

Read more →

SentinelOne has unveiled integrations with key industry players Aruba, Checkpoint, Cisco, Darktrace, Extrahop, Fortinet, Palo Alto Networks and an enhanced collaboration with Vectra AI which expand the company’s firewall and NDR capabilities, and will allow organizations of all sizes to…

Read more →

Google has announced the Google Cloud Assured Open Source Software (Assured OSS) service, which aims to be a trusted source of secure open source packages, and the deps.dev API, which provides access to security metadata for 50+ million open source…

Read more →

To combat the surge of fake LinkedIn accounts in recent years, Microsoft has introduced Entra Verified ID, a new feature that allows users to verify their workplace on the business-focused social media platform. Verified ID automates verification of identity credentials…

Read more →

It used to be that people were the greatest cybersecurity vulnerability, but this is no longer true. The rise of the internet made people more connected than ever. Attackers capitalized on that fact and targeted employees directly to gain access…

Read more →

With over one billion websites worldwide, HTTP/HTTPS application-layer attacks have increased by 487% since 2019, with the most significant surge in the second half of 2022, according to NETSCOUT. The dynamic nature of the DDoS threat landscape Much of the…

Read more →

For the fifth consecutive month, IDC has lowered its 2023 forecast for worldwide IT spending as technology investments continue to show the impact of a weakening economy. 2023 forecast for worldwide IT spending In its monthly forecast for worldwide IT…

Read more →

Access control has become a main concern when it comes to developing secure web applications, and the NSA has a lot to say about it. Especially when it comes to the biggest access management pitfall developers make. In 2021 OWASP…

Read more →

Regula has redesigned Face SDK face liveness detection technology and offers a balance between a simple UX and high reliability by using the zero-trust concept. Every session has its own unique parameters that cannot be reused by fraudsters for tampering,…

Read more →

Binarly has released the Binarly Transparency Platform, delivering transparency for device supply chains enabling device manufacturers and endpoint protection products to analyze both firmware and hardware to identify vulnerabilities, misconfigurations, and malicious code implantation. The Binarly Transparency Platform is designed…

Read more →

Searchlight Cyber has launched Stealth Browser, a virtual machine for cyber professionals to access the dark web and conduct investigations anonymously, without risk to themselves or their organization. Stealth Browser is an enhancement to Searchlight’s Cerberus investigation platform, which is…

Read more →

Fleet has revealed a new programmable MDM, designed to give medium-to-large organizations control of remote workstation security with unsurpassed GitOps and workflow automation. Fleet’s availability as an open-source MDM not only makes it more accessible to organizations working to reduce…

Read more →

CloudCasa by Catalogic launched CloudCasa for Velero, a new offering that combines the simplicity of the service and its advanced cloud awareness with the benefits of Velero. CloudCasa for Velero gives enterprises and service providers the ability to scale their…

Read more →

The Edgio Applications Platform v7 new integrated performance and security features are designed to increase organizational revenues and accelerate developer team velocity through better website performance and multi-layer security. Through the integrated, unified platform, Edgio reduces the need for multiple…

Read more →

Wazuh launched Wazuh 4.4, the latest version of its open source security platform. The latest version adds multiple new features, including IPv6 support for the enrollment process and agent-manager connection, and support for Azure integration within Linux agents. Today’s leading…

Read more →

Cynalytica has launced its Industrial Control System (ICS/SCADA) monitoring sensor, OTNetGuard, that passively and securely captures analog, serial, and IP communications closing the capabilities gap in complete monitoring of OT networks. With the increasing frequency and sophistication of cyberattacks targeting…

Read more →

Rezonate’s ITDR offering detects and responds to active identity threats using both common and sophisticated techniques missed by traditional IAM solutions and endpoint controls. The continuous changes in identities and access privileges across multiple tools and teams at every stage…

Read more →

Armis has formed a strategic partnership and integration with TrueFort to empower customers by enriching the discovery, understanding, and enforcement of security policies for IT, Internet of Things (IoT), and operational technology (OT) environments. “Customers have shared with us just…

Read more →

Syncro has launched a new agreement with Proofpoint to enable Syncro’s MSP partners to offer their customers access to Proofpoint’s email security and security awareness training solutions. “This reseller agreement not only allows our MSPs to give their customers superior…

Read more →

The Cloud Security Alliance (CSA) has announced that registration has opened for the CSA Summit 2023: Mission Critical (San Francisco, April 24) held in conjunction with the RSA Conference. Tima Soni, Chief and Head of the Valencia office of the…

Read more →

Concentric AI has launched its new channel partner program which is aimed at enabling partners’ growth and success delivering the leading solution in the rapidly expanding AI-powered data risk management market to improve customers’ security posture. With Concentric AI’s partner…

Read more →

Raytheon Technologies’ BBN division and SpiderOak have formed a strategic partnership to develop and field a new generation of zero-trust security systems for satellite communications in proliferated low-Earth orbit, or pLEO. SpiderOak’s OrbitSecure solution will be combined with Raytheon BBN’s…

Read more →

The Connectivity Standards Alliance released Zigbee PRO 2023 of the Zigbee protocol stack. The revision brings several enhancements and new features to the technology, allowing mesh networks to have a universal language that enables smart objects to work together. What’s…

Read more →

Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API encryption keys, passwords, and certificates. The vulnerability was an SQL injection vulnerability that potentially could lead to…

Read more →

The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. What happened? The breach did not happen due to a vulnerability. Instead, an unknown attacker used the account of a…

Read more →

3CX has released an interim report about Mandiant’s findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting cryptocurrency companies. They discovered that: The attackers infected targeted 3CX systems with TAXHAUL (aka…

Read more →

GitGuardian launched its new Honeytoken module, providing intrusion detection, code leakage detection and helping companies secure their software supply chains against attackers targeting Source Control Management (SCM) systems, Continuous Integration Continuous Deployment (CI/CD) pipelines, and software artifact registries. “Honeytoken is…

Read more →

The CISO role is currently fraught with novel challenges and escalating workloads. This includes increased paperwork and time spent on risk assessments, which have surged from two to thirty hours per assessment. Furthermore, privacy regulations are expanding, and CISOs are…

Read more →

Cybersecurity threats to organizations are only increasing, not only in number but in scope, according to Team Cymru. The true cost of cyber breaches Proactive threat hunting helps organizations save money by preventing security breaches and reducing the impact of…

Read more →

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to Red Access.…

Read more →

The Qualys Threat Research Unit (TRU) has been hard at work detecting vulnerabilities worldwide, and its latest report is set to shake up the industry. In this Help Net Security interview, Travis Smith, VP of the Qualys TRU, talks about…

Read more →

Netskope unveiled its brand new Endpoint SD-WAN to provide secure, optimized access to endpoint devices from anywhere. Netskope Endpoint SD-WAN will leverage the industry’s first software-based unified SASE client, converging SD-WAN and Security Service Edge (SSE) capabilities so organizations can…

Read more →

AutoRABIT has enhanced their data and metadata security offerings by refining existing products, adding new features, and emphasizing the importance of a full-featured approach to Salesforce DevSecOps. Security continues to be an increasingly difficult consideration. The advent of tools being…

Read more →