Category: Help Net Security

New solution brings together full stack of CA-agnostic certificate lifecycle management, PKI services and tightly integrated public trust issuance. We rarely consciously think about the fact that, in this Information Age, many aspects of our private and work lives are…

Read more →

Utility infrastructure is in dire need of modernization. In many parts of the world, the infrastructure delivering power and water to consumers is not ready to withstand natural disasters and rising energy demands. Integrating real-time data analytics into the decision-making…

Read more →

ShardSecure has forged a strategic technology alliance with Entrust to provide cloud data protection to a growing market of enterprise companies and medium-sized businesses. The ShardSecure-Entrust partnership, part of the Entrust Ready Technology Partner Program, ensures that data in cloud…

Read more →

A Zero Trust Networking Access (ZTNA) security posture is quickly becoming an industry standard worldwide. More than 85% of organizations across the globe have allocated a moderate or, in some cases, a significant year-over-year increase in budget for Zero Trust…

Read more →

KELA launched a new and consolidated cyber intelligence platform, consisting of a new intuitive user interface and four complementary modules: Threat Landscape, Monitor, Hunt, and Tactical Intelligence. The platform provides real, actionable intelligence to support various security teams across an…

Read more →

The expansion of potential cyber threats has increased due to the integration of connected devices, the Internet of Things (IoT), and the convergence of IT and OT in railway operations. In this Help Net Security interview, Dimitri van Zantvliet is…

Read more →

ESET researchers have discovered yet another wiper malware used to target Ukrainian organizations. Dubbed SwiftSlicer, it is thought to be wielded by the Sandworm APT. Simultaneously, the Ukranian CERT has confirmed that the attackers who recently aimed to disrupting the…

Read more →

Critical vulnerabilities discovered in OpenEMR can be chained to gain code execution on a server running a vulnerable version of the popular open-source electronic health record system. Discovered, privately reported and now publicly documented by researcher Dennis Brinkrolf, the vulnerabilities…

Read more →

Arkose Labs has launched a new SMS Toll Fraud online ROI calculator that enables CISOs to estimate the cost savings associated with stopping SMS Toll Fraud, a serious operational and financial threat to enterprises. SMS Toll Fraud, also known as…

Read more →

Insider threats are a top concern at organizations of all kinds; only 3% of respondents surveyed are not concerned with insider risk, according to Gurucul. With responses from more than 325 cybersecurity professionals, the report explores the latest trends and…

Read more →

SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, talks about the key findings: For the CVEs reported in the second half of 2022, 35%…

Read more →

The expansion of potential cyber threats has increased due to the integration of connected devices, the Internet of Things (IoT), and the convergence of IT and OT in railway operations. In this Help Net Security interview, Dimitri van Zantvliet is…

Read more →

It is the immediate natural reaction of most organizations to cut costs during an economic downturn. But the economy will return and cutting back too far can be damaging in the long term. Complex situations such as a global recession…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: BSidesZG 2023: Strengthening the infosec community in Croatia’s capital In March 2023, Zagreb will be added to the (already long) list of cities where information…

Read more →

Mirantis has acquired Shipa to add automated application discovery, operations, security, and observability to the Lens Kubernetes Platform. Lens helps eliminate Kubernetes complexity – accelerating mainstream developer adoption – and empowers users to easily manage, develop, debug, monitor, and troubleshoot…

Read more →

OneSpan has agreed to acquire ProvenDB to provide a trust model for high assurance contracts and documents. ProvenDB will extend the capabilities of OneSpan’s Transaction Cloud Platform to both public and private blockchains and serve as a modern technological foundation…

Read more →

Ransomware has lately been the primary method of monetization for threat actors. Still, research has revealed a slight decrease in ransomware attacks and ransomware payments this past year, suggesting cybercriminals are evolving their strategies. Threat actors have been leveraging more…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Perimeter 81, SpyCloud, ThreatConnect, Venafi, and Wallarm. SpyCloud Compass identifies infected devices accessing critical workforce apps SpyCloud Compass enables organizations to reduce their risk of…

Read more →

Enterprises are going all-in on cloud storage, with average stored capacity in the public cloud expected to reach 43% of their total storage footprint by 2024, and the vast majority (84%) are increasing their budgets to make that a reality,…

Read more →

80% of organizations increased their use of open source software over the last 12 months, according to Perforce Software and the Open Source Initiative. Four out of five companies rely on OSS for a wide range of business-critical applications including…

Read more →

Ermetic has extended its Cloud Native Application Protection Platform (CNAPP) with cloud workload protection capabilities that enable customers to detect, prevent and remediate security risks in virtual machines, containers and serverless functions. Using context that spans infrastructure configurations, network, access…

Read more →

Cloud Range has introduced Cloud Range for Critical Infrastructure—the live-fire simulation training specifically designed to proactively train and prepare incident responders (IR) and security operations (SOC) teams in operational technology (OT) and information technology (IT) environments to defend against cyber…

Read more →

Prove Identity appointed Amanda Fennell as the company’s Chief Information Security Officer (CISO) and Chief Information Officer (CIO). Fennell, who most recently served as the CISO & CIO at Relativity, brings over twenty years of security industry experience to the…

Read more →

Iron Bow Technologies acquired GuardSight, a cybersecurity operations as a service (SECOPS), and managed detection and response (MDR) company that serves businesses and organizations across the U.S. The acquisition of GuardSight will enhance Iron Bow’s existing cybersecurity solutions portfolio, combining…

Read more →

Europol supported the German, Dutch and US authorities in taking down the infrastructure of the prolific HIVE ransomware. This international operation involved authorities from 13 countries in total. Law enforcement identified the decryption keys and shared them with many victims,…

Read more →

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available. Ubuntu Pro helps teams get timely CVE patches, harden their systems at scale and remain compliant with regimes such as FedRAMP, HIPAA and PCI-DSS. The…

Read more →

Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. “An attacker could manipulate an existing public x.509 certificate to spoof their identity and perform actions such as authentication or…

Read more →

Tricking users at targeted organizations into installing legitimate remote monitoring and management (RMM) software has become a familiar pattern employed by financially motivated attackers. No organization is spared, not even agencies of the US federal civilian executive branch – as…

Read more →

Open-source software enables better security for both large and small organizations. It is the foundation of today’s society and is found throughout a modern application stack, from the operating system to networking functions. It’s estimated that around 90% of organizations…

Read more →

Malwarebytes has announced the upcoming Malwarebytes Mobile Security for Business, extending its endpoint protection capabilities to professional mobile devices. From corporate organizations to educational institutions, the increasing number of connected mobile devices introduces security risks to users and networks. With…

Read more →

ThreatConnect released ThreatConnect Platform 7.0 designed specifically for TI Ops. The new release increases the effectiveness of threat intelligence analysts and security operations teams by bringing together the power of human analysis, ML-powered analytics and intelligence, and automation. “Legacy approaches…

Read more →

Halo Security recently implemented a new feature to reduce the noise and improve attack surface visibility, helping customers identify active threats in the wild — known exploited vulnerabilities (KEVs) from the Cybersecurity and Infrastructure Security Agency (CISA) catalog — and…

Read more →

A language-generating AI model called ChatGPT, available for free, has taken the internet by storm. While AI has the potential to help IT and security teams become more efficient, it also enables threat actors to develop malware. In this interview…

Read more →

PKWARE has released its newest data discovery and protection solution, PK Secure Email. This Microsoft Outlook add-in automatically discovers sensitive information in email message body, subject line, and attachment and prompts policy-driven protection actions upon sending. Email is a staple…

Read more →

Lupovis has released Prowl, new platform capabilities designed to help security analysts automatically identify bot traffic from malicious human threat actors, to help reduce the time they waste investigating false positives. False positives are flagged by security products that identify…

Read more →

SpyCloud launched Compass, a transformative solution to help enterprises detect and respond to the initial precursors to ransomware attacks. Compass provides definitive evidence that data siphoned by malware infections is in cybercriminals’ hands and provides a comprehensive approach to incident…

Read more →

With continued transition to cloud services to support remote work, the threat of malware continues to grow, expanding each company’s attack surface. The first half of 2022 saw 2.8 billion malware attacks in which more than 270,000 “never-seen-before” malware variants…

Read more →

The first half of 2022 saw fewer compromises reported due in part to Russia-based cybercriminals distracted by the war in Ukraine and volatility in the cryptocurrency markets, according to the Identity Theft Resource Center. However, data compromises steadily increased in…

Read more →

Crypto.com has been certified with ISO 27017 for security in the cloud and ISO 27018 for privacy protection in the cloud as audited by SGS, an internationally-recognized certification authority. These two certifications, both firsts for a digital asset platform, demonstrate…

Read more →

LogicGate has hired Nicholas Kathmann as its CISO to help scale the company’s information security program, manage its external system security, drive platform security innovations and engage with LogicGate customers on security management. “To build on LogicGate’s growth and market…

Read more →

Forescout Technologies has unveiled that Barry Mainz will join the company as CEO, effective immediately. Barry Mainz brings more than 25 years of experience in executive leadership across infrastructure software and cybersecurity companies. Mainz has served as CEO and member…

Read more →

Strata has closed a $26M Series B round of financing led by Telstra Ventures with participation from existing investors Menlo Ventures, Forgepoint Capital and Innovating Capital. The company has developed, Maverics, the distributed identity orchestration platform that enables organizations to…

Read more →

The hackers who breached Riot Games last week are asking for $10 million not to leak the stolen source code for the company’s popular League of Legends online game. The company has also confirmed that source code for TFT (Teamfight…

Read more →

VMware has fixed two critical (CVE-2022-31706, CVE-2022-31704) and two important (CVE-2022-31710, CVE-2022-31711) security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility and intelligent analytics. Reported by Trend Micro’s Zero Day Initiative, none of…

Read more →

According to the FBI’s 2021 Internet Crime Report, business email compromise (BEC) accounted for almost a third of the country’s $6.9 billion in cyber losses that year – around $2.4 billion. In surprisingly sharp contrast, ransomware attacks accounted for only…

Read more →

Quantum computing poses a great opportunity but also a great threat to internet security; certain mathematical problems that form the basis of today’s most popular cryptographic algorithms will be much easier to solve with quantum than with “classical” computers. Recently,…

Read more →

Despite a difficult economic environment, organizations continue to invest in privacy, with spending up significantly from $1.2 million just three years ago to $2.7 million this year, according to Cisco. Yet, 92 percent of respondents believe their organization needs to…

Read more →

The cybersecurity skills shortage is a global problem, but each region – including Europe or, more specifically, the EU – has distinct problems it has to tackle to solve it. In this Help Net Security Dritan Saliovski, Director – Nordic…

Read more →

Datto introduced its second-generation family of cloud managed switches, along with global expansion of the early access for its secure remote access solution, Datto Secure Edge. These new networking solutions complement Datto’s existing product lines of Wi-Fi 6 access points…

Read more →

As part of the Venafi Control Plane for machine identities, TLS Protect for Kubernetes enables security and platform teams to easily and securely manage cloud native machine identities, such as TLS, mTLS and SPIFFE, across all of an enterprise’s multi-cloud…

Read more →

GoTo (formerly LogMeIn) has confirmed on Monday that attackers have stolen customers’ encrypted backups from a third-party cloud storage service related to its Central, Pro, join.me, Hamachi, and RemotelyAnywhere offerings. However, the attackers have also managed to grab an encryption…

Read more →

Apple has released security updates for macOS, iOS, iPadOS and watchOS, patching – among other things – a type confusion flaw in the WebKit component (CVE-2022-42856) that could be exploited for remote code execution on older iPhones and iPads running…

Read more →

ioSafe introduced the ioSafe 1522+, a five-bay network attached storage (NAS) device for businesses of all sizes, including those with remote locations in fire and flood-prone areas. “The 1522+ is the next proof point in our commitment to delivering the…

Read more →

Hillstone Networks latest upgrade of its operating system, Hillstone StoneOS 5.5R10, delivers AI-based threat protection, centralized zero trust control and management, and further simplification of security operations and system optimization, among over 300 new features. The new functionality enhances the…

Read more →

Arctic Wolf launched Arctic Wolf Incident Response (IR) JumpStart Retainer, an incident response offering that helps organizations proactively plan for cyber incidents without losing valuable time to remediation and the high upfront costs of traditional incident response retainers. In the…

Read more →

In this Help Net Security video, Carlos Fernandez, Security Researcher at Sonatype, talks about how their AI system caught packages that attack Python developers with a unique tactic. Sonatype calls them RAT mutants because they’re a mix of remote access…

Read more →

It has been observed that attackers will attempt to start exploiting vulnerabilities within the first fifteen minutes of their disclosure. As the time to patch gets shorter, organizations need to be more pragmatic when it comes to remediating vulnerabilities, particularly…

Read more →

The National Security Agency (NSA) published guidance to help Department of Defense (DoD) and other system administrators identify and mitigate security issues associated with a transition to Internet Protocol version 6 (IPv6). IPv6 Security Guidance highlights how several security issues…

Read more →

In March 2023, Zagreb will be added to the (already long) list of cities where information security professionals and enthusiasts can share their knowledge with peers at a Security BSides conference. We’ve talked with BSidesZG organizer Ante Jurjevic to find…

Read more →

Linor spends her days working with cybersecurity founders at her Venture Capital firm. Gaining insight into their experiences over the course of building these relationships and supporting the brick-laying of their visions, she shares observations on the tough – and…

Read more →

IoT remains the biggest hurdle in achieving an effective zero-trust security posture across an organization. In this Help Net Security video, Denny LeCompte, CEO at Portnox, discusses how IoT has been difficult to profile accurately and why zero trust strategies…

Read more →

The European Union Agency for Cybersecurity (ENISA) has made available Awareness Raising in a Box (AR-in-a-BOX), a “do it yourself” toolbox to help organizations in their quest to create and implement a custom security awareness raising program. The package includes:…

Read more →

An EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of vulnerabilities than organizations not using code scanning tools, while continuous training greatly improved code security…

Read more →

The sheer volume of reported ICS vulnerabilities and CVEs may cause critical infrastructure asset owners to feel overwhelmed, or need help knowing where to begin, according to SynSaber. The report analyzes the 920+ CVEs released by CISA in the second…

Read more →

CyberGRX has released a Predictive Data tool to the Exchange platform’s Attack Scenario Analytics feature. Customers can leverage CyberGRX’s predictive risk intelligence capabilities, which has up to 91% accuracy, to evaluate levels of risk posed by a third party against…

Read more →

Wallarm has launched the Wallarm API Leak Management solution, an enhanced API security technology designed to help organizations identify and remediate attacks exploiting leaked API keys and secrets, while providing on-going protection against hacks in the event of a leak.…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cacti servers under attack by attackers exploiting CVE-2022-46169 If you’re running the Cacti network monitoring solution and you haven’t updated it since early December, now…

Read more →

Vanta has acquired Trustpage to transform trust into a marketable advantage for companies around the world. With the addition of Trustpage, Vanta is accelerating its product innovation and continuing to scale its industry-defining trust management platform for thousands of global…

Read more →

Exterro’s acquisition of Zapproved is the latest step in furthering Exterro’s vision to empower customers to proactively and defensibly manage their legal governance, risk and compliance obligations. It also represents another strategic milestone for Exterro in its partnership with Leeds…

Read more →

Bitwarden’s acquisition of Passwordless.dev comes on the heels of a $100M funding round and allows Bitwarden to equip customers with a strong WebAuthn framework from which to develop custom features and deliver passwordless user experiences. A core part of the…

Read more →

Fingerprint and Ping Identity partnership enables PingOne DaVinci customers to identify devices throughout user journeys, which helps prevent fraud and improve the overall customer experience. Fingerprint joins a growing network of technology partners developing integrations with PingOne DaVinci through the…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from CloudSEK, Devo Technology, Immuta, Varonis, and Zyxel Networks. CloudSEK BeVigil app protects Android users from security risks By providing users with detailed information about the…

Read more →

Cybersecurity professionals are frustrated over how much time and attention they must devote to API security and worried that their defenses still need to be improved, according to Corsha. Researchers recently surveyed over 400 security and engineering professionals to learn…

Read more →

In this Help Net Security video, André Ferraz, CEO at Incognia, discusses the impact of location spoofing and location-based fraud. Any tool that enables users to alter the location information given by their device is known as location spoofing. Scammers…

Read more →

When you support a remote workforce, you risk opening your data, applications, and organization to the world. How can you sleep soundly at night while enabling a modern “work from anywhere” workforce? Acknowledging the inherited security challenges in remote access…

Read more →

Immuta has released its latest product, Immuta Detect. With its continuous data security monitoring capabilities, Immuta Detect alerts data and security teams about risky data access behavior, enabling more accurate risk remediation and improved data security posture management across modern…

Read more →

Arcserve unveiled Arcserve Unified Data Protection (UDP) 9.0, a centrally managed backup and disaster recovery solution that future-proofs every data infrastructure with robust protection for every type of workload. It combines complete data protection, Sophos cybersecurity protection, immutable storage, tape…

Read more →

Hornetsecurity has appointed Irvin Shillingford to run its Northern European regional team. Shillingford brings more than 30 years’ experience of growing cyber and software solutions at key businesses. He has held several senior leadership roles running business development teams while…

Read more →

A source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development. The latest git vulnerabilities CVE-2022-41903 is an out-of-bounds memory write flaw in log formatting and CVE-2022-23251 is a truncated…

Read more →

The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems. Industrial networks and critical infrastructures…

Read more →

SMBs are aware of increasing cyber threats and allocating resources and investing in areas such as network and cloud security, according to Datto. Key takeaways from this survey include: About a fifth of IT budget is dedicated to security and…

Read more →

Businesses widely use cloud applications, a fact not lost on attackers, which view these apps as an ideal home for hosting malware and causing harm. In this Help Net Security video, Ray Canzanese, Threat Research Director at Netskope, talks about…

Read more →

IDrive Backup has enhanced their endpoint backup solution IDrive 360 with the addition of full system backup and mobile backup, enabling users to ensure that all data from all devices within their organization can be completely recovered if a data…

Read more →

Sygnia has expanded its incident response and proactive security services to include a managed extended detection and response (MXDR) service. Sygnia’s MXDR is technology-agnostic and a 24/7 fully managed security operations service that includes monitoring, threat detection, forensic analysis, accelerated…

Read more →

TD SYNNEX has launched a new fraud defense solution, SMB Fraud Defense Click-to-Run, integrating Microsoft Azure services for small and medium business (SMB) customers during a time of increasing threats within cloud environments. The SMB Fraud Defense Click-to-Run solution elevates…

Read more →

Zyxel Networks launched the Zyxel Astra, a new cloud-based endpoint security service that enables SMBs to secure remote users regardless of their location. Designed to address the unique network security challenges presented by hybrid work environments, Astra enables network administrators…

Read more →

nsKnox has unveiled a new funding round of $17 million, bringing its total funding to date to $35.6M. Two new investors, U.S.-based Internet & technology venture capital firm Link Ventures and Harel Insurance & Finance, took a significant part in…

Read more →

Abacus Group acquired two boutique cybersecurity consulting companies, Gotham Security and its parent company, GoVanguard, both of which have unparalleled track records of excellence in the cyber arena. Gotham Security, as the new business will be known, will be a…

Read more →

Forter acquires Immue to not only strengthen the company’s existing fraud management capabilities but add Immue’s domain-specific bot expertise. Bots are used by the most sophisticated fraud operations to monitor and automate purchases from merchant sites. In fact, it’s frequently…

Read more →

Ivanti and Lookout have extended their strategic partnership to now include Lookout Mobile Endpoint Security as part of the Ivanti Neurons automation platform. The combined solution, which also includes Ivanti Go and Ivanti Neurons for Modern Device Management, is a…

Read more →

Two vulnerabilities (CVE-2022-4873, CVE-2022-4874) found in three NetComm router models could be exploited to achieve remote code execution on vulnerable devices, and there’s a public PoC chaining them, CERT/CC has warned. The good news is that they’ve been fixed by…

Read more →

The FBI has recently warned the public about search engine ads pushing malware diguised as legitimate software – an old tactic that has lately resulted in too many malicious ads served to users searching for software, cracked software, drivers –…

Read more →

Geopolitical instability is exacerbating the risk of catastrophic cyberattacks, according to the Global Cybersecurity Outlook 2023 report from the World Economic Forum. The great threat Over 93% of cybersecurity experts and 86% of business leaders believe “a far-reaching, catastrophic cyber…

Read more →

Varonis introduced least privilege automation for Microsoft 365, Google Drive, and Box — a new capability that continuously removes unnecessary data risk without human intervention. This innovation furthers Varonis’ mission to deliver effortless data security outcomes to customers. Unlike other…

Read more →

ChatGPT from OpenAI is a conversational chatbot recently released in preview mode for research purposes. It takes natural language as input and aims to solve problems, provide follow-up questions or even challenge assertions depending on your question. In this Help…

Read more →

In 2022, state-sponsored cyber activity has been drawn into sharp focus, ransomware continued to dominate as the primary threat facing organizations, and there have been several highly publicized incidents. Beyond the headlines, there have been some interesting shifts in both…

Read more →

Companies are challenged with more complex hybrid IT environments. They are raising budgets to fend off cyberattacks and keep up as production environments continue to diversify across various clouds, according to Veeam Software. The result is that IT leaders feel…

Read more →

DigiCert has released DigiCert Trust Lifecycle Manager, a digital trust solution unifying CA-agnostic certificate management and public key infrastructure (PKI) services. Trust Lifecycle Manager integrates with DigiCert’s public trust issuance for a full-stack solution governing seamless management of corporate digital…

Read more →

Devo Technology unveiled Devo DeepTrace, an autonomous alert investigation and threat hunting solution that uses attack-tracing artificial intelligence (AI) to advance how security teams identify attacks, investigate threats and secure their organizations. DeepTrace augments the work security analysts do by…

Read more →

DNS Insights by NS1 unlocks improved reliability, real-time analysis, and cost control by collecting DNS and network metrics at the edge to empower networking professionals as they troubleshoot and optimize infrastructure at scale. DNS Insights arrives at a critical time…

Read more →