Category: Help Net Security

Cloud environments provide many benefits, primarily involving their ease of scalability and resilience. Those qualities exist because of automation and the easy and straightforward way to leverage that to enhance a cloud environment. While that ease through automation can have…

Read more →

After news broke late last week about Silicon Valley Bank’s bank run and collapse, security researchers started warning SVB account holders about incoming SVB-related scams and phishing attempts. Another reminder: just because caller ID says FDIC, SVB, or a phone…

Read more →

Security experts are increasingly resorting to unauthorized AI tools, possibly because they are unhappy with the level of automation implemented in their organization’s security operation centers (SOCs), according to a study conducted by Wakefield Research. The research demonstrates that embracing…

Read more →

The cybersecurity industry can leverage GPT-3 potential as a co-pilot to help defeat attackers, according to Sophos. The latest report details projects developed by Sophos X-Ops using GPT-3’s large language models to simplify the search for malicious activity in datasets…

Read more →

Elevate Security has released Elevate Identity, its SaaS offering for Identity and Access Management (IAM) Professionals that integrates Elevate’s user risk profiling capability with IAM tools such as Cisco Duo, Crowdstrike Falcon, and Microsoft Azure AD to add a full…

Read more →

Approximately 10-16 percent of organizations have shown evidence of malicious command and control (C2) activities, strongly indicating a network breach within the last year, according to Akamai. Emotet and QSnatch Akamai observes nearly seven trillion DNS requests daily and classifies…

Read more →

Atakama unveiled its new Multifactor Encryption platform, Atakama Enterprise, featuring the Atakama Intelligence Center. Atakama’s Multifactor Encryption combines advanced Distributed Key Management (DKM) with the proven concept of multi-device authentication for a progressive security solution that challenges the status quo…

Read more →

HYPR announced its newest offering, Enterprise Passkeys for Microsoft Azure and integrated with Microsoft Entra. This new technology turns any smartphone into a FIDO2 virtual security key, providing authentication flexibility, user convenience and security while eliminating the complexity and cost…

Read more →

Perception Point has added browser-centric Data Loss Prevention (DLP) capabilities to its Advanced Browser Security extension. The Browser Security plugin provides comprehensive security measures and granular controls to safeguard corporate assets from loss, misuse, and unauthorized access. Working in the…

Read more →

Dell Technologies has unveiled new security services and solutions to help organizations protect against threats, respond to attacks and secure their devices, systems and clouds. Seventy-two percent of IT business leaders and professionals believe the changing working world exposes their…

Read more →

BigID has introduced purpose-built AI and ML-based data discovery and classification capabilities designed to detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets – including as API keys, tokens, usernames and passwords, and security…

Read more →

Trustwave and Trellix have formed a strategic partnership to bring visibility and more precise detection and response to security teams defending against cyberthreats. Trustwave’s Managed Detection and Response (MDR) provides enterprises across the globe with 24×7 monitoring, detection, and response…

Read more →

Veeam Software has unveiled a strategic partnership with Carahsoft Technology. Under the agreement, Carahsoft will serve as Veeam’s preferred public sector distributor, expanding public sector access to the Veeam Data Platform (VDP), which provides customers with the data security, data…

Read more →

Through CyberGRX and ServiceNow integration, ServiceNow Vendor Risk Management customers will have access to CyberGRX’s extensive third-party risk data, enabling them to prioritize risk actions and maintain constant visibility on emerging third-party threats. Organizations work with multiple vendors, partners and…

Read more →

OffSec released the 2023 edition of Penetration Testing with Kali Linux (PEN-200). This new version, which incorporates the latest ethical hacking tools and techniques through real-world penetration testing simulations, offers many improvements and additions, including new Learning Modules and Learning…

Read more →

Hornetsecurity launched VM Backup V9 – the newest version of its virtual machine (VM) backup, replication and recovery solution. This latest iteration offers ransomware protection leveraging immutable cloud storage on Wasabi and Amazon S3, with Microsoft Azure soon to follow.…

Read more →

Appian introduced Appian Protect, a new set of security offerings that delivers reliable data monitoring and end-to-end encryption for cloud and mobile applications. Appian Protect gives Appian customers increased control over their security posture, with top-tier encryption capabilities, 24x7x365 monitoring,…

Read more →

AWS has been offering Amazon Linux, a cloud-optimized Linux distribution, since 2010. This distribution’s latest version is now available. Amazon Linux 2023 is provided at no additional charge. Standard Amazon EC2 and AWS charges apply for running EC2 instances and…

Read more →

Cyber attribution is a process by which security analysts collect evidence, build timelines and attempt to piece together evidence in the wake of a cyberattack to identify the responsible organization/individuals. Cyber threat attribution stems from the core psychology of a…

Read more →

1,450 global consumers’ experiences with passwordless authentication, hybrid identities, and ownership over personally identifiable information reveal that they want more convenience when it comes to identity credentials, according to Entrust. “The pace of commerce and business is moving faster than…

Read more →

Phishing attacks have become increasingly prevalent and sophisticated, making it more difficult for individuals to protect themselves from these scams. In this Help Net Security video, Ofek Ronen, Software Engineer at Perception Point, discusses two-step phishing attacks, which are not…

Read more →

Unpatched vulnerabilities are responsible for 60% of all data breaches. The Department of Homeland Security has estimated that the proportion of breaches stemming from unpatched flaws may be as high as 85%. Timely patching is an important aspect of managing…

Read more →

While 93% of CIOs expect an increase in IT budgets for 2023, 83% of them are feeling pressured to stretch their budgets even further than before, with a focus on managing cloud costs more efficiently and addressing the growing issue…

Read more →

With the rise of faster multi-gig internet speeds now available to more and more households, the growing number of connected devices per family and the ever-increasing growth of bandwidth hungry 4K/8K video streaming, HD Zoom calls, hybrid collaborative graphics-intensive work,…

Read more →

Neurotechnology has released MegaMatcher 13.0 that provides a range of products for developing multi-biometric solutions that require high accuracy, speed and scalability. The latest release features MegaMatcher SDK, MegaMatcher Accelerator and MegaMatcher ABIS updates and improvements and adds a new…

Read more →

ReversingLabs has unveiled new secrets detection features within its Software Supply Chain Security (SSCS) platform. ReversingLabs improves secrets detection coverage by providing teams with the context and transparency needed to prioritize developers’ remediation efforts, reduce manual triage fatigue, and improve…

Read more →

Cloudflare is entering the fraud detection market to help businesses identify and stop online fraud – including fraudulent transactions, fake account signups, account takeover attacks, and carding attacks – before it impacts their brand or their bottom line. Powered by…

Read more →

ESET researchers have uncovered a compromise of an East Asian data loss prevention (DLP) company. The attackers utilized at least three malware families during the intrusion, compromising both the internal update servers and third-party tools utilized by the company. This…

Read more →

If you are developing a modern medical, manufacturing, or logistics facility, there’s no doubt that a large portion of your investment was made into the electronic aspects of your device. Sensors, connected devices, and machinery are synchronized to deliver a…

Read more →

So, you want to deploy Kubernetes in an air-gapped environment, but after months of grueling work, you’re still not up and running. Or maybe you’re just embarking on the journey but have heard the horror stories of organizations trying to…

Read more →

As server-side security advances, more attackers are exploiting vulnerabilities and launching malicious attacks through the less protected and seldom monitored client-side supply chain. Unfortunately, because of these attacks’ sophisticated and subtle nature, they can be hard to detect until it’s…

Read more →

While massive public data breaches rightfully raise alarms, the spike in malware designed to exfiltrate data directly from devices and browsers is a key contributor to continued user exposure, according to SpyCloud. The 2023 report identified over 22 million unique…

Read more →

There is a consensus among MSPs and MSSPs that vCISO services pose an excellent opportunity for a new revenue stream, but how do you successfully do that? Watch this panel discussion to hear from MSSP leaders who already sell vCISO…

Read more →

Today, phishing is the fastest growing Internet crime, and a threat to both consumers and businesses. Finance, technology, and telecom brands were the most commonly impersonated industries, notably for the unprecedented access and financial benefit that bank accounts, email and…

Read more →

Startpage’s latest enhancements include private local in-map results, knowledge panels and instant answers, providing users with a more intuitive search experience while also prioritizing user privacy. They also feature what every user wants, fewer ads. Search results now incorporate information…

Read more →

Tanium has released its new certificate manager and enhanced policy management capabilities, offering organizations convenient tool consolidation, cost and time savings, and more accurate reporting via Tanium’s XEM platform. Organizations today struggle to see and manage digital certificates; the average…

Read more →

Motorola Solutions announced the new Avigilon physical security suite that provides secure video security and access control to organizations of all sizes around the world. The Avigilon security suite includes the cloud-native Avigilon Alta and on-premise Avigilon Unity solutions, each…

Read more →

Concentric AI announced a DSPM solution with support for optimized large language models delivering improved data security and protection. As a result, Concentric AI’s Semantic Intelligence delivers semantic understanding of data and leverages context to offer precise accuracy in discovering…

Read more →

Canonical is partnering with MediaTek to meet the growing demands of the IoT industry, reduce development costs and accelerate time-to-market. By partnering to enable Ubuntu on the Genio platform, MediaTek and Canonical will make it easier for developers, innovators and…

Read more →

Cloudflare announced new integrations with Atlassian, Microsoft, and Sumo Logic to help businesses of any size secure the tools and applications they rely on with enterprise-ready zero trust security. Now businesses will be able to use security insights from the…

Read more →

It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors. About CVE-2023-23397 “CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is…

Read more →

Organizations in critical infrastructure sectors whose information systems contain security vulnerabilities associated with ransomware attacks are being notified by the US Cybersecurity and Infrastructure Security Agency (CISA) and urged to implement a fix. A pilot program to strengthen critical infrastructure…

Read more →

Canonical announced its Ubuntu Core OS is now compatible with the Arm SystemReady IR system specification, enabling security best practices across connected devices. In addition, the OS has achieved the PSA Certified Level 1. Ubuntu Core is a minimal version…

Read more →

Old ads can be startling—cigarette ads used to boast their health-giving properties, sugar-laden candy was once advertised as a dietary aid, and soft drinks were advertised as a milk alternative for babies. None of this would fly today, of course,…

Read more →

Hopefully, you’ve been working with the Center for Internet Security (CIS) on securing your cloud infrastructure for a while now. Initially, you might have used our CIS Benchmarks and other free resources to manually configure your operating systems in the…

Read more →

BEC attacks are growing year over year and are projected to be twice as high as the threat of phishing in general, according to IRONSCALES and Osterman Research. 93% of organizations experienced one or more of the BEC attack variants…

Read more →

Skyhigh Security has seen firsthand how 33,000 enterprise users have accessed ChatGPT through corporate infrastructures. Almost 7 TB of data has been transacted with ChatGPT through corporate web and cloud assets between Nov 2022 – Feb 2023. In this Help…

Read more →

Managing user access in applications has always been a headache for any developer. Implementing policies and enforcing them can prove to be quite complex, and very time-consuming. Even if a homebrew authorization solution has been developed for an application, sooner…

Read more →

Adtran and Satelles collaboration will enable operators of critical infrastructure to safeguard their timing networks with Satellite Time and Location (STL) technology. By integrating Satelles’ STL into its Oscilloquartz network synchronization products, Adtran will provide an alternative to GNSS systems…

Read more →

OffSec (formerly Offensive Security) has released Kali Linux 2023.1, the latest version of its popular penetration testing and digital forensics platform, and the release is accompanied by a big surprise: a technical preview of Kali Purple, a “one stop shop…

Read more →

For those who haven’t followed the drama, Silicon Valley Bank has been shut down by the California Department of Financial Protection and Innovation, after a bank run that followed an insolvency risk and a stock crash. The Federal Deposit Insurance…

Read more →

The Transportation Security Administration (TSA) issued a new cybersecurity amendment to the security programs of certain TSA-regulated (airport and aircraft) operators in the aviation sector, following similar measures announced in October 2022 for passenger and freight railroad carriers. This is…

Read more →

Passwords are still the weakest link in an organization’s network, as proven by the analysis of over 800 million breached passwords, according to Specops Software. The study found 88% of passwords used in successful attacks consisted of 12 characters or…

Read more →

Keeping up with financial fraud is incredibly difficult because accurate fraud detection requires a deep, real-time analysis of all the events surrounding a transaction. Consider a typical payment transaction: A single transfer of funds to a new payee may not…

Read more →

Microsoft to boost protection against malicious OneNote documents Microsoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document – a known high-risk phishing file…

Read more →

ThreatBlockr and Engaged Security Partners announced a partnership focusing on “left of boom” protection to bring enhanced breach prevention to customers. Engaged Security Partners uses ThreatBlockr’s platform for threat intelligence management and integration into the network. Together, Engaged Security Partners’…

Read more →

Avast launched Avast One Platinum, the new premium tier of the Cyber Safety service, Avast One. The new Platinum offering combines the full feature set from Avast One Family with identity monitoring and protection, identity theft resolution and reimbursement, and…

Read more →

Aura announced a multi-year partnership with Robert Downey Jr. Through the partnership, Downey Jr. joins Aura’s Board of Directors, invests in the company and commits to working with Aura as a strategist and brand advocate, supporting consumer education. Honestly, the…

Read more →

Atera announced a new strategic partnership and integration with ESET, enabling Atera’s community of IT professionals to deploy anti-malware solutions to protect their customers. “As cyberattacks increase in sophistication and frequency, it is important that we partner with cybersecurity leaders…

Read more →

QuSecure has accomplished the first known live, end-to-end quantum-resilient cryptographic communications satellite link through space, marking the first time U.S. satellite data transmissions have been protected from classical and quantum decryption attacks using post-quantum cryptography (PQC). The quantum-secure communication to…

Read more →

Microsoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document – a known high-risk phishing file type. “Users will receive a notification when the…

Read more →

This week, as part of a global law enforcement operation, federal authorities in Los Angeles successfully confiscated www.worldwiredlabs.com, a domain utilized by cybercriminals to distribute the NetWire remote access trojan (RAT) allowed perpetrators to assume control of infected computers and…

Read more →

“In 2022, investment scam losses were the most (common or dollar amount) scheme reported to the Internet Crime Complaint Center (IC3),” the FBI shared in its 2022 Internet Crime Report. This category includes crypto-investment scams such as liquidity mining, celebrity…

Read more →

Every month I touch on a few hot topics related to security around patching and some important updates to look out for on the upcoming Patch Tuesday. Diligence to this ongoing patch process, and not luck, is critical to protecting…

Read more →

Sophos introduced innovative advancements to its portfolio of endpoint security offerings. New adaptive active adversary protection; Linux malware protection enhancements; account health check capabilities; an integrated zero trust network access (ZTNA) agent for Windows and macOS devices; and more improve…

Read more →

Economic uncertainty is squeezing organizations globally. Gartner predicts nearly half of cybersecurity leaders will change jobs by 2025. These findings are alarming but undoubtedly unsurprising in today’s IT landscape. In this Help Net Security video, Denis Dorval, VP of International…

Read more →

In 2022, US financial institutions and the credit card sector lost an estimated $4.88 billion to synthetic identities through falsified deposit accounts and unsecured credit cards. That’s because legacy fraud prevention procedures often come up short in the effort to…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 1Password, GrammaTech, Kensington, Palo Alto Networks, and Persona. New Kensington privacy screens protect against visual hacking The SA270 Privacy Screen for Studio Display (K50740WW), SA240…

Read more →

Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible. About CVE-2023-27532 The nature of CVE-2023-27532 has not been explained –…

Read more →

1Password has launched Unlock with Single Sign-On (SSO) which enables enterprise customers to use Okta for unlocking their 1Password accounts, with Azure AD and Duo integration to follow in the coming months. Unlock with SSO helps IT teams improve their…

Read more →

Hybrid work has exposed another area of vulnerability, with 70% of government workers reporting they work virtually at least some of the time, according to Ivanti. The proliferation of devices, users, and locations adds complexity and new vulnerabilities for government…

Read more →

Cado Security raised $20M in funding from Eurazeo, a global investment company, and Ten Eleven Ventures, a cybersecurity-focused, global, stage-agnostic investment firm. This latest investment brings the company’s total investment to $31.5M. The funds will build on the company’s impressive…

Read more →

ActiveFence has completed the acquisition of Rewire, a London-based startup that’s building AI for online safety. Combining ActiveFence’s Trust and Safety platform, content detection AI models and scalable API with Rewire’s repertoire of innovative text models will arm customers in…

Read more →

Atakama has partnered with Panzura to deliver a seamless end-to-end data management and protection solution. “The crippling impact of ransomware and data exfiltration is at an all-time high,” said Scott Glazer, CRO, Atakama. “This is why our integration with Panzura…

Read more →

Whistic has formed a collaboration with Google Cloud to provide customers with a transparent security profile, which includes a full Google Cloud Assessment Report. Google Cloud customers can now leverage Whistic’s Trust Catalog to view the latest security information. More…

Read more →

SecurityScorecard has unveiled a strategic partnership with the International Legal Technology Association (ILTA) to provide ILTA members with enterprise licenses to monitor their own organization and a portfolio of vendors, partners, or clients. “SecurityScorecard is committed to helping the global…

Read more →

Starting March 13, GitHub will gradually introduce the 2FA enrollment requirement to groups of developers and administrators, beginning with smaller groups. This measured approach allows the platform to ensure successful onboarding and make necessary adjustments before scaling to larger groups…

Read more →

ChatGPT has garnered a lot of questions about its security and capacity for manipulation, partly because it is a new software that has seen unprecedented growth (hosting 100 million users just two months following its launch). Security concerns vary from…

Read more →

Fortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy. None of the patched vulnerabilities is actively exploited, but Fortinet’s devices are often targeted by ransomware gangs and…

Read more →

Google One unveiled two exciting additions to its range of features. Firstly, VPN by Google One will now be available to all plans, offering additional security while carrying out online activities. Secondly, introducing the dark web report in the U.S.…

Read more →

In this Help Net Security video, David King, Director of Innovation at GlobalSign, discusses document signing. Digital signatures utilize advanced cryptographic technology to provide the highest level of security for electronic signatures, surpassing all other forms of e-signatures. Due to…

Read more →

GitGuardian scanned 1.027 billion new GitHub commits in 2022 (+20% compared to 2021) and found 10,000,000 secrets occurrences (+67% compared to 2022). What is interesting beyond this ever-increasing number is that 1 code author out of 10 exposed a secret…

Read more →

Healthcare and financial services organizations have embraced cloud technology due to the ease of managing increasing volumes of data, according to Blancco. Cloud adoption has had significant effects on data classification, minimization, and end-of-life (EOL) data disposal. However, 65% of…

Read more →

Trend Micro’s overall threat detections increased by 55%, and the number of blocked malicious files surged by 242% due to indiscriminate targeting by threat actors who went after both consumers and organizations in all sectors. Trends for 2022 and beyond…

Read more →

Digitization and the heavy adoption of connected devices are enabling organizations to reach new heights and, at the same time, have intensified the threat landscape and extended the attack surface. As organizations work to reap the benefits of the IT,…

Read more →

11:11 Systems has announced general availability of 11:11 Managed Backup for Cohesity, a fully managed service for on-premises data protection. By combining Cohesity’s solution deployed on-site with 11:11’s onboarding, configuration and ongoing management, customers get comprehensive protection from a secure,…

Read more →

GrammaTech has unveiled a new version of its CodeSentry binary SCA platform that is available in three editions. Unlike source-code SCA tools that only inspect components under development, CodeSentry analyzes the binary that executes to identify all components or vulnerabilities…

Read more →

Code42 Software and SentinelOne have formed a new partnership that integrates the Code42 Incydr solution with the SentinelOne Singularity Platform. This integration grants users additional visibility over their most sensitive data and expands response capabilities in the event of an…

Read more →

CTERA seamlessly integrates Concentric AI‘s Semantic Intelligence solution into customer environments by deploying an edge filer that acts as a cache server for Concentric AI’s data security posture management capabilities. Together, the partnership helps joint customers find, evaluate, store, and…

Read more →

In this Help Net Security video, Avani Desai, CEO at Schellman, talks about how teaching STEM subjects like cybersecurity is essential for addressing the staffing crisis and ensuring that organizations have the talent to protect themselves from cyber threats in…

Read more →

With 10% of startups failing in the first year, making wise and future-proof decisions for your new cybersecurity venture is essential. Building the perfect cybersecurity startup As society adapts to an increasingly digital world, opportunities for cybercrime and attacks are…

Read more →

92% of organizations have fallen victim to successful phishing attacks in the last 12 months, while 91% of organizations have admitted to experiencing email data loss, according to Egress. Not surprisingly, 99% of cybersecurity leaders confess to being stressed about…

Read more →

After combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, the results clearly illustrate that the API threat landscape is becoming more dangerous, according to Wallarm. API attack…

Read more →

Kensington has expanded its robust portfolio of data protection solutions with the launch of three new privacy screens. The SA270 Privacy Screen for Studio Display (K50740WW), SA240 Privacy Screen for iMac 24” (K55170WW), and MagPro Elite Magnetic Privacy Screen for…

Read more →

Akamai Technologies has introduced the Akamai Hunt security service that enables customers to capitalize on the infrastructure of Akamai Guardicore Segmentation, Akamai’s global attack visibility, and expert security researchers to hunt and remediate the most evasive threats and risks in…

Read more →

Persona has launched Graph to help businesses stop online identity fraud. Leveraging advanced link analysis technology and a configurable query, Graph detects risky connections between users, enabling organizations to uncover and proactively block hard-to-detect fraud. Risk and compliance teams now…

Read more →

SANS Institute has launched the SANS Cloud Diversity Academy (SCDA) in collaboration with Google. This academy provides training and certifications to Black, Indigenous, and People of Color (BIPOC), women, and other underrepresented groups who are passionate about pursuing a technical…

Read more →

When it comes to data breaches, organizations are generally informed about the risks and procedures for mitigating them. They can (typically) respond with minimal collateral damage. But the impact a data breach can have on individuals can be devasting; getting…

Read more →

ESET researchers have analyzed MQsTTang, a custom backdoor that they attribute to the China-aligned Mustang Panda APT group. This backdoor is part of an ongoing campaign that ESET can trace back to early January 2023. Execution graph showing the subprocesses…

Read more →

Serious security vulnerabilities have been identified in multiple DJI drones. These weaknesses had the potential to allow users to modify crucial drone identification details such as its serial number and even bypass security mechanisms that enable authorities to track both…

Read more →