Category: Help Net Security

Arrcus has extended partnership with VMware, focused on transforming telco networks to deliver next-gen services from the edge to the cloud. The expanded partnership will provide communication service providers with the ability to monetize their 5G infrastructure quicker and deliver…

Read more →

The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed. This Help Net Security video uncovers how the…

Read more →

The latest Internet Security Report from the WatchGuard Threat Lab shows a reduction in overall malware detections from the peaks seen in the first half of 2021, along with an increase in threats for Chrome and Microsoft Office and the…

Read more →

IoT embedded systems combine hardware, firmware, and internet connectivity to carry out particular functions. These devices transfer real-time data via the internet for various purposes, including tracking, monitoring, and analysis. In this Help Net Security video, Hubertus Grobbel, VP of…

Read more →

Despite high awareness of VPN risks, remote work forced many companies to rely more heavily on legacy access methods during the pandemic. At the same time, cybercriminals continue to take advantage of long-standing security vulnerabilities and increased attacks on VPNs,…

Read more →

In this Help Net Security video, Chris Caridi, Strategic Cyber Threat Analyst at IBM X-Force, talks about the findings of the latest IBM Security X-Force Cloud Security Threat Landscape Report. The X-Force report pulls data from IBM’s threat visibility, including…

Read more →

U.S. businesses are at high risk for data security threats from increasingly effective phishing attempts and the lack of procedures to restrict data access, according to GetApp’s 4th Annual Data Security Report. Newer companies are especially vulnerable to security threats.…

Read more →

SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in passive mode by only listening to multicast packets. You can download it on GitHub. Simone Margaritelli, the tool’s author, answered…

Read more →

Cloudflare announced Turnstile, a simple, private way to replace CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) and help validate humanity across the Internet. Now any site owner can replace CAPTCHAs through a simple API, whether…

Read more →

Netography announced further innovation to its Netography Fusion platform, delivering scalable, continuous network visibility and control required by security operations center (SOC) and cloud operations teams. Netography Fusion enables organizations to significantly reduce cyber threat risks and costly downtime in…

Read more →

Malwarebytes has expanded its OneView platform capabilities as well as grow the company’s Managed Service Provider (MSP) program. In addition to endpoint security, MSPs can now access vulnerability assessment, patch management and Domain Name System (DNS) filtering from Malwarebytes OneView.…

Read more →

Aunalytics initiated its Security Patching Platform, Co-managed Patching as a Service to complement the company’s Advanced Security solution suite. Windows OS and supported 3rd party patch management allow for tighter security in the defense against cyberattacks and the new offering…

Read more →

Insight Enterprises has expanded its managed security service with new extended detection and response (XDR) capabilities that help enterprises modernize and strengthen their security posture without adding overhead for internal IT teams. Insight Managed XDR is part of a suite…

Read more →

Digital Element announced a suite of updates to Nodify to help security professionals respond to the recent surge in the VPN market. While other solutions on the market claim to offer VPN usage insights, Nodify is the only offering that…

Read more →

BigID announced native data deletion capabilities that make it easy for organizations to delete personal and sensitive data across their data stores – including Snowflake, AWS S3, mySQL, Google Drive, Teradata, and more. In addition, this new application allows customers…

Read more →

Neustar Security Services has expanded its partner ecosystem across key technology hubs in the Europe, Middle East and Africa region. The company’s new partners include CyberArm in Lebanon; Infinity IT in the Netherlands; Arcane BT in Turkey; Caretower, an Integrity…

Read more →

PKI Solution announced that Shawn Rabourn has been added as Chief Technology Officer. With over two decades of full-range information security and identity management experience in engineering, design, and architecture roles, PKI Solutions is pleased to have Shawn Rabourn join…

Read more →

Votiro announces partnership with Owl Cyber Defense to ensure secure file transfers into isolated government ministry networks. Through this collaboration, Votiro’s CDR solution will integrate with Owl’s hardware-enforced data diode and cross domain solutions to ensure secure file transfers into…

Read more →

Elevate Security and Booz Allen Hamilton announced a strategic partnership that aligns Booz Allen’s cybersecurity consulting services with Elevate’s human cyber risk quantification and mitigation software to address the human element of cybersecurity risk. Booz Allen’s Commercial team will leverage…

Read more →

Cybrary announced a partnership with Carahsoft Technology Corp to provide cybersecurity skill development to government agencies and customers. Under the agreement, Carahsoft will serve as Cybrary’s Public Sector distributor, making the company’s cybersecurity training and skills development platform available to…

Read more →

GuidePoint Security has released its ICS Security Services that include a Security Program Review, Security Architecture Review and ICS Penetration Testing that collectively are designed to provide an organization with a holistic view of their entire ICS security posture. Traditionally,…

Read more →

Most recently David Henshall held the role of chief executive officer at Citrix Systems. During his nearly two decades with the company he also held roles as chief operating officer and chief financial officer, overseeing the company’s worldwide finance, operations,…

Read more →

Wasabi Technologies has achieved unicorn status following $250 million in new funding. Wasabi raised $125 million in Series D equity led by L2 Point Management with participation from Cedar Pine; an affiliate of Cerberus Capital Management; and returning investors including…

Read more →

Chaos, new multipurpose malware written in the Go programming language, is spreading across the world. “We are seeing a complex malware that has quadrupled in size in just two months, and it is well-positioned to continue accelerating,” said Mark Dehus,…

Read more →

It’s hard to write good API specifications, and since most API gateways use them as IAC, they should be carefully checked for common mistakes. Writing an API that sticks to the original design is extremely difficult, and it must be…

Read more →

A common question we are asked by clients after deploying is, “Are attack paths in Active Directory this bad for everyone?” The answer is usually “Yes,” which doesn’t make them feel better. However, what does often cheer them up is…

Read more →

After two years of the pandemic, confidence in addressing certain security risks and threats arising from hybrid and remote work has improved among businesses and organizations around the world. When it comes to secure access to applications, data, and systems,…

Read more →

There’s been a massive push for supply chain security in the last few years: integrity protection, vulnerability management, and transparency. This push has left organizations struggling to secure their pipelines and manage vulnerabilities, especially when running in the cloud. Existing…

Read more →

Cyber threats worldwide continue to escalate and drive continued innovation and investment in cybersecurity. Cyber budgets remain high, and how the cyber market continues to outpace other IT sectors. In this Help Net Security video, Nick Kingsbury, Partner at Amadeus…

Read more →

Cloudflare announced the development of the Cloudflare Zero Trust SIM, a solution that secures every packet of data leaving mobile devices. With the Zero Trust SIM that Cloudflare is developing, organizations will be able to quickly and securely connect employee…

Read more →

To help limit the more than $100 billion of global sales revenue lost to false positives during the fraud detection process, TransUnion launched TruValidate Device Risk with Behavioral Analytics. The solution is newly fortified by NeuroID’s behavioral analytics and aims…

Read more →

Fortinet announced enhanced AIOps capabilities across its entire networking portfolio, including the artificial intelligence-based network operations management for 5G/LTE gateways. When combined with the latest AIOps enhancements to Fortinet’s Secure SD-WAN and Wired/Wireless LAN portfolio, network operations teams have access…

Read more →

CertifID has launched PayoffProtect, which gives title, escrow and settlement companies peace of mind by preventing property loan payoffs from being sent to fraudsters. This launch comes on the heels of its recent $12.5 million Series A funding by Arthur…

Read more →

Delinea announced the latest release of DevOps Secrets Vault, its high-speed vault for DevOps and DevSecOps teams. New enhancements include development support on the most recent Mac computers, and improved secrets management usability through automation, intended to reduce development time…

Read more →

Jamf announced it signed a definitive agreement to acquire ZecOps. This acquisition uniquely positions Jamf to help IT and security teams strengthen their organization’s mobile security posture, accelerating mobile security investigations from weeks to minutes, leverage known indicators of compromise…

Read more →

Accenture is collaborating with Toshiba to provide consulting services to support green transformation (GX) efforts of the companies’ clients. The collaboration will target industries with high greenhouse gas emissions and other organizations with urgent needs to improve energy efficiency. Accenture…

Read more →

Echoworx joins forces with Saepio Information Security to provide secure delivery of confidential and sensitive information to any email recipient in the world. 77% of tech leaders cited the need to increase protection of their documents and messages in transit,…

Read more →

Fortress Information Security and the Oil and Natural Gas Information Sharing Analysis Center (ONG-ISAC) announced an industry-wide initiative focused on securing hardware and software components and supply chains. The software and hardware used by oil and natural gas systems are…

Read more →

Trulioo has officially expanded to Singapore in response to rapidly growing customer demand in the Asia-Pacific (APAC) region. The move allows Trulioo to directly serve its extensive and expanding enterprise-level APAC customer base. “As businesses in the Asia-Pacific region continue…

Read more →

Traceable AI announced the appointment of Richard Bird as Chief Security Officer (CSO). In this role, he will lead Traceable’s internal data security efforts and provide his unparalleled cybersecurity expertise to propel Traceable’s mission to secure APIs across the globe…

Read more →

CoreStack announced the company’s acquisition of Optio3, an AI-powered operations management company based in Seattle, WA. As a result, CoreStack will acquire 100 percent of Optio3’s technology and IP and will integrate Optio3 team into the CoreStack team. Optio3 Co-founder…

Read more →

Cybercriminals wielding the FARGO (aka Mallox, aka TargetCompany) ransomware are targeting Microsoft SQL (MS SQL) servers, AhnLab’s ASEC analysis team has warned. They haven’t pinpointed how the attackers are getting access to the targeted servers, but noted that typical attacks…

Read more →

Group-IB has noted a fivefold increase in the number of domains used for crypto giveaway scams that involve fake YouTube streams in the first half of 2022. This Help Net Security video reveals how crypto giveaway scams have evolved into…

Read more →

Despite increased investment in tools to fight ransomware, 90% of organizations were affected by ransomware in some capacity over the past 12 months, according to SpyCloud’s 2022 Ransomware Defense Report. Allocation of security budgets Respondents ranked the risk of attack…

Read more →

In this Help Net Security video, Chip Gibbons, CISO at Thrive, illustrates the differences between a business continuity plan and a disaster recovery plan. While these terms are often used interchangeably, there are important differences and it’s critical to have…

Read more →

With talk of a possible recession approaching (if one isn’t already upon us), many businesses are already applying a higher level of scrutiny to spending—even for business-critical costs like cybersecurity. As budgets begin to tighten, security and IT leaders need…

Read more →

For cybersecurity professionals, it is a huge challenge to separate the “good guys” from the “villains”. In the past, most cyberattacks could simply be traced to external cybercriminals, cyberterrorists, or rogue nation-states. But not anymore. Threats from within organizations –…

Read more →

Sonatype has found a massive year-over-year increase in cyberattacks aimed at open source projects. According to early data from Sonatype’s 8th annual State of the Software Supply Chain Report, an average 700% jump in cyberattacks against open source projects/repositories has…

Read more →

Veeam Software announced that HBC, a holding company of investments and businesses that operates at the intersection of technology, retail operations and real estate, has chosen Veeam Availability Suite to centralize data protection on premises and across clouds. Veeam helps…

Read more →

MITRE and the Department of Defense (DoD) announced the launch of the FiGHT (5G Hierarchy of Threats) adversarial threat model for 5G systems. FiGHT empowers organizations to, for the first time, reliably assess the confidentiality, integrity, and availability of 5G…

Read more →

David Alexander as Chief Marketing Officer at Everbridge is responsible for leading the global strategy and vision for the Everbridge brand, and the go-to-market motions for the Company’s market-leading Critical Event Management (CEM) product suite. David reports to Executive Vice…

Read more →

Ransomware gangs are planning on trying out a new tactic, and it involves the destruction of the victims’ data. Targeting the data Researchers from Symantec, Cyderes and Stairwell have recently analyzed a new version of the Exmatter data exfiltration tool…

Read more →

Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled. If this news triggers a feeling of déjà vu, there’s a…

Read more →

In this Help Net Security video, Joe Leonard, CTO at GuidePoint Security, illustrates how the role of the CIO is changing as cybersecurity priorities and responsibilities are creeping into the job description. Globally, CIOs find it most difficult to solve…

Read more →

Use these three questions to assess your company’s preparedness to retrieve lost data. 1. Do you have backups of your data? This fundamental question is the basis of your reaction and remediation strategy. Without a backup, data loss is inevitable.…

Read more →

Fuzz testing helps developers protect their applications against memory corruptions, crashes that cause downtime, and other security issues, including DoS and uncaught exceptions. Code Intelligence has open-sourced a new security tool, CI Fuzz CLI, which lets developers run coverage-guided fuzz…

Read more →

In this Help Net Security video interview, George Finney, CSO at Southern Methodist University, talks about his latest book – “Project Zero Trust: A Story about a Strategy for Aligning Security and the Business“. Presented in the form of a…

Read more →

SolarWinds unveils the results of its survey examining the state of the technology job market amid industry-wide labor shortages and hiring challenges. Released to coincide with the eighth-annual IT Pro Day holiday, the survey found despite a potential economic downturn,…

Read more →

The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed. The total for June was 381,717 attacks or…

Read more →

Authomize has expanded its REST API framework that enables customers to easily build their own custom connectors to their cloud and homegrown applications and services in as little as a couple of hours. Authomize’s Software-as-a-Service (SaaS) solution enables organizations to…

Read more →

GTA 6 in-development footage leaked American video game publisher Rockstar Games has suffered an unfortunate data leak: someone has released online in-development footage/videos for Grand Theft Auto (GTA) 6, the eagerly anticipated instalment of the popular game. Uber says Lapsus$…

Read more →

Kyndryl and Elastic, the company behind Elasticsearch, have expanded global partnership to provide customers full-stack observability, enabling them to accelerate their ability to search, analyze and act on machine data (IT data and business data) stored across hybrid cloud, multi-cloud…

Read more →

DocuSign announced that the Company’s Board of Directors has hired Allan Thygesen as Chief Executive Officer. Allan Thygesen will assume the strategic leadership of the company and a role on DocuSign’s board of directors, effective October 10th. Mary Agnes “Maggie”…

Read more →

IBM plans to acquire Dialexa, to help companies drive innovation and achieve their digital growth agendas. The acquisition is expected to deepen IBM’s product engineering expertise and provide end-to-end digital transformation services for clients. Dialexa will be the sixth acquisition…

Read more →

BigID has announced native data security controls for Snowflake, alongside becoming the first Snowflake partner to achieve Snowflake Ready Technology Validation in both “Data Security” and “Data Cataloging”. BigID provides Snowflake customers with simplified access control, a data-centric approach to…

Read more →

Codenotary CEO and chairman, Moshe Bar was elected to the board of the AlmaLinux OS Foundation, which stewards the community owned and governed open source CentOS replacement. Codenotary is a gold sponsor of AlmaLinux and uses the distribution extensively throughout…

Read more →

SecurityScorecard has unveiled that The Honorable Susan M. Gordon, former Principal Deputy Director of U.S. National Intelligence, has been appointed to its Board of Directors as an independent director. Gordon was the second-most senior intelligence official in the U.S., where…

Read more →

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) Catalog. The details of in-the-wild exploitation of…

Read more →

Coalfire released its fourth annual Securealities Penetration Risk Report which analyzes enterprise and cloud service providers (CSPs) internal and external attack vectors, application development and mobile app security, social engineering and phishing, and PCI- and FedRAMP-specific findings, with data segmented…

Read more →

Like any other innovation, the integration of IoT technology in smart buildings will bring benefits as well as more and newer risks. The market for smart building technologies continues to grow at even faster rates. By 2020, 1.7B connected devices…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 42Crunch, Cloudflare, Code42, Commvault, and Onfido. Code42 Incydr enhanced detection monitors Git to protect source code and avoid IP theft Code42 has enhanced source code…

Read more →

Nearly two-thirds of respondents to a recent Laminar survey said they currently have data resident in the public cloud (Amazon Web Services, Microsoft Azure, or Google Cloud Platform). At the same time, only 40.3% said that they had a public…

Read more →

The Identity Theft Resource Center (ITRC) has published a research that shows nearly 40 percent of ITRC victims say their personal information was stolen, compromised or misused in the past year. The report goes beyond the known financial implications of…

Read more →

As students head back into the classroom, K-12 district leaders are faced with the difficult task of preventing and mitigating cybersecurity threats against their districts. School systems have become a popular target for cybercriminals over the last few years due…

Read more →

Platform9 launches its latest open source project, Arlon. Arlon defines a unified architecture that leverages GitOps, declarative APIs, and Kubernetes to manage and reconcile state of both infrastructure (clusters and underlying resources) as well as workloads (apps and configurations). Arlon…

Read more →

Secure Code Warrior has unveiled Coding Labs, a new mechanism that allows developers to more easily move from learning to applying secure coding knowledge, leading to fewer vulnerabilities in code. This marks the first time a coding-specific platform has enabled…

Read more →

ServiceNow has released even more solutions within the Now Platform Tokyo designed to supercharge operational intelligence and trust. In addition to ServiceNow Vault, ServiceNow is releasing new AI-powered features and developer and risk management tools to help organizations operate more…

Read more →

Orange Business Services, Orange Cyberdefense, and Netskope, have formed a partnership to deliver a new SSE (Security Service Edge) solution embedded into the Orange Telco Cloud Platform. The enhanced solution is designed to deliver optimal performance with maximized security, meaning…

Read more →

Phosphorus has announced a partnership with Dewpoint. The IT and security solutions provider will act as a value-added reseller (VAR) for Phosphorus in the US market. The new partnership will see the two companies jointly delivering a new generation of…

Read more →

Regula announced Regula 4306 is available for order. Having inherited the functionality of its full-size cousins for advanced verification, the device remains a compact multifunctional tool accessible to a wider audience. Over the past 8 months, Regula 4306 passed field…

Read more →

Cloudflare’s Data Localization Suite (DLS) is available in three new countries in the Asia Pacific region: Australia, India, and Japan. The Data Localization Suite will help businesses based in these countries, as well as global companies who do business in…

Read more →

The Advanced Research Center, comprised of hundreds of the security analysts and researchers, produces actionable real-time intelligence and threat indicators to help customers detect, respond and remediate the latest cybersecurity threats. “The threat landscape is scaling in sophistication and potential…

Read more →

NetWitness announced Tod Ewasko as the new Chief Product Officer. “As NetWitness continues to push the boundaries of extended detection and response, and more organizations look to invest in threat detection, it is increasingly important that we grow our capabilities…

Read more →

BioCatch announced that Jonathan W. Daly has joined the company as Chief Marketing Officer. With more than 25 years of executive marketing experience in high-growth technology companies, Jonathan W. Daly will be responsible for leading the development and communication of…

Read more →

Wolfi is a new community Linux undistribution that combines the best aspects of existing container base images with default security measures that will include software signatures powered by Sigstore, provenance, and software bills of material (SBOM). Software supply chain security…

Read more →

Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects. Successful exploit The vulnerability exists in the Python tarfile module which is a default module…

Read more →

While novel attacks seem to emerge faster than TikTok trends, some warrant action before they’ve even had a chance to surface. This is the case for an attack we’ll refer to as Evil-Colon, which operates similarly to the now defunct…

Read more →

Noname Security announced the findings from its API security report, “The API Security Disconnect – API Security Trends in 2022”, which revealed a rapidly growing number of API security incidents, concerning lack of API visibility, and a level of misplaced…

Read more →

In this Help Net Security video, Igal Lytzki, Incident Response Analyst at Perception Point, discusses a recent Remcos RAT malware campaign and more broadly, the threat that email-based threats and phishing pose to organizations. To extract credentials and other sensitive…

Read more →

Cloudflare has unveiled that both its Cloud Access Security Broker (CASB) and Data Loss Prevention (DLP) services are now available as part of Cloudflare’s zero trust platform. Cloudflare CASB provides businesses visibility and control across their corporate SaaS applications to…

Read more →

Commvault releases Metallic ThreatWise, an early warning system that proactively surfaces unknown and zero-day threats to minimize compromised data and business impact. According to Enterprise Strategy Group, only 12% of the IT directors surveyed indicated confidence in having the proper…

Read more →

Attackers view smaller organizations as having fewer security protocols in place, therefore requiring less effort to compromise. Lumu has found that compromise is significantly different for small businesses than for medium-sized and large enterprises. “There is no silver bullet for…

Read more →

The mainstream emergence of cryptocurrency, coupled with its popularity among cybercriminals, has created a potentially dangerous environment for those with significant crypto holdings. In this Help Net Security video, Nick Percoco, Chief Security Officer at Kraken, explains why it’s important…

Read more →

NuID has launched the Nu Identity (NuID) Ecosystem to provide internet users with the ability to own and control their digital identity by using services built upon NuID’s foundational zero-knowledge authentication solution. The Nu Identity Ecosystem is powered by Kii,…

Read more →

NetWitness announced a new Managed Detection and Response (MDR) service to enable companies to leverage NetWitness for expanded cybersecurity in a fully outsourced model. The new NetWitness MDR Service helps customers address the ongoing cyber skills shortage while keeping their…

Read more →

Onfido unveiled Motion, a next generation biometric liveness solution to enhance its Real Identity Platform, launched in May. Motion delivers seamless, secure, and inclusive customer verification and is iBeta Level 2 certified. With a simple head-turn capture, businesses can automate…

Read more →

Black Box has formed a Strategic Alliance Partnership with Juniper Networks, to provide Wi-Fi and LAN networks. The partnership allows Black Box to drive innovation in connectivity, giving superior data and networking options. Black Box explains that networks using Beyond…

Read more →

Lookout has expanded its partnership with Verizon to deliver the Lookout Cloud Security Platform to Verizon business customers. The Lookout Cloud Security Platform helps safeguard an organizations’ data, identify and mitigate threats and facilitates secure access to the web, private…

Read more →

CompoSecure announced the appointment of Paul Galant to its Board of Directors as an independent director. Mr. Galant is a seasoned executive with extensive experience in financial services, payments, and security technology. He has experience as a public company CEO…

Read more →

Napier has named its current Chief Operations Officer Greg Watson, as Chief Executive Officer with immediate effect, as former CEO Julian Dixon moves into a full-time role as Founder and Board Member. Greg’s tenure at Napier as well his wealth…

Read more →