Category: Help Net Security

BigID announced native data privacy capabilities to automate and help fulfill California Privacy Rights Act (CPRA) requirements. The California Privacy Rights Act (CPRA) is an amendment to the California Consumer Privacy Act (CCPA) that went into effect on Jan 1,…

Read more →

LOKKER has released its LOKKER Web Privacy Risk Score, the assessment tool that provides businesses with a clear, numeric rating of their privacy risk across a global portfolio of websites, individual websites within that portfolio, and the individual web pages…

Read more →

H0lyGh0st, Magecart, and a slew of state-sponsored hacker groups are diversifying their tactics and shifting their focus to… you. That is, if you’re in charge of cybersecurity for a small-to-midsize enterprise (SME). Why? Bad actors know that SMEs typically have…

Read more →

As Europe’s enterprises return to normal following the COVID-19 pandemic’s impact, they are looking for innovative and cost-effective ways to combine mainframe dependability with the flexibility of the cloud, according to ISG. Mainframe modernization services market accelerates The report finds…

Read more →

QuSecure has unveiled that the company, in collaboration with Accenture, has accomplished the first successful multi-orbit data communications test secured with post-quantum cryptography (PQC), which refers to cryptographic methods that are secure against an attack by a quantum computer. This…

Read more →

Netskope has unveiled new integrations with Zoom Video Communications (Zoom) that connect Netskope’s Borderless SD-WAN and SaaS Security Posture Management (SSPM) with Zoom UCaaS to deliver connectivity and security solutions for effective user collaboration. Through these Netskope integrations, organizations using…

Read more →

NanoLock Security and ISTARI have formed a strategic collaboration to deliver NanoLock’s industrial product suite to ISTARI’s worldwide clients as part of their global strategy. The partnership will enable ISTARI’s clients, which include large enterprises in critical infrastructure sectors such…

Read more →

Versa Networks has named Dan Maier, a former executive from GreyNoise, Anomali and Zscaler, as its new Chief Marketing Officer. In his role as CMO, Mr. Maier will lead Versa’s global marketing organization, including market strategy and positioning, branding, public…

Read more →

Right-Hand Cybersecurity has unveiled its successful $5M Series A led by former PayPal executive Jack Selby and his firm AZ-VC. With the successful close of its Series A round, Right-Hand will expand its operations across the US and Asia-Pacific while…

Read more →

Spera has revealed $10 million in seed funding led by YL Ventures, with participation from notable security and go-to-market leaders, prominent angel investors and serial entrepreneurs from leading enterprises including Google, Palo Alto Networks, Akamai, Zendesk, Zscaler and others. Founded…

Read more →

Anomali and Canon IT Solutions have announced the availability of the Canon IT Solutions “Threat Intelligence Platform,” a security operations service that operationalizes threat intelligence to better detect and respond to attacks. Utilizing Anomali ThreatStream, the service provides small and…

Read more →

Microsoft has unveiled Security Copilot, an AI-powered analysis tool that aims to simplify, augment and accelerate security operations (SecOps) professionals’ work. Using Microsoft Security Copilot Security Copilot takes the form of a prompt bar through which security operation center (SOC)…

Read more →

In an economic climate putting immense pressure on business leaders to prove ROI and team efficiency – a new report from Immersive Labs looks into the lack of confidence cyber leaders have in their team’s preparation and abilities to combat…

Read more →

In this Help Net Security interview, Michael Jabbara, the VP and Global Head of Fraud Services at Visa, delves into digital skimming attacks, highlighting their common causes, and provides insights into what measures merchants can take to prevent them. He…

Read more →

A New York law firm has agreed to pay $200,000 in penalties to the state because it failed to protect the private and electronic health information of approximately 114,000 patients. How did the data theft happen? Heidell, Pittoni, Murphy and…

Read more →

Microsoft has introduced Microsoft Incident Response Retainer, allowing customers to pre-pay and count on help from Microsoft incident responders before, during and after a cybersecurity crisis. Cybersecurity challenges faced by organizations Organizations are facing numerous cyber attacks that can negatively…

Read more →

IT professionals are frustrated due to the rise in network update velocity and tech stack sprawl, lack of support from leadership, and disagreements and concerns about the approach to resolving network issues, according to BackBox. Network and security device updates…

Read more →

HackNotice is offering additional tailored protection via its new service, HackNotice Actions. Further empowering employees, HackNotice Actions reaches out to any company where a person’s PII or other data has been compromised, and asks for a full report on or…

Read more →

Protegrity has launched the Protegrity Borderless Data Solution to enable easy, secure and compliant cross-border data flows for large global enterprises. The new solution brings together a suite of data security tools designed to help the world’s largest banks, retailers…

Read more →

NTT has launched its Managed Detection and Response (MDR) security service to help companies achieve business performance objectives through improved cyber resilience. The cloud-native, analytics-driven offering combines human and machine expertise with leading technologies and threat intelligence to reduce the…

Read more →

Netwrix has released new versions for five products since September 2022 and launched a new SaaS-based auditing solution tailored for MSPs. Netwrix keeps enhancing its portfolio to help identify, protect, detect, respond, and recover from cyber threats aimed at any…

Read more →

Signifyd has achieved Platinum Partner status in the Adobe Technology Partner Program for Experience Cloud, making it fraud protection solution in the tier to offer complete and guaranteed chargeback protection to brands leveraging Adobe’s suite of commerce solutions. Signifyd’s ascent…

Read more →

Endace and Niagara Networks announced a partnership that combines Endace’s scalable, always-on packet capture with Niagara Networks’ complete visibility solutions. The combination of the two technologies gives NetOps and SecOps teams the confidence to investigate and resolve even the most…

Read more →

Slowly but surely, Microsoft aims to make it impossible for unsupported and/or unpatched on-prem Microsoft Exchange servers to use the company’s Exchange Online hosted cloud service to deliver email. Blocking potentially malicious emails from reaching Exchange Online “To address [the…

Read more →

Apple has released security updates for – pardon the pop-culture reference – everyhing everywhere all at once, and has fixed the WebKit vulnerability (CVE-2023-23529) exploited in the wild for users of older iPhones and iPads. This latest batch of security…

Read more →

With the increased public interest in ChatGPT, the Europol Innovation Lab took the matter seriously and conducted a series of workshops involving subject matter experts from various departments of Europol. These workshops aimed to investigate potential ways in which large…

Read more →

In this Help Net Security video, Matt Spitz, Head of Engineering at Vanta, talks about pragmatic security and illustrates what a small company with limited resources needs to do to lay the groundwork for effective protection. The post Running a…

Read more →

Cyberattacks tend to come from two angles: criminals take advantage of employees with privileged access or of security weaknesses in your hardware/software infrastructure. These broad categories encompass attack vectors such as phishing, man-in-the-middle attacks, misconfigurations, and vulnerability exploits. To prevent…

Read more →

Shadow IT teams, also known as rogue IT teams, have grown in popularity in recent years due to the rise of cloud-based apps and remote work. However, this has led to operational tension and security risks within many businesses. 58%…

Read more →

As one of the leading experts in product security with over 15 years of experience in security engineering and 120 cybersecurity patents under his belt, Adam Boulton is one of the most experienced software security professionals in the industry. Currently…

Read more →

Tausight has expanded its AI-based PHI Security Intelligence platform which automates the discovery and identification of electronic PHI to enhance the protection of healthcare patients’ most valuable confidential information. On March 7, President Biden announced his National Cybersecurity Strategy, reflecting…

Read more →

AU10TIX has unveiled that it is working with Microsoft on Reusable ID – a verifiable credentials (VC) architecture for identity management. VCs are reusable, unalterable digital credentials that prove the identity of a person or entity and allow the safe…

Read more →

Hunters has integrated its SOC (Security Operations Center) Platform with the Databricks Lakehouse. For the first time, Databricks customers will be able to stand up a security data lake for security operations (data ingestion, detection, investigation and response) in just…

Read more →

A vulnerability in the redis-py open-source library was at the root of last week’s ChatGPT data leak, OpenAI has confirmed. Not only were some ChatGPT users able to see what other users have been using the AI chatbot for, but…

Read more →

BEC attacks are usually aimed at stealing money or valuable information, but the FBI warns that BEC scammers are increasingly trying to get their hands on physical goods such as construction materials, agricultural supplies, computer technology hardware, and solar energy…

Read more →

Cybersecurity is such a complex field that even the best-trained, best-equipped, and most experienced security managers will sometimes struggle to decide which of several paths to take. Let’s consider uncategorized web traffic, for instance. I define this broadly as traffic…

Read more →

Businesses have faced massive disruptions in their workforce – many are requesting employees return to the office, and layoffs are rattling several industries. This disruption in the workforce can open organizations up to significant security breaches. In this Help Net…

Read more →

Despite increased emphasis on cybersecurity from authorities and high-profile breaches, critical gaps in vulnerability management within organizations are being overlooked by executive leadership teams, according to Action1. These gaps leave organizations vulnerable to cyber threats. Key findings Low cybersecurity awareness…

Read more →

93 percent of CISOs are concerned about dark web threats, and almost 72 percent of CISOs believe that intelligence on cybercriminals is “critical” to defend their organization and increase cybersecurity, according to Searchlight Cyber. The report findings show that most…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: These 15 European startups are set to take the cybersecurity world by storm Google has announced the startups chosen for its Cybersecurity Startups Growth Academy.…

Read more →

Opti9 Technologies has launched Observr Software-as-a-Service (SaaS) ransomware detection and standalone managed services – two new standalone service offerings that cater to organizations leveraging Veeam Software. As the complexity of organizations’ IT continues to evolve, technical leaders are increasingly looking…

Read more →

McAfee has expanded partnership with Mastercard to offer Mastercard Business cardholders automatic savings on online protection solutions from McAfee through Mastercard Easy Savings. According to the latest FBI Internet Crime Report, malicious cyber activity resulted in more than $10 billion…

Read more →

Network defenders searching for malicious activity in their Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) cloud environments have a new free solution at their disposal: Untitled Goose Tool. Released by the Cybersecurity and Infrastructure Security Agency (CISA),…

Read more →

Intel has launched the latest Intel vPro platform, which is powered by 13th Gen Intel Core processors and offers a broad range of features, including powerful security measures. The extensive commercial portfolio will offer over 170 laptops, desktops, and entry-level…

Read more →

Over the last several years, endpoints have played a crucial role in cyberattacks. While there are several steps organizations can take to help mitigate endpoint threats – such as knowing what devices are on a network (both on-premises and off-site),…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from ForgeRock, Vectra, Verosint, Vumetric, and Waterfall Security Solutions. Waterfall Security Solutions launches WF-600 Unidirectional Security Gateway Waterfall Security Solutions launched the WF-600 Unidirectional Security Gateway,…

Read more →

MITRE launched its System of Trust risk model manager and established a community engagement group of 30 members. Expanding from its free and open platform, System of Trust now delivers a collaborative community to identify and mitigate threats to supply…

Read more →

Amid economic uncertainty and downturn, organizations are leaning on their technologists to continue to innovate and drive business value, according to Pluralsight. Though 65% of tech team leaders have been asked to cut costs, 72% still plan to increase their…

Read more →

Organizations worldwide pay ransomware fees instead of implementing solutions to protect themselves. The ransom is just the tip of the iceberg regarding the damage a ransomware attack can wreak. In this Help Net Security video, Gerasim Hovhannisyan, CEO at EasyDMARC,…

Read more →

Vectra Match brings intrusion detection signature context to Vectra Network Detection and Response (NDR), enabling security teams to accelerate their evolution to AI-driven threat detection and response without sacrificing investments already made in signatures. “As enterprises transform embracing digital identities,…

Read more →

Zenoss has released advanced identity management capabilities, helping ensure maximum protection of sensitive credentials while in use and at rest throughout the Zenoss Cloud platform. This represents yet another key building block in the security and privacy features Zenoss has…

Read more →

Brivo expands its mobile credential options by introducing support for employee badges in Apple Wallet. Brivo corporate customers can enable employees to add their employee badge to Apple Wallet and simply hold their iPhone or Apple Watch near a reader…

Read more →

Kasm Technologies has partnered with Oracle Cloud Infrastructure (OCI) to offer Workspaces for Oracle, a new Desktop-as-a-Service (DaaS), Remote Browser Isolation (RBI) and Containerized Application Streaming (CAS) solution. This solution combines the benefits of the public cloud with the security…

Read more →

SecureAuth and HashiCorp partnership will enable organizations to leverage SecureAuth’s advanced passwordless authentication and Multi-Factor Authentication (MFA) device recognition. To increase security and deployment velocity for cloud DevOps environments, SecureAuth delivers support for Arculix MFA into the HashiCorp Cloud Platform…

Read more →

BlackBerry and Adobe have partnered to deliver a secure forms solution for mobile. The software solution, which combines BlackBerry UEM and Adobe Experience Manager Forms, is designed for popular mobile device platforms, and meets the rigorous security standards required by…

Read more →

A new Chrome extension promising to augment users’ Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found. While this specific trick isn’t new, this time around the extension also worked as advertised. “Based on…

Read more →

Logged failed logins into a company’s Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. Those credentials can then be used log in to any of the organization’s platforms that…

Read more →

The Transportation Security Administration (TSA) recently issued new cybersecurity requirements for the aviation industry, which follows last year’s announcement for railroad operators. Both announcements are part of the Department of Homeland Security’s effort to improve the nation’s cybersecurity resiliency and…

Read more →

Between January 2021 and October 2022, the EU Agency for Cybersecurity (ENISA) analyzed and mapped the cyber threats faced by the transport sector, identifying prime threats, analyzing incidents, assessing threat actors, analyzing their motivations, and introducing major trends for each…

Read more →

With cybersecurity incidents involving compromised credentials continually the most common cause of a data breach for enterprises – and account takeover for individuals, securing digital identities has become paramount. In this Help Net Security video, Jeff Reich, Executive Director at…

Read more →

Many companies struggle to implement and integrate a bunch of different solutions covering different parts of the IDV process. In fact, according to Regula’s survey, 40% of organizations cite this overly complex technical environment as the largest constraint to deploying…

Read more →

Lightspin launched the Remediation Hub as part of its cloud-native application protection platform (CNAPP) solution. An evolution of Lightspin’s root cause analysis feature, the Remediation Hub provides users the ability to dynamically remediate the most critical cloud environment risks, at…

Read more →

Secureworks bolsters cyber resiliency with launch Of Security Posture Dashboard. Using the 600 billion security events Taegis analyzes daily, the Dashboard empowers customers to understand their cybersecurity posture and how resilient they would be in the face of a cyberattack.…

Read more →

Vumetric Cybersecurity has launched its Penetration Testing as-a-Service (PTaaS) platform, designed to simplify and modernize cybersecurity assessments for organizations of all sizes. The Vumetric PTaaS platform revolutionizes the penetration testing process by providing self-service capabilities that allow organizations to schedule…

Read more →

An average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited, according to Continuity. The findings underscore a significant gap in the state of enterprise…

Read more →

Verosint and Ping Identity partnership enables mutual customers to analyze digital identities across devices at login to determine account fraud risk. Recognized customers are granted a frictionless transaction path, whereas suspicious users are automatically challenged or blocked to prevent fraudulent…

Read more →

Veza announced the appointment of Jason Garoutte as its first Chief Marketing Officer. Garoutte is responsible for building and leading a world-class marketing organization that drives Veza’s continued growth and scale. Garoutte has two decades of marketing and operational leadership…

Read more →

GNOME 44, code-named Kuala Lumpur, is now available. The GNOME Circle now includes many new apps, and both the Software and Files apps have undergone enhancements. The new version features a grid view in the file chooser, improved settings panels…

Read more →

Google has announced the startups chosen for its Cybersecurity Startups Growth Academy. The 15 selected startups are from eight countries and were chosen from over 120 applicants. They have made significant contributions, from securing health applications to protecting educators and…

Read more →

A mere 15% of organizations globally have the ‘mature’ level of readiness needed to be resilient against today’s modern cybersecurity risks, according to a Cisco report. Organizations have moved from an operating model that was largely static – where people…

Read more →

Although OpenAI is an established organization with many years of experience promoting and developing AI systems, the relative immaturity of the ChatGPT application, combined with the lack of security assurance available for OpenAI, can put organizations at risk. In this…

Read more →

“Is cybersecurity recession-proof?” That’s the question on the minds of many security professionals and executives as a possible economic downturn of indeterminate length and severity looms and many organizations are tightening their belts. While research suggests that IT spending is…

Read more →

Not only do security vulnerabilities lurk within software, but they can also be embedded directly into hardware, leaving technical applications open to widespread attack. For their project, the researchers took thousands of microscopic images of microchips. Pictured here is such…

Read more →

Splunk has released innovations to Splunk’s unified security and observability platform to help build safer and more resilient digital enterprises. Splunk’s latest innovations include enhancements to Splunk Mission Control and Splunk Observability Cloud, and the general availability of Splunk Edge…

Read more →

AlertEnterprise has revealed the launch of its new Guardian SOC Insights suite. Powered by the company’s latest developments in AI, including a powerful integration with the OpenAI ChatGPT platform, Guardian SOC Insights is designed to provide actionable data and playbooks…

Read more →

WALLIX has released SaaS Remote Access, the SaaS version of the remote access management technology integrated into WALLIX PAM4ALL, its unified privilege management solution. SaaS Remote Access is designed for organizations – across all sectors and in particular the industrial…

Read more →

Verosint announced a new solution that helps organizations secure their online businesses and protect their customers in the face of ever-growing account fraud. With Verosint, companies can deliver frictionless access to legitimate customers, while blocking or challenging access by suspicious…

Read more →

SailPoint Technologies has rolled out a new non-employee risk management capability based on the company’s January 2023 acquisition of SecZetta. The SailPoint Non-Employee Risk Management solution is available now as an add-on to the SailPoint Identity Security Cloud. The new…

Read more →

Aembit has unveiled its official launch alongside $16.6M in seed financing from cybersecurity specialist investors Ballistic Ventures and Ten Eleven Ventures. Aembit helps companies apply a zero trust security framework to workload access, similar to existing solutions for workforce access,…

Read more →

Cyberattacks often begin with an unsuspecting user clicking on a link that redirects them to a harmful site containing malware. Even the best employee training won’t prevent every mistake. The best way to stop those mistakes from becoming costly cyber…

Read more →

Stratodesk and deviceTRUST announced their security integration partnership. This partnership benefits customers by delivering an additional layer of security for workspace access and authorization. Stratodesk and deviceTRUST collaboration brings customers the most secure endpoint environment accessing corporate workspaces. deviceTRUST complements…

Read more →

Italian luxury sports car maker Ferrari has suffered a data breach and has confirmed on Monday that it “was recently contacted by a threat actor with a ransom demand related to certain client contact details,” but that it won’t be…

Read more →

Malicious threat actors have actively exploited 55 zero-days in 2022 – down from 81 in 2021 – with Microsoft, Google, and Apple products being most targeted. 53 out of 55 allowed attackers to achieve elevated privileges or execute remote code…

Read more →

Half of U.S. businesses say that security is the most influential factor when buying software, according to Capterra’s Security Features Survey. In fact, 45% have stopped using a specific type of software due to security concerns. Businesses are willing to…

Read more →

Hackers are diversifying attack methods, including a surge in QR code phishing campaigns, according to HP. From February 2022, Microsoft began blocking macros in Office files by default, making it harder for attackers to run malicious code. Data collected by…

Read more →

In this Help Net Security video, Liudas Kanapienis, CEO of Ondato, discusses the impact of AI on the future of ID verification and how it is transforming the way identities are being verified. The post The impact of AI on…

Read more →

My mother is 67 years old. She is a brilliant woman, educated and not at all afraid of technology. Yet, when I tried to get her to install Google Authenticator and use multi-factor authentication (MFA) for logging into applications, she…

Read more →

Eurotech announced its newest edge servers with scalable, cybersecurity certified – AI capabilities. Cyber-threats have become endemic and severely expose states and businesses of all sizes to the risk of loss of data, interruption of services, and direct or indirect…

Read more →

ForgeRock announced ForgeRock Enterprise Connect Passwordless, a new passwordless authentication solution that eliminates the need for users to interact with passwords inside large organizations. Enterprise Connect Passwordless is the latest addition to ForgeRock’s passwordless authentication portfolio for consumer and workforce…

Read more →

Mastercard acquired Baffin Bay Networks to better help businesses deal with the increasingly challenging nature of cyber-attacks. Baffin Bay Networks, based in Sweden, adds to Mastercard’s multi-layered approach to cyber security and helps to stop attacks, while mitigating exposure to…

Read more →

Secret Double Octopus partners with Wipro to strengthen passwordless protection against identity-based cyber attacks. Under the new partnership, Wipro’s Cybersecurity and Risk Services (CRS) will use SDO’s Octopus Enterprise technology platform to drive Wipro’s passwordless authentication solution, as part of…

Read more →

Tracking pixels like the Meta and TikTok pixels are popular tools for online businesses to monitor their website visitors’ behaviors and preferences, but they do come with risks. While pixel technology has been around for years, privacy regulations such as…

Read more →

Waterfall Security Solutions launched the WF-600 Unidirectional Security Gateway, an OT security protection against remote cyber attacks. The WF-600 product line is a blend of hardware and software, enabling unbreachable protection at IT/OT interfaces with unlimited visibility into OT networks,…

Read more →

Our reliance on face matching for identity verification is being challenged by the emergence of artificial intelligence (AI) and facial morphing technology. This technique involves digitally creating an image which is an average of two people’s faces, and which can…

Read more →

99% of all businesses across the United States and Canada are mid-sized businesses facing cybersecurity challenges, according to a Huntress report. Aimed to gain insights into organizational structure, resources and cybersecurity strategies, the results contextualize challenges across core functions including…

Read more →

Worldwide spending on security solutions and services is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022, according to IDC. Investments in hardware, software, and services related to cybersecurity are expected to reach nearly $300…

Read more →

Despite the economic uncertainty, 57% of organizations plan to increase their cybersecurity budgets in 2023, according to a survey from Arctic Wolf. This highlights a powerful trend: critical needs like security must be addressed even with IT budgets tightening. As…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Samsung, Vivo, Google phones open to remote compromise without user interaction Several vulnerabilities in Samsung’s Exynos chipsets may allow attackers to remotely compromise specific Samsung…

Read more →

Keysight Technologies introduces the Keysight Digital Learning Suite, a new unified digital learning platform that provides university engineering educators and students with lab tools, resources, and courseware through a single, secure web interface. In response to demands for flexible learning…

Read more →

DataRobot has released DataRobot AI Platform 9.0, along with deeper partner integrations, AI Accelerators, and redesigned service offerings, all centered on helping organizations derive measurable value from their AI investments. “AI has the potential to enhance every aspect of business…

Read more →