Category: Help Net Security

Bitdefender has unveiled Bitdefender Premium Security Plus, a new security suite that provides threat prevention and detection, a fully featured password manager to keep credentials safe, secure virtual private network (VPN) for online privacy, and 24/7 digital identity protection monitoring.…

Read more →

Xcitium has unveiled its endpoint security solution, ZeroDwell Containment, for customers with or without legacy EDR products. Xcitium multi-patented technology closes the gaps in enterprise cybersecurity defenses left by traditional detection methods. According to Tim Bandos, EVP of SOC services…

Read more →

84% of codebases contain at least one known open-source vulnerability, a nearly 4% increase from last year, according to Synopsys. The findings of the report deliver an in-depth look at the current state of open source security, compliance, licensing, and…

Read more →

94% of CISOs report being stressed at work, with 65% admitting work-related stress issues are compromising their ability to protect their organization, according to Cynet. Among the CISOs surveyed, 100% said they needed additional resources to adequately cope with current…

Read more →

Amid uncertain economic conditions, the technology sector has been a hot topic of discussion in recent months due to the mass amounts of layoffs across the industry. In this Help Net Security video, Nick Tausek, Lead Security Automation Architect at…

Read more →

NetSPI has appointed Scott Lundgren and John Spiliotis to its Board of Directors. The two veteran security industry executives will support the company’s next stage of growth following a year of record momentum. “We’re honored to have Scott and John…

Read more →

Sublime has launched open email security platform and raised $9.8 million in funding. The platform has been in private beta testing for more than a year and is already in use at dozens of organizations, including Fortune 500s, Global 2000s,…

Read more →

DarkLight and Resecurity partnership will give DarkLight access to Resecurity’s threat intelligence solution called Context, which identifies indications of cyber intrusions and data breaches for clients. This will give DarkLight the ability to provide comprehensive risk assessments tailored to each…

Read more →

VMware has fixed a critical vulnerability (CVE-2023-20858) in Carbon Black App Control, its enterprise solution for preventing untrusted software from executing on critical systems and endpoints. Even though the flaw has been privately reported to VMware, and there is no…

Read more →

In this Help Net Security video, J.R. Cunningham, CSO at Nuspire, discusses IoT cybersecurity concerns for 2023. With homes becoming increasingly connected and reliant on smart technology, the potential for cybercriminals to exploit vulnerabilities and wreak havoc is higher than…

Read more →

Enterprises looking to modernize their APIs are increasingly switching from the REST architecture to the open-source data query and manipulation language GraphQL. While the transition makes sense – GraphQL is more flexible, scalable, and easier for developers to use –…

Read more →

Cloud adoption among organizations has increased dramatically over the past few years, both in the range of services used and the extent to which they are employed, according to Info-Tech Research Group. However, network builders tend to overlook the vulnerabilities…

Read more →

Researchers identified 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022 – marking a 19% increase year-over-year. Threat actors are actively searching the internet and deep and dark web for 180 vulnerabilities known…

Read more →

Catalogic Software has unveiled a new bundled offering of its native back-up-as-a-service platform CloudCasa and Ondat. This combined CloudCasa and Ondat offering provides customers with a unified solution to run their stateful applications on Kubernetes, without worrying about availability, performance,…

Read more →

Mitigating persistent cyber threats has made network security mission critical for businesses of all sizes. The 2022 U.S. Cybersecurity Census Report found that the average business experiences 42 cyberattacks each year, amplifying the need for a comprehensive solution. Perimeter 81…

Read more →

Horizon3’s Attack Team has released a PoC exploit for CVE-2022-39952, a critical vulnerability affecting FortiNAC, Fortinet’s network access control solution. “Similar to the weaponization of previous archive vulnerability issues that allow arbitrary file write, we use this vulnerability to write…

Read more →

Cryptocurrency exchange Coinbase has fended off a cyberattack that might have been mounted by the same attackers that targeted Twillio, Cloudflare and many other companies last year. Leveraging smishing and vishing, the attackers tried to trick Coinbase employees into sharing…

Read more →

In this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about Protected Computing, the impact of data protection regulations, and privacy in general. Data protection regulations are rapidly developing globally. What…

Read more →

Understanding why ChatGPT is garnering so much attention takes a bit of background. Up until recently, AI models have been quite “dumb”: they could only respond to specific tasks when trained on a large dataset providing context on what to…

Read more →

The rapid evolution of cybercrime is weighing on security teams substantially more than it did last year, leading to widespread burnout and potential regulatory risk, according to Magnet Forensics. “Digital forensics and incident response teams have proven to be indispensable…

Read more →

The ongoing cybersecurity skills shortage is a critical issue plaguing organizations and causing serious problems. The lack of trained and qualified professionals in the field has resulted in numerous security breaches, leading to the loss of large amounts of money.…

Read more →

SANS Security Awareness, a division of the SANS Institute, launched its new short-form technical training modules, “Security Essentials for IT Administrators.” This series provides a comprehensive review of cybersecurity principles, specifically targeting those with a foundational understanding of IT systems…

Read more →

Twitter has announced that starting with March 20, users who don’t pay the Twitter Blue subscription will no longer be able to use the SMS-based two-factor authentication (2FA) option. “While historically a popular form of 2FA, unfortunately we have seen…

Read more →

If an organization relies on automation and tools to highlight API security issues, it is still up to a trained developer to manage API behavior. Since there is no standard for managing APIs, organizations must rely on more than tools…

Read more →

Despite economic volatility and tighter budgets, adoption of software as a service (SaaS) continues to increase. Gartner forecasts a 16.8% growth for SaaS in 2023 as companies – including SMBs – add new SaaS platforms to their IT stack. This…

Read more →

Scientists have taken a key step toward harnessing a form of artificial intelligence known as deep reinforcement learning, or DRL, to protect computer networks. Autonomus cyber defense framework When faced with sophisticated cyberattacks in a rigorous simulation setting, deep reinforcement…

Read more →

Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities (CVE-2022-39952, CVE-2021-42756) affecting its FortiNAC and FortiWeb solutions. Since cyberattackers love to exploit vulnerabilities in Fortinet enterprise solutions and a PoC exploit for…

Read more →

The number of data breaches affecting healthcare providers declined in the second half of 2022, consistent with a downward trend over the past two years, according to Critical Insight. Healthcare industry sees a decrease in data breaches A deeper dive…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Combining identity and security strategies to mitigate risks The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the…

Read more →

Alteryx has unveiled new self-service and enterprise-grade capabilities to its Alteryx Analytics Cloud Platform to help customers make faster and more intelligent decisions. The enhanced platform, which now includes all access for Designer Cloud, offers an approachable easy-to-use drag-and-drop modern…

Read more →

Opsera has released the latest enhancements to its Salesforce DevOps platform that ensures the highest security and compliance standards are met for Salesforce releases through source-driven development and native integrations with security tools. Continuous security with Opsera’s Salesforce DevOps platform…

Read more →

RSA Conference announced its initial lineup of keynote speakers for its upcoming Conference, taking place at the Moscone Center in San Francisco from April 24-27, 2023. Speakers include Lisa Monaco, the Deputy Attorney of the United States, Rumman Chowdhury, a…

Read more →

Dynatrace has formed a strategic technology alliance with Snyk to make software delivery more secure. The alliance will leverage the DevSecOps Lifecycle Coverage with Snyk app, built using the new Dynatrace AppEngine. This app is designed to connect Snyk container…

Read more →

Cisco has released security updates for several of its enterprise security and networking products, fixing (among other things): A critical vulnerability (CVE-2023-20032) in the ClamAV scanning library used by its Secure Endpoint, Secure Endpoint Private Cloud, and Secure Web Appliance,…

Read more →

A joint investigation supported by Europol has led to the dismantling of a Franco-Israeli criminal network involved in large-scale CEO fraud (also known as BEC scams). The operational activities resulted in five action days, which took place between January 2022…

Read more →

ESET has launched its threat intelligence services, designed to extend an organizations’ security intelligence. These new commercially available reports provide deeper insights and actionable guidance from ESET’s renowned global research teams about specific threat vectors and attack sources. Now corporations…

Read more →

Cyber-physical system vulnerabilities disclosed in the second half (2H) of 2022 have declined by 14% since hitting a peak during 2H 2021, while vulnerabilities found by internal research and product security teams have increased by 80% over the same time…

Read more →

In this Help Net Security video, Daniel Dos Santos, Head of Security Research at Forescout, talks about recent research, which has revealed how attackers can move laterally between vulnerable networks and devices found at the controller level of critical infrastructure.…

Read more →

Recently, Entrust named Bhagwat Swaroop as President, Digital Security Solutions. In this role, Bhagwat will lead the evolution, growth, and expansion of the Entrust Digital Security portfolio, which includes solutions for data encryption, public and private certificate authorities, identity and…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from CyberSaint, DigiCert, Finite State, FireMon, and Veeam Software. CyberSaint Executive Dashboard empowers CISOs to take control of cyber risk communication The Executive Dashboard is the…

Read more →

Dynatrace AppEngine platform technology empowers customers and partners with an easy-to-use, low-code approach to create custom, compliant, and intelligent data-driven apps for their IT, development, security, and business teams. These custom apps can address boundless BizDevSecOps use cases and unlock…

Read more →

IGEL has announced IGEL COSMOS, a unified platform to securely manage and automate the delivery of digital workspaces, from any cloud. Offering a modular architecture, granular endpoint control and end-user freedom, COSMOS is designed to enable organizations to garner the…

Read more →

ESET has launched its threat intelligence services, designed to extend an organizations’ security intelligence. These new commercially available reports provide deeper insights and actionable guidance from ESET’s renowned global research teams about specific threat vectors and attack sources. Now corporations…

Read more →

Rhymetec has launched two new service offerings for SaaS companies: PCI Compliance Scanning and Phishing Testing & Training. Both offerings will assist B2B organizations in staying secure and compliant while they continue to grow and innovate. Staying on top of…

Read more →

OneSpan announced the launch of OneSpan Notary, a next-generation, all-in-one, cloud-connected solution that enables organizations to transform the way notaries and customers complete agreements and notarize documents in a secure and trusted environment. OneSpan Notary was co-designed in collaboration with…

Read more →

Perimeter 81 has unveiled a successful integration with ConnectWise. Perimeter 81’s platform, which empowers MSPs to deliver network security solutions to SMB and SME clients, is now integrated with ConnectWise PSA (formerly ConnectWise Manage). The certified integration optimizes efficiency for…

Read more →

Each year at the end of January, internet users are deluged with advice on how to keep their data protected and reclaim their online privacy. What started as Data Privacy Day has now become a Week, to match our increasing…

Read more →

Quantum computing has surged in popularity recently, with its revolutionary computational capabilities transforming the technology sector. While some are skeptical of its real-world potential, others are more visionary about its future. In this Help Net Security video, Vanesa Diaz, CEO…

Read more →

Cloud environments and application connectivity have become a critical part of many organizations’ digital transformation initiatives. In fact, nearly 40% of North American and European-based enterprises adopted industry-specific cloud platforms in 2022. But why are organizations turning to these solutions…

Read more →

Job seekers, students, and career changers around the world want to pursue roles related to science, technology, engineering, and mathematics (STEM) across different industries, but say they are not familiar with career options, according to IBM. At the same time,…

Read more →

High-risk users represent approximately 10% of the worker population and are found in every department and function of the organization, according to Elevate Security research. High-risk users represent a sizable threat to the organization Additionally, the study made several unexpected…

Read more →

Open Systems has redefined the managed detection and response (MDR) market with the launch of Ontinue, its new MDR division. Ontinue is the managed extended detection and response (MXDR) provider that leverages AI-driven automation, human expertise and the Microsoft security…

Read more →

Veeam Software has released the Veeam Data Platform, a single platform delivering more advanced data security, recovery and hybrid cloud capabilities. The Veeam Data Platform, which includes Veeam Backup & Replication (VBR) v12, provides secure backup and recovery that keeps…

Read more →

Styra Load advances the capabilities of Open Policy Agent (OPA), and alleviates the effects of data-heavy authorization while reducing infrastructure costs and increasing authorization performance for platform engineering teams. Purpose-built for enterprises managing authorization with large data sets, Styra Load…

Read more →

FireMon unveils FireMon Policy Analyzer, a complimentary firewall assessment tool that provides organizations with a comprehensive diagnostic report outlining the health of a firewall policy, complete with best practices and suggestions to improve their security posture. According to Gartner, 99%…

Read more →

Check Point has introduced Check Point Infinity Spark, a threat prevention solution that delivers AI security and integrated connectivity to small and medium-sized businesses (SMBs). Infinity Spark offers enterprise grade security across networks, email, office, endpoint, and mobile devices. With…

Read more →

GoSecure has released Titan Identity, a solution combining technology with a managed service to provide a cost-effective, deployable solution that enables organizations to improve credential theft response times. Threat actors have many techniques to abuse identity services like Active Directory…

Read more →

Together, LogRhythm and Trend Micro are empowering security teams to confidently navigate a changing threat landscape and quickly secure their environments. The combined solution allows security teams to pull threat data from multiple sources, correlate the data, and automate a…

Read more →

Deepwatch has unveiled a total of $180 million in equity investments and strategic financing from Springcoast Capital Partners, Splunk Ventures and Vista Credit Partners, a subsidiary of Vista Equity Partners and strategic credit and financing partner focused on the enterprise…

Read more →

CompTIA has reported that up to 2,000 people across the country, from communities that are underrepresented in technology, will be trained to work as technical support and help desk professionals as part of its new workforce development program. CompTIA’s new…

Read more →

Quantinuum has unveiled that Rajeeb (Raj) Hazra has been appointed to the role of CEO of Quantinuum, effective immediately. In stepping down, current Quantinuum CEO Ilyas Khan will remain a leader in the company. He remains a member of the…

Read more →

Last week, the Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, announced Jeff Reich as the organization’s new Executive Director. This was…

Read more →

Adam Shostack, the author of “Threat Modeling: Designing for Security”, and the co-author of “The New School of Information Security”, recently launched his new book – “Threats: What Every Engineer Should Learn From Star Wars”. In this Help Net Security…

Read more →

Another year of high-profile cyberattacks, another year of beating the cybersecurity drums. Clearly, we’re missing a few notes. Attack surface management (ASM) is a make or break for organizations, but before we get to the usual list of best practices,…

Read more →

SynSaber has launched OT PCAP Analyzer tool that allows users to view a high-level breakdown of the device and protocol information contained within a packet capture (PCAP) file. SynSaber’s OT PCAP Analyzer provides visibility into a snapshot of your network…

Read more →

Akamai Technologies has launched Akamai Connected Cloud, a massively distributed edge and cloud platform for cloud computing, security, and content delivery that keeps applications and experiences closer and threats farther away. Akamai also announced new strategic cloud computing services for…

Read more →

ThreatBlockr introduced major updates and features to its platform. The release improves flexibility, control, and visibility, with key updates including list consolidation, simplified policy configuration, easier protection of networks and ports, improvements to management systems and simplified access controls. These…

Read more →

CyberSaint’s Executive Dashboard allows CISOs to present their cyber risk posture to the rest of the C-suite and Board of Directors in a credible, financially quantifiable manner that enables informed decision-making. The Executive Dashboard is just the latest in a…

Read more →

Finite State has released its Next Generation Platform featuring extended SBOM management with the ability to ingest and aggregate 120+ external data sources. The new platform gives Application and Product Security teams a unified and prioritized risk view with unprecedented…

Read more →

There is a definite trend of MSPs shifting into security. There are a number of very good reasons for this, including the fact that other services traditionally offered are becoming commoditized, as well as the increasing threat that SMEs and…

Read more →

Resecurity has partnered with CSG (Centre Systems Group) to accelerate channel sales growth in UAE and enable CSG to offer a Cyber Threat Intelligence (CTI), Dark Web Monitoring (DWM), Digital Risk Management (DRM), Fraud Prevention (FP) and Identity Protection (IDP)…

Read more →

Ping Identity has formed a new strategic alliance with Deloitte to help the organizations’ shared clients improve advanced Identity Access Management (IAM) Solutions selection and onboarding. Through the alliance, Ping and Deloitte’s shared clients will be able to streamline digital…

Read more →

Elastic has appointed Mathew Donoghue as Chief Marketing Officer (CMO) effective February 13, 2023 to drive scalable growth across the company’s $88 billion total addressable market (TAM) by leveraging innovative solutions and a customer-first approach. As the leader of the…

Read more →

DirectDefense has unveiled that Christopher Walcutt has been promoted to Chief Security Officer (CSO), effective immediately. Walcutt will ensure consistent and high-quality information security management throughout the organization. Additionally, he will partner with internal teams across all levels, including the…

Read more →

Zscaler acquires Canonic Security to prevent organizations’ growing risks of SaaS supply chain attacks. With the massive migration to the cloud, as organizations are adopting hundreds of SaaS platforms, their users are connecting thousands of third-party applications and browser extensions…

Read more →

The February 2023 Patch Tuesday is upon us, with Microsoft releasing patches for 75 CVE-numbered vulnerabilities, including three actively exploited zero-day flaws (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823). The three zero-days (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823) CVE-2023-21715 a vulnerability that allows attackers to bypass a…

Read more →

Canonical released real-time Ubuntu 22.04 LTS, providing a deterministic response to an external event, aiming to minimise the response time guarantee within a specified deadline. The new enterprise-grade real-time kernel is ideal for stringent low-latency requirements. Enterprises in industrial, telecommunications,…

Read more →

Apple has released security updates that fix a WebKit zero-day vulnerability (CVE-2023-23529) that “may have been actively exploited.” The bug has been fixed in iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3.1, and possibly also in tvOS 16.3.2…

Read more →

“Swiss Army knife” malware – multi-purpose malware that can perform malicious actions across the cyber-kill chain and evade detection by security controls – is on the rise, according to the results of Picus Security’s analysis of over 550,000 real-world malware…

Read more →

Expel managed detection and response (MDR) for Kubernetes enables customers to secure their business across their Kubernetes environment and adopt new technologies at scale without being hindered by security concerns. “Organizations are adopting Kubernetes as a way to help their…

Read more →

Despite the widespread belief that understanding the cyber threat actors who could be targeting their organization is important, 79% of respondents stated that their organizations make the majority of cybersecurity decisions without insights into the threat actor targeting them. While…

Read more →

The number of DDoS attacks we see around the globe is on the rise, and that trend is likely to continue throughout 2023, according to Corero. We expect to see attackers deploy a higher rate of request-based or packets-per-second attacks.…

Read more →

The dire shortage of information security experts has left organizations struggling to keep up with the growing demand for their skills. Still, getting a job in cybersecurity tends to take time and effort. In this Help Net Security interview, Joseph…

Read more →

Recently, I was asked to imagine that I had been granted an hour with top officials at the Cybersecurity and Infrastructure Security Agency (CISA) – what advice would I offer to help it have an even bigger impact in 2023…

Read more →

Three vulnerabilities found in a variety of Korenix JetWave industrial access points and LTE cellular gateways may allow attackers to either disrupt their operation or to use them as a foothold for further attacks, CyberDanube researchers have found. “If such…

Read more →

A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal information or sharing their crypto wallet’s secret recovery phrase. Attention @Namecheap users: be wary of…

Read more →

Let’s face it, security teams are only as good as the next problem they face. But why is keeping up so difficult? New/evolving requirements, lengthy/confusing acronyms, and countless moving parts plague compliance regulations. In this Help Net Security video, Gianna…

Read more →

The concept of zero trust – as a way to improve the security of and access to an organization’s network, systems, and data – has gained traction in recent years. The basic premise is that no user or device should…

Read more →

Cybercriminals remained active in spying and information stealing, with lottery-themed adware campaigns used as a tactic to obtain people’s contact details, according to Avast. Threats using social engineering to steal money, such as refund and invoice fraud and tech support…

Read more →

Recently, at Cybertech Tel Aviv 2023, I met with Luigi Lenguito, CEO at Bfore.AI, who introduced me to their technology. In this Help Net Security interview, Lenguito talks about threat prevention challenges and how his company can predict cyber attacks…

Read more →

Integreon has unveiled the development of CyberHawk-AI, an advanced automated technology that utilizes artificial intelligence (AI) to streamline the process of extracting and analyzing sensitive data following cyber breaches. This technology will be integrated into their cyber response workflow to…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: While governments pass privacy laws, companies struggle to change In this Help Net Security interview, Bill Tolson, VP of Compliance and eDiscovery at Archive360, discusses…

Read more →

CyberData Pros has partnered with Ketch to provide data security and compliance services for clients worldwide. CyberData Pros specializes in data security, compliance, consulting, and due diligence, allowing their analysts to provide solution-oriented awareness and implementation routes to help with…

Read more →

US and South Korean agencies have issued a joint cybersecurity advisory describing the tactics, techniques and procedures used by North Korean hackers to deploy “state-sponsored” ransomware on hospitals and other organizations that can be considered part of the countries’ critical…

Read more →

Patch Tuesday falls on Valentine’s Day this year but will it be a special date? While there have been ongoing cyber-attacks of all kinds, it has been relatively quiet on the release of new patches from Microsoft. Expect that trend…

Read more →

Popular social news website and forum Reddit has been breached (again) and the attacker “gained access to some internal docs, code, as well as some internal dashboards and business systems,” but apparently not to primary production systems and user data.…

Read more →

75% of the organizations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average potential costs of more than $1 million for their most expensive attack, according to a new…

Read more →

Are ageing technologies and infrastructure threatening the security and productivity of your business? A recent investigation by the National Audit Office (NAO – UK’s independent public spending watchdog) revealed that the Department for Environment, Food and Rural Affairs is relying…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Cequence Security, Deepwatch, Neustar Security Services, OPSWAT, and SecuriThings. OPSWAT MetaDefender Kiosk K2100 secures critical networks in challenging environments The OPSWAT MetaDefender Kiosk K2100 is…

Read more →

SecuriThings announced a new Managed Service Platform for the physical security space that enables managed service providers to manage, visualize and maintain customer environments from a single pane of glass. Organizations across the globe invest extensively in buying and installing…

Read more →