Category: Help Net Security

Strike Graph has integrated a new solution which allows customers to go through security audits powered by technology at a fraction of the cost and time. This new streamlined offering was made available in 2022 and resulted in over 80%…

Read more →

Acalvio launched Identity Threat Detection and Response (ITDR) solution that offers identity attack surface area visibility and management, and Active Defense against identity threats. By incorporating Active Defense, Acalvio’s ITDR solution changes the environment to not only catch and counter…

Read more →

SentryBay adds to its family of Armored Client products with a solution specifically designed to address the client-side security gaps of Microsoft Azure Virtual Desktop and Windows 365 – while harnessing the strengths of Intune. Users of endpoint devices that…

Read more →

N-able launched N-able Managed Endpoint Detection and Response (Managed EDR), a threat monitoring, hunting, and response service designed for MSPs that have standardized on N-able Endpoint Detection and Response (EDR). Managed EDR supplements EDR with dedicated managed security services. Powered…

Read more →

IT and security teams are consolidating management and security functions to help better deliver new applications to end users, improve regulatory compliance, and reduce cyberattacks resulting from poor coordination between endpoint security and management teams, according to Syxsense. Endpoint security…

Read more →

Socure has joined the FIDO (Fast IDentity Online) Alliance to advance identity verification standards that make it easy to verify identity online and protect against identity fraud across industries. Socure’s mission is to verify 100% of good identities in real-time…

Read more →

Adaptive Shield has partnered with Datadog to provide joint customers with the ability to stream and visualize SaaS security alerts from Adaptive Shield. For all SaaS apps, users, and associated devices, the Adaptive Shield platform continuously monitors and immediately identifies…

Read more →

With Veza and GitHub integration, Veza customers who use GitHub can now keep company IP out of the hands of threat actors by managing access permissions to the organization’s codebase. Identity-related attacks continue to be the top culprit behind data…

Read more →

ASCON is the name of the group of lightweight authenticated encryption and hashing algorithms that the U.S. National Institute of Standards and Technology (NIST) has chosen to secure the data generated by Internet of Things (IoT) devices: implanted medical devices,…

Read more →

As a new year commences, it’s not unusual for people to take the opportunity to adopt better practices and principles and embrace new ways of thinking in both their personal and professional lives. Software development teams always strive to master…

Read more →

Between July–December 2022, the median open rate for text-based business email compromise (BEC) attacks was nearly 28%, according to Abnormal Security. Business email and supply chain compromise as attack strategies Additionally, of the malicious emails that were read, an average…

Read more →

Russia’s invasion of Ukraine continues to have a major impact on energy prices, inflation, and cyberthreats, with the ransomware scene experiencing some of the biggest shifts, according to ESET. “The ongoing war in Ukraine has created a divide among ransomware…

Read more →

The popular notion might view the rail industry as a laggard compared to auto or high-tech manufacturing when embracing Industry 4.0. Yet railways are increasingly dependent on sophisticated connected systems to enhance efficiency and customer satisfaction. Rail industry needs to…

Read more →

TikTok and Lensa AI have sparked worldwide conversations on the future of social media and consumer data privacy. In this Help Net Security video, Rick McElroy, Principal Security Strategist at VMware, offers a perspective on these trends, including tips on…

Read more →

Skybox Security appoints Mordecai Rosen as Chief Executive Officer and closes $50 million in financing from CVC Growth Funds, Pantheon, and J.P. Morgan. Mr. Rosen is a seasoned security technology executive with over 25 years of experience and will focus…

Read more →

Opscura has received $9.4M in Series A funding as it scales to engage further U.S. partners and customers seeking to protect and connect their critical operations. Founded in Spain as Enigmedia, the new global entity Opscura is also launching a…

Read more →

Appdome has released the first Appdome Orb for CircleCI as part of the Appdome Dev2Cyber Agility Partner Initiative to accelerate delivery of secure mobile apps globally. The new Appdome Build_2Secure Orb for CircleCI integrates directly into the CircleCI CI/CD platform,…

Read more →

Riskonnect has enhanced its Business Continuity and Resilience solution through a partnership with OnSolve. Riskonnect will utilize OnSolve’s Risk Intelligence to offer a new Threat Intelligence module to provide resilience leaders the ability to monitor global threats in real time…

Read more →

SonarSource has launched SonarQube 9.9 Long-Term Support (LTS) that empowers organizations to achieve the Clean Code state securely and at scale. With accelerated pull request analysis, support for building and deploying secure cloud-native applications, enterprise-grade capabilities, and many innovations related…

Read more →

Shufti Pro has launched its risk assessment and eIDV services to help global businesses fight identity fraud and financial crimes, and meet the ever-evolving KYC/AML regulatory landscape. Risk assessment solution Purposely built tool to help businesses identify risks associated with…

Read more →

Deepwatch announced new service offerings and advances to the Deepwatch SecOps Platform to speed the detection and containment of threats across the enterprise. The launch of Deepwatch MXDR for Identity provides extended detection and response to evolving identity-based threats; Deepwatch…

Read more →

Logpoint has released a ChatGPT integration for Logpoint SOAR in a lab setting. It allows the users to experiment with the potential of the AI-driven chatbot and discover how the technology could apply in cybersecurity operations. “We’re excited to enable…

Read more →

According to the latest data, the number of ESXiArgs ransomware victims has surpassed 3,800, and CISA has published a recovery script for victim organizations. Fixing the mess The attacks started late last week and are still ongoing. Investigations point to…

Read more →

As 2023 goals become solidified, companies need to decide how they are prioritizing cybersecurity. It’s time to focus on what organizations can prioritize. In this Help Net Security video, Kevin Garrett, Senior Solutions Engineer at Censys, recommends three critical elements…

Read more →

Cisco customers can now access new risk-based capabilities across Cisco’s security portfolio to better protect hybrid work and multi-cloud environments. These advancements demonstrate progress towards realizing the full vision of the Cisco Security Cloud which will protect the integrity of…

Read more →

Everbridge has introduced a new AI-powered situational awareness tool enabling incident commanders and resolvers to gain deep visibility into IT service disruptions. Available as part of Everbridge’s Digital Operations solutions bundle, DigitalOps Insights powered by xMatters provides Operations/IT​, NOC/SOC​, Service…

Read more →

Neustar Security Services is launching UltraPlatform, a solution that leverages three Neustar Security Services’ offerings critical to protecting organizations’ online assets and infrastructure: an authoritative domain name system (DNS) service, protection against distributed denial-of-service (DDoS) attacks and a web application…

Read more →

Digital identities are rapidly becoming more widely used as organizations’ and governments’ digital transformation projects mature and users demand more remote accessibility for everything, from creating a bank account to applying for government services, according to iProov. To support this…

Read more →

If there’s one thing people will remember about AI advances in 2022, it’ll be the advent of sophisticated generative models: DALL.E 2, Stable Diffusion, Midjourney, ChatGPT. They all made headlines – and they will change the way we work and…

Read more →

Too many online store administrators are storing private backups in public folders and exposing database passwords, secret API keys, administrator URLs and customer data to attackers who know where to look. “Exposed secrets have been used to gain control of…

Read more →

Flawed encryption logic used in Cl0p (Clop) ransomware’s Linux (ELF) variant has allowed SentinelOne researchers to create and release a free decryptor. “The [Cl0p] Windows variant encrypts the generated RC4 key responsible for the file encryption using the asymmetric algorithm…

Read more →

Starting in April 2023, Amazon S3 will change the default security configuration for all new S3 buckets. For new buckets created after this date, S3 Block Public Access will be enabled, and S3 access control lists (ACLs) will be disabled.…

Read more →

Fortinet has released FortiSP5, the latest breakthrough in ASIC technology from Fortinet to propel major leaps forward in securing distributed network edges. Building on over 20 years of ASIC investment and innovation from Fortinet, FortiSP5 delivers secure computing power advantages…

Read more →

OPSWAT unveiled MetaDefender Kiosk K2100, a new, ultra-rugged mobile kiosk designed to keep critical networks secure in even the harshest conditions. “OPSWAT has a deep understanding of the challenges OT security teams face,” said Sid Snitkin, VP, Cybersecurity Services at…

Read more →

Cequence Security has enhanced the testing capabilities within its Unified API Protection Platform with the availability of API Security Testing. This API Security Testing framework encourages shift-left efforts by giving security and development teams the tools to quickly uncover and…

Read more →

51% of IT professionals predict that we are less than a year away from a successful cyberattack being credited to ChatGPT, and 71% believe that foreign states are likely to already be using the technology for malicious purposes against other…

Read more →

All businesses seek profitable growth. The issue is that growth adds complexity. Organizations need new systems and more employees to support this larger footprint, thus expanding the number of potential points of failure. This means more financial and reputation risks…

Read more →

Tensions between two of the biggest producers of connected (IoT) devices are coming to a head, and will be changing the IoT landscape in 2023. In recent months, India and China have faced off over their disputed border in the…

Read more →

In this Help Net Security video, Christopher Hodson, CSO at Cyberhaven, talks about how CISOs have been investing in inflating their tech stack, but for what? No amount of acronyms will do any good if stuff is leaking from within.…

Read more →

Nozomi Networks and Industrial Defender have unveiled a strategic partnership to enhance the security of critical infrastructure and manufacturing facilities. The companies’ joint solution combines asset visibility and threat detection capabilities from Nozomi Networks with change and configuration monitoring from…

Read more →

U2opia licensed two technologies from the Department of Energy’s Oak Ridge National Laboratory that offer a new method for advanced cybersecurity monitoring in real time. “Identifying and quickly responding to attempted cybersecurity attacks is an urgent need across government and…

Read more →

Late last week, unknown attackers launched a widespread ransomware attack hitting VMware ESXi hypervisors via CVE-2021-21974, an easily exploitable vulnerability that allows them to run exploit code remotely, without prior authentication. Patches for CVE-2021-21974, a vulnerability in ESXi’s OpenSLP service,…

Read more →

Government agencies keep making new privacy rules while end users fall victim to malpractice and scams. Bill Tolson, VP of Compliance and eDiscovery at Archive360, has spent many years consulting with regulators and advising businesses on concrete steps to enhance…

Read more →

Everyone wants extraordinary online experiences without sacrificing the security of their personal information. Yet according to Ping Identity’s 2022 Consumer Survey, 77% of people feel they will never be in full control of their privacy online and still blindly accept…

Read more →

Although ransomware campaigns declined quarter over quarter in 2022, primarily due to the collapse of more experienced cybercriminal groups, IT leaders still consider them to be the most worrying cyber threats. “Aside from ransomware and the hybrid work model, in…

Read more →

Splashtop launched Splashtop Antivirus powered by Bitdefender, enabling MSPs and IT teams to protect their endpoints against threats with the benefit of a centralized management experience. The latest offering elevates Splashtop’s commitment to protecting users on multiple fronts, from securing…

Read more →

Resecurity has identified a new version of Nevada Ransomware which recently emerged on the Dark Web right before the start of 2023. The actors behind this new project have an affiliate platform first introduced on the RAMP underground community, which…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Mounting cybersecurity pressure is creating headaches in railway boardrooms In this Help Net Security interview, Dimitri van Zantvliet is the Cybersecurity Director/CISO of Dutch Railways,…

Read more →

Gigamon announced that Chaim Mazal has been named Chief Security Officer (CSO), joining the Gigamon executive leadership team and will report directly to President and CEO Shane Buckley. Mr. Mazal will be responsible for global security, information technology, network operations,…

Read more →

ExtraHop partners with Binary Defense to offer Reveal(x) 360, ExtraHop’s SaaS-based network detection and response (NDR) solution, as a managed service. As threats rapidly evolve, cybersecurity teams are finding themselves more strapped for resources than ever before, with shrinking budgets…

Read more →

MITRE released the Cyber Resiliency Engineering Framework (CREF) Navigator — a free, visualization tool that allows organizations to customize their cyber resiliency goals, objectives, techniques, as aligned with NIST SP 800-160, Volume 2 (Rev. 1), National Institute of Standards and…

Read more →

Deepwatch and Trace3 announced Trace3 Managed Detection and Response (MDR) Services powered by Deepwatch. Together, Deepwatch and Trace3 will deliver end-to-end solutions that enable clients to keep pace with the dynamic cyber threat landscape and deliver exceptional service and security…

Read more →

Drata has launched Audit Hub, a new tool to amplify customer-auditor collaboration and real-time audit correspondence. Integrating feedback directly from its Auditor Alliance, Drata designed Audit Hub to centralize key communication and audit needs in its own platform to further…

Read more →

Australian software maker Atlassian has released patches for CVE-2023-22501, a critical authentication vulnerability in Jira Service Management Server and Data Center, and is urging users to upgrade quickly. “Installing a fixed version of Jira Service Management is the recommended way…

Read more →

How far is too far for a hacker? Earlier this year the Lockbit ransomware-as-a-service organization apologized and provided a free decryptor following a ransomware attack on a children’s hospital in Toronto—blaming a “rogue affiliate” for going against the rules and…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Arkose Labs, Hornetsecurity, HYCU, KELA, and Trulioo. Hornetsecurity unveils two tools to counter rise in phishing attacks and malicious links Hornetsecurity launched two new tools…

Read more →

83% of organizations experienced more than one data breach in 2022. However, 97% of respondents feel confident that they are well-equipped with the tools and processes needed to prevent and identify intrusions or breaches, according to Exabeam. “The findings indicate…

Read more →

Enterprises have a limited number of analysts running their security operations centers (SOCs) and are deploying multiple tools in an attempt to address their cloud security challenges, according to ManageEngine. According to Gartner, 85% of organizations will embrace cloud-first strategies…

Read more →

Pixalate has released new iCloud Private Relay (iCPR) IVT detection features in the Pixalate Analytics dashboard to help clients measure their exposure to iCPR traffic. Pixalate found 21% of US mobile and desktop Safari traffic in Q4 2022 was associated…

Read more →

Keepit has launched its backup and recovery solution for Power BI. With the release of Keepit for Power BI, Keepit is extending its data protection service for Microsoft’s cloud solutions. Power BI is the first of the Microsoft Power Platform…

Read more →

HYCU unveiled R-Cloud to allow Software as a Service (SaaS) companies and Independent Software Vendors (ISVs) to provide, in days, backup and recovery services for their SaaS offerings. R-Cloud is a low-code, purpose-built data protection development platform specifically designed to…

Read more →

Netwrix has released new multi-tenant, software-as-a-service (SaaS) auditing solution Netwrix 1Secure designed to meet the needs of MSPs. Its cloud architecture helps MSPs ensure the security and compliance of their clients’ systems and data from a single console. Netwrix 1Secure…

Read more →

Wasabi Technologies has introduced Wasabi Surveillance Cloud, a solution that enables organizations to offload video surveillance footage from their local storage environment directly to the cloud without ever running out of capacity. This ‘bottomless’ approach to video storage is vital…

Read more →

Gem Security has emerged from stealth, launching its Cloud TDIR (Threat Detection, Investigation and Response) platform and announcing $11 million in seed funding led by Team8. The adoption of cloud infrastructure is increasing and diversifying the attack surface for organizations.…

Read more →

Radiant Logic and Brainwave GRC address a broad set of identity use cases, and the acquisition accelerates the companies’ shared vision of an Identity Data Fabric that uses the science of data to ensure the right information is in place…

Read more →

NTT has added Palo Alto Networks Prisma SASE to its Managed Campus Networks portfolio. The new offering is a managed Secure Access Service Edge (SASE) solution that includes SD-WAN, cloud-delivered security, and enhanced automation and reporting. The end-to-end solution is…

Read more →

Tanium has appointed Dan Streetman to the role of CEO. Orion Hindawi, who is the co-founder and current CEO of Tanium, will assume the role of executive chairman. In this new role, Orion will continue to drive the strategic vision…

Read more →

Help Net Security is attending the Cybertech Tel Aviv 2023 conference and exhibition, which gathers cybersecurity experts, businesses and startups from around the world. Here are a few photos from the event, featured vendors include: DarkOwl, ThriveDX, Minerva Labs, Astrix…

Read more →

When it comes to attacks against application programming interfaces (APIs), the building blocks that provide access to many of our applications, the OWASP API Top Ten is seen as definitive – and rightly so. Compiled in 2019 based on a…

Read more →

98 percent of organizations have vendor relationships with at least one third-party that has experienced a breach in the last two years, according to SecurityScorecard and The Cyentia Institute. The study also found that 50 percent of organizations have indirect…

Read more →

71% of business executives worry about accidental internal staff error as one of the top threats facing their companies, almost on par with concern about outside attackers (75%), according to EisnerAmper. An additional 23% said they worry about malicious intent…

Read more →

Companies are challenged with more complex hybrid IT environments. They are raising budgets to fend off cyberattacks and keep up as production environments continue to diversify across various clouds, according to Veeam Software. While organizations of all sizes now embrace…

Read more →

InterVision has launched new offerings: Managed Cloud Services (MCS) for AWS and Azure cloud environments and Penetration Testing as a Service (PTaaS) powered by RedSpy365. Both services offer enhanced and expanded cybersecurity designed to address current business and resilience concerns.…

Read more →

Hornetsecurity launched two new tools – the QR Code Analyzer and Secure Links – to combat growing cyber threats. These launches come in response to a rise in fake QR codes and the ongoing threat of phishing, which represents 40%…

Read more →

Neustar Security Services has introduced UltraDDR (DNS Detection and Response), a recursive DNS-based protection service aimed at combatting network breaches, ransomware attacks, phishing and supply chain compromise, while enforcing enterprise acceptable use policies for its users. UltraDDR provides a Protective…

Read more →

Certa’s workflow automation services, combined with Sayari’s integrated business intelligence and ownership data, enable a solution for enterprise businesses to onboard, assess risk, and monitor third parties through the duration of their lifecycle. Certa’s no-code capabilities allow users to dynamically…

Read more →

Zscaler has unveiled Zscaler Resilience, incorporating a new set of capabilities that extend the resilience of Zscaler’s architecture and operations and maintain interconnections between users and devices to critical cloud-based applications. Building upon 15 years of SaaS security, these SSE…

Read more →

Sentra has completed a $30 million Series A funding round led by Standard Investments with participation from Munich Re Ventures (MRV), Moore Strategic Ventures, Xerox Ventures and INT3 as well as existing investors Bessemer Venture Partners and Zeev Ventures. The…

Read more →

Dremio and Privacera have unveiled their latest integration, expanding advanced data governance and security capabilities for customers building modern data applications on top of data lakehouses. As data lakehouses are gaining more popularity, it is increasingly important to manage and…

Read more →

SAP and Red Hat have expanded partnership to increase SAP’s use of and support for Red Hat Enterprise Linux. This collaboration aims to enhance intelligent business operations, support cloud transformation across industries and drive holistic IT innovation. Building on the…

Read more →

As CEO of RedSeal, Gregory Enriquez will lead RedSeal into its next phase of growth with on-premises and cloud network security for government agencies and enterprise companies. RedSeal’s technology gives security and management teams the most holistic understanding of their…

Read more →

Dragos has appointed Kurt Gaudette as VP of Global Threat Intelligence to lead the company’s team of adversary hunters, threat analysts, research engineers and analytic developers. After transitioning from the military, Gaudette served as part of the U.S. Department of…

Read more →

Cisco has released patches for a high-severity vulnerability (CVE-2023-20076) found in some of its industrial routers, gateways and enterprise wireless access points, which may allow attackers to insert malicious code that can’t be deleted by simply rebooting the device or…

Read more →

Help Net Security is in Israel this week for Cybertech Tel Aviv 2023, talking to the key players from the cybersecurity industry and businesses from a wide range of sectors, who gathered to exchange knowledge, to network, and learn about…

Read more →

Cybertech Tel Aviv 2023 is under way at the Tel Aviv Expo. The conference and exhibition gathers cybersecurity experts, businesses and startups from around the world, and Help Net Security is there to take it all in. Here are a…

Read more →

Anti-money laundering (AML) policies are getting stronger as countries crack down on any opportunity criminals might have to take advantage of services and resources to further their activity. The US has the Bank Secrecy Act, the Patriot Act, and Anti-Money…

Read more →

Involta has introduced Disaster Recovery as a Service (DRaaS+), a new, three-tiered model designed to deliver the right service level for securing essential business systems and data. DRaaS+ allows Involta clients to choose their experience from a low-touch, infrastructure delivery-only…

Read more →

77% of CIOs say their role has been elevated due to the state of the economy and they expect this visibility within the organization to continue, according to Foundry. “The CIO role is constantly evolving, and economic conditions have put…

Read more →

IT departments continue to face immense pressure to get vulnerability and patch management right as threat actors use new and old methods to exploit network endpoints. But are we ready for what’s next? As vulnerabilities continue to increase, what strategies…

Read more →

ThreatSpike Red helps organisations of all sizes to close the cybersecurity gap by providing continuous unlimited testing and scanning of applications and websites to identify vulnerabilities. The new managed service is giving customers full visibility over cost, and makes advanced…

Read more →

OTAVA launched Security as a Service (SECaaS) for businesses that need external resources or added expertise to maintain a comprehensive cybersecurity practice. OTAVA’s purpose-built Security as a Service solutions cut through the noise of automated alerting and protect against all…

Read more →

Trulioo continues to evolve its identity verification capabilities by combining a full suite of global person and business verification solutions with no-code workflow building, low-code integrations and more, all in one platform. With one contract Trulioo customers can access personally…

Read more →

GroupSense’s VIP Monitoring service assesses and monitors high-profile individuals, executive identities, and their extended personal networks to detect exposure and threats, helping to prevent identity theft, fraud, ransomware and other cyber-attacks. Most enterprises use DRPS to protect their brand; however,…

Read more →

Rising threats to vehicles and industrial operational technology (OT) have led a growing number of enterprises worldwide to invest in advanced technologies and services to better secure their assets, according to an ISG research report. The report finds that cybersecurity…

Read more →

BOXX Insurance has unveiled a US$14.4 million Series B funding round, bringing the total amount raised from investors to US$24.5 million in the last 16 months. The latest investment was led by Zurich Insurance Company (Zurich). BOXX also unveiled that…

Read more →

Red Hat and Oracle have unveiled a multi-stage alliance to offer customers a greater choice of operating systems to run on Oracle Cloud Infrastructure (OCI). The strategic collaboration starts with Red Hat Enterprise Linux running on OCI as a supported…

Read more →

Malicious third-party OAuth apps with an evident “Publisher identity verified” badge have been used by unknown attackers to target organizations in the UK and Ireland, Microsoft has shared. The attacks were first spotted by Proofpoint researchers in early December 2022,…

Read more →

QNAP Systems has fixed a critical vulnerability (CVE-2022-27596) affecting QNAP network-attached storage (NAS) devices, which could be exploited by remote attackers to inject malicious code into a vulnerable system. Luckily for QNAP NAS owners, there’s no mention of it being…

Read more →

49% of organizations have sufficient budget to fully meet their current cybersecurity needs, and 11% can, at best, protect only their most critical assets, according to a survey by the Neustar International Security Council. Despite the rapidly changing threat landscape,…

Read more →

In this Help Net Security video, Kurtis Minder, CEO of GroupSense, discusses President Biden’s National Cybersecurity Strategy, designed to take the nation’s cybersecurity posture to the next level. While the strategy promises to make it much easier for government agencies…

Read more →