Category: Help Net Security

Traceable AI announced the appointment of Richard Bird as Chief Security Officer (CSO). In this role, he will lead Traceable’s internal data security efforts and provide his unparalleled cybersecurity expertise to propel Traceable’s mission to secure APIs across the globe…

Read more →

CoreStack announced the company’s acquisition of Optio3, an AI-powered operations management company based in Seattle, WA. As a result, CoreStack will acquire 100 percent of Optio3’s technology and IP and will integrate Optio3 team into the CoreStack team. Optio3 Co-founder…

Read more →

Cybercriminals wielding the FARGO (aka Mallox, aka TargetCompany) ransomware are targeting Microsoft SQL (MS SQL) servers, AhnLab’s ASEC analysis team has warned. They haven’t pinpointed how the attackers are getting access to the targeted servers, but noted that typical attacks…

Read more →

Group-IB has noted a fivefold increase in the number of domains used for crypto giveaway scams that involve fake YouTube streams in the first half of 2022. This Help Net Security video reveals how crypto giveaway scams have evolved into…

Read more →

Despite increased investment in tools to fight ransomware, 90% of organizations were affected by ransomware in some capacity over the past 12 months, according to SpyCloud’s 2022 Ransomware Defense Report. Allocation of security budgets Respondents ranked the risk of attack…

Read more →

In this Help Net Security video, Chip Gibbons, CISO at Thrive, illustrates the differences between a business continuity plan and a disaster recovery plan. While these terms are often used interchangeably, there are important differences and it’s critical to have…

Read more →

With talk of a possible recession approaching (if one isn’t already upon us), many businesses are already applying a higher level of scrutiny to spending—even for business-critical costs like cybersecurity. As budgets begin to tighten, security and IT leaders need…

Read more →

For cybersecurity professionals, it is a huge challenge to separate the “good guys” from the “villains”. In the past, most cyberattacks could simply be traced to external cybercriminals, cyberterrorists, or rogue nation-states. But not anymore. Threats from within organizations –…

Read more →

Sonatype has found a massive year-over-year increase in cyberattacks aimed at open source projects. According to early data from Sonatype’s 8th annual State of the Software Supply Chain Report, an average 700% jump in cyberattacks against open source projects/repositories has…

Read more →

Veeam Software announced that HBC, a holding company of investments and businesses that operates at the intersection of technology, retail operations and real estate, has chosen Veeam Availability Suite to centralize data protection on premises and across clouds. Veeam helps…

Read more →

MITRE and the Department of Defense (DoD) announced the launch of the FiGHT (5G Hierarchy of Threats) adversarial threat model for 5G systems. FiGHT empowers organizations to, for the first time, reliably assess the confidentiality, integrity, and availability of 5G…

Read more →

David Alexander as Chief Marketing Officer at Everbridge is responsible for leading the global strategy and vision for the Everbridge brand, and the go-to-market motions for the Company’s market-leading Critical Event Management (CEM) product suite. David reports to Executive Vice…

Read more →

Ransomware gangs are planning on trying out a new tactic, and it involves the destruction of the victims’ data. Targeting the data Researchers from Symantec, Cyderes and Stairwell have recently analyzed a new version of the Exmatter data exfiltration tool…

Read more →

Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled. If this news triggers a feeling of déjà vu, there’s a…

Read more →

In this Help Net Security video, Joe Leonard, CTO at GuidePoint Security, illustrates how the role of the CIO is changing as cybersecurity priorities and responsibilities are creeping into the job description. Globally, CIOs find it most difficult to solve…

Read more →

Use these three questions to assess your company’s preparedness to retrieve lost data. 1. Do you have backups of your data? This fundamental question is the basis of your reaction and remediation strategy. Without a backup, data loss is inevitable.…

Read more →

Fuzz testing helps developers protect their applications against memory corruptions, crashes that cause downtime, and other security issues, including DoS and uncaught exceptions. Code Intelligence has open-sourced a new security tool, CI Fuzz CLI, which lets developers run coverage-guided fuzz…

Read more →

In this Help Net Security video interview, George Finney, CSO at Southern Methodist University, talks about his latest book – “Project Zero Trust: A Story about a Strategy for Aligning Security and the Business“. Presented in the form of a…

Read more →

SolarWinds unveils the results of its survey examining the state of the technology job market amid industry-wide labor shortages and hiring challenges. Released to coincide with the eighth-annual IT Pro Day holiday, the survey found despite a potential economic downturn,…

Read more →

The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed. The total for June was 381,717 attacks or…

Read more →

Authomize has expanded its REST API framework that enables customers to easily build their own custom connectors to their cloud and homegrown applications and services in as little as a couple of hours. Authomize’s Software-as-a-Service (SaaS) solution enables organizations to…

Read more →

GTA 6 in-development footage leaked American video game publisher Rockstar Games has suffered an unfortunate data leak: someone has released online in-development footage/videos for Grand Theft Auto (GTA) 6, the eagerly anticipated instalment of the popular game. Uber says Lapsus$…

Read more →

Kyndryl and Elastic, the company behind Elasticsearch, have expanded global partnership to provide customers full-stack observability, enabling them to accelerate their ability to search, analyze and act on machine data (IT data and business data) stored across hybrid cloud, multi-cloud…

Read more →

DocuSign announced that the Company’s Board of Directors has hired Allan Thygesen as Chief Executive Officer. Allan Thygesen will assume the strategic leadership of the company and a role on DocuSign’s board of directors, effective October 10th. Mary Agnes “Maggie”…

Read more →

IBM plans to acquire Dialexa, to help companies drive innovation and achieve their digital growth agendas. The acquisition is expected to deepen IBM’s product engineering expertise and provide end-to-end digital transformation services for clients. Dialexa will be the sixth acquisition…

Read more →

BigID has announced native data security controls for Snowflake, alongside becoming the first Snowflake partner to achieve Snowflake Ready Technology Validation in both “Data Security” and “Data Cataloging”. BigID provides Snowflake customers with simplified access control, a data-centric approach to…

Read more →

Codenotary CEO and chairman, Moshe Bar was elected to the board of the AlmaLinux OS Foundation, which stewards the community owned and governed open source CentOS replacement. Codenotary is a gold sponsor of AlmaLinux and uses the distribution extensively throughout…

Read more →

SecurityScorecard has unveiled that The Honorable Susan M. Gordon, former Principal Deputy Director of U.S. National Intelligence, has been appointed to its Board of Directors as an independent director. Gordon was the second-most senior intelligence official in the U.S., where…

Read more →

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) Catalog. The details of in-the-wild exploitation of…

Read more →

Coalfire released its fourth annual Securealities Penetration Risk Report which analyzes enterprise and cloud service providers (CSPs) internal and external attack vectors, application development and mobile app security, social engineering and phishing, and PCI- and FedRAMP-specific findings, with data segmented…

Read more →

Like any other innovation, the integration of IoT technology in smart buildings will bring benefits as well as more and newer risks. The market for smart building technologies continues to grow at even faster rates. By 2020, 1.7B connected devices…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 42Crunch, Cloudflare, Code42, Commvault, and Onfido. Code42 Incydr enhanced detection monitors Git to protect source code and avoid IP theft Code42 has enhanced source code…

Read more →

Nearly two-thirds of respondents to a recent Laminar survey said they currently have data resident in the public cloud (Amazon Web Services, Microsoft Azure, or Google Cloud Platform). At the same time, only 40.3% said that they had a public…

Read more →

The Identity Theft Resource Center (ITRC) has published a research that shows nearly 40 percent of ITRC victims say their personal information was stolen, compromised or misused in the past year. The report goes beyond the known financial implications of…

Read more →

As students head back into the classroom, K-12 district leaders are faced with the difficult task of preventing and mitigating cybersecurity threats against their districts. School systems have become a popular target for cybercriminals over the last few years due…

Read more →

Platform9 launches its latest open source project, Arlon. Arlon defines a unified architecture that leverages GitOps, declarative APIs, and Kubernetes to manage and reconcile state of both infrastructure (clusters and underlying resources) as well as workloads (apps and configurations). Arlon…

Read more →

Secure Code Warrior has unveiled Coding Labs, a new mechanism that allows developers to more easily move from learning to applying secure coding knowledge, leading to fewer vulnerabilities in code. This marks the first time a coding-specific platform has enabled…

Read more →

ServiceNow has released even more solutions within the Now Platform Tokyo designed to supercharge operational intelligence and trust. In addition to ServiceNow Vault, ServiceNow is releasing new AI-powered features and developer and risk management tools to help organizations operate more…

Read more →

Orange Business Services, Orange Cyberdefense, and Netskope, have formed a partnership to deliver a new SSE (Security Service Edge) solution embedded into the Orange Telco Cloud Platform. The enhanced solution is designed to deliver optimal performance with maximized security, meaning…

Read more →

Phosphorus has announced a partnership with Dewpoint. The IT and security solutions provider will act as a value-added reseller (VAR) for Phosphorus in the US market. The new partnership will see the two companies jointly delivering a new generation of…

Read more →

Regula announced Regula 4306 is available for order. Having inherited the functionality of its full-size cousins for advanced verification, the device remains a compact multifunctional tool accessible to a wider audience. Over the past 8 months, Regula 4306 passed field…

Read more →

Cloudflare’s Data Localization Suite (DLS) is available in three new countries in the Asia Pacific region: Australia, India, and Japan. The Data Localization Suite will help businesses based in these countries, as well as global companies who do business in…

Read more →

The Advanced Research Center, comprised of hundreds of the security analysts and researchers, produces actionable real-time intelligence and threat indicators to help customers detect, respond and remediate the latest cybersecurity threats. “The threat landscape is scaling in sophistication and potential…

Read more →

NetWitness announced Tod Ewasko as the new Chief Product Officer. “As NetWitness continues to push the boundaries of extended detection and response, and more organizations look to invest in threat detection, it is increasingly important that we grow our capabilities…

Read more →

BioCatch announced that Jonathan W. Daly has joined the company as Chief Marketing Officer. With more than 25 years of executive marketing experience in high-growth technology companies, Jonathan W. Daly will be responsible for leading the development and communication of…

Read more →

Wolfi is a new community Linux undistribution that combines the best aspects of existing container base images with default security measures that will include software signatures powered by Sigstore, provenance, and software bills of material (SBOM). Software supply chain security…

Read more →

Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects. Successful exploit The vulnerability exists in the Python tarfile module which is a default module…

Read more →

While novel attacks seem to emerge faster than TikTok trends, some warrant action before they’ve even had a chance to surface. This is the case for an attack we’ll refer to as Evil-Colon, which operates similarly to the now defunct…

Read more →

Noname Security announced the findings from its API security report, “The API Security Disconnect – API Security Trends in 2022”, which revealed a rapidly growing number of API security incidents, concerning lack of API visibility, and a level of misplaced…

Read more →

In this Help Net Security video, Igal Lytzki, Incident Response Analyst at Perception Point, discusses a recent Remcos RAT malware campaign and more broadly, the threat that email-based threats and phishing pose to organizations. To extract credentials and other sensitive…

Read more →

Cloudflare has unveiled that both its Cloud Access Security Broker (CASB) and Data Loss Prevention (DLP) services are now available as part of Cloudflare’s zero trust platform. Cloudflare CASB provides businesses visibility and control across their corporate SaaS applications to…

Read more →

Commvault releases Metallic ThreatWise, an early warning system that proactively surfaces unknown and zero-day threats to minimize compromised data and business impact. According to Enterprise Strategy Group, only 12% of the IT directors surveyed indicated confidence in having the proper…

Read more →

Attackers view smaller organizations as having fewer security protocols in place, therefore requiring less effort to compromise. Lumu has found that compromise is significantly different for small businesses than for medium-sized and large enterprises. “There is no silver bullet for…

Read more →

The mainstream emergence of cryptocurrency, coupled with its popularity among cybercriminals, has created a potentially dangerous environment for those with significant crypto holdings. In this Help Net Security video, Nick Percoco, Chief Security Officer at Kraken, explains why it’s important…

Read more →

NuID has launched the Nu Identity (NuID) Ecosystem to provide internet users with the ability to own and control their digital identity by using services built upon NuID’s foundational zero-knowledge authentication solution. The Nu Identity Ecosystem is powered by Kii,…

Read more →

NetWitness announced a new Managed Detection and Response (MDR) service to enable companies to leverage NetWitness for expanded cybersecurity in a fully outsourced model. The new NetWitness MDR Service helps customers address the ongoing cyber skills shortage while keeping their…

Read more →

Onfido unveiled Motion, a next generation biometric liveness solution to enhance its Real Identity Platform, launched in May. Motion delivers seamless, secure, and inclusive customer verification and is iBeta Level 2 certified. With a simple head-turn capture, businesses can automate…

Read more →

Black Box has formed a Strategic Alliance Partnership with Juniper Networks, to provide Wi-Fi and LAN networks. The partnership allows Black Box to drive innovation in connectivity, giving superior data and networking options. Black Box explains that networks using Beyond…

Read more →

Lookout has expanded its partnership with Verizon to deliver the Lookout Cloud Security Platform to Verizon business customers. The Lookout Cloud Security Platform helps safeguard an organizations’ data, identify and mitigate threats and facilitates secure access to the web, private…

Read more →

CompoSecure announced the appointment of Paul Galant to its Board of Directors as an independent director. Mr. Galant is a seasoned executive with extensive experience in financial services, payments, and security technology. He has experience as a public company CEO…

Read more →

Napier has named its current Chief Operations Officer Greg Watson, as Chief Executive Officer with immediate effect, as former CEO Julian Dixon moves into a full-time role as Founder and Board Member. Greg’s tenure at Napier as well his wealth…

Read more →

Conceal has announced that Theresa Payton, who made history as the first female White House Chief Information Officer and is a veteran cybercrime fighter, entrepreneur and author, has joined the Conceal Board of Advisors. “The fact that business applications are…

Read more →

Deep Instinct has unveiled that Lane Bess, former Palo Alto Networks CEO and Zscaler COO, is taking over as CEO, effective immediately. As an early investor and then Executive Chair of Deep Instinct’s Board, Bess has intimate knowledge of the…

Read more →

Vector Capital announced it will make a strategic $100 million minority investment in Malwarebytes. As part of the transaction, Vector Capital Managing Directors Sandy Gill and Dave Fishman will join the company’s Board of Directors. Malwarebytes plans to leverage the…

Read more →

ActionIQ has joined forces with Snowflake, to integrate AIQ’s new HybridCompute technology directly with the Snowflake Data Cloud, empowering enterprise IT teams to maximize the value of existing technology investments while maintaining seamless experiences for business users. HybridCompute is a…

Read more →

Several bills totaling $15.6 billion are making their way through the House for the 2023 fiscal year. While $11.2 billion will go to the Department of Defense, $2.9 billion will be allocated to the Cyber Security and Infrastructure Security Agency…

Read more →

Linux Server Management and Security University of Colorado / Instructor: Greg Williams, Lecturer This course dives into how Linux works from an enterprise perspective: In week 1 we will look at what Linux is used for in the enterprise. By…

Read more →

The US government will award $1 billion in grants to help state, local, and territorial (SLT) governments address cybersecurity risks, strengthen the cybersecurity of their critical infrastructure, and ensure cyber resilience against persistent cyber threats. “Applicants have 60 days to…

Read more →

Dynatrace announced the results of an independent global survey of 1,303 CIOs and senior cloud and IT operations managers in large organizations, showing that as the move toward cloud-native architectures accelerates, the data generated by such environments outstrips current solutions’…

Read more →

In this Help Net Security video, Mark Nunnikhoven, Distinguished Cloud Strategist at Lacework, discusses agent-based vs. agentless approaches in security. Ransomware is proliferating and Log4j showed us that zero-day threats are lurking around every corner. These threats cost more than…

Read more →

Fivetran has presented the availability Fivetran’s Metadata API to enable the tracking of data “in-flight” from source to destination as it moves through Fivetran-managed pipelines. With this additional visibility, customers can integrate with governance and observability tools to give data…

Read more →

DartPoints launches its updated managed detection and response (MDR) product, which combines MDR, endpoint detection and response (EDR), security orchestration, automation and response (SOAR), and extended detection and response (XDR) into one complete solution with support and monitoring by DartPoints…

Read more →

ThreatQuotient has released a new version of ThreatQ TDR Orchestrator, the solution for a simplified, data-driven approach to security operations. Built on the ThreatQ Platform, the continued innovation of ThreatQ TDR Orchestrator includes enhanced automation, analysis and reporting capabilities that…

Read more →

Cyberattacks on large organizations dominate news headlines. So, you may be surprised to learn that small and medium enterprises (SMEs) are actually more frequent targets of cyberattacks. Many SMEs understand this risk firsthand. In a recent survey, 58% of CISOs…

Read more →

Infoblox announced the results of a Forrester Consulting study, which found IT leaders around the world share a ubiquitous appetite for greater network visibility. The findings underscore a convergence in security with networking, which IT decisionmakers now view as the…

Read more →

Citing the importance of increased visibility before, during, and after a cybersecurity incident, Endace announced a new series of next-generation EndaceProbe Platforms for continuous, high-speed packet capture at network edge and branch locations. As recent cyberthreats have shown, attacks can…

Read more →

ActiveState releases ActiveState Artifact Repository to enable organizations to securely build Python dependencies directly from source code. Rather than developers importing prebuilt Python dependencies from a public repository like the Python Package Index (PyPI), or from some internal build process…

Read more →

Sardine has raised $51.5M in Series B financing to accelerate product development as well as marketing and sales across the globe. Andreessen Horowitz’s Growth Fund led the round with participation from new and existing investors, including XYZ, Nyca Partners, Sound…

Read more →

Information Services Group (ISG) has formed a partnership with cyberconIQ, a cybersecurity platform and advisory company, to address the human side of cybersecurity. Under the new partnership, Information Services Group will be able to offer its clients the capabilities of…

Read more →

GuidePoint Security announced that Deepwatch has joined the Emerging Cyber Vendor Program. This GuidePoint Security Program is specifically designed to help emerging cybersecurity vendors expand their federal footprint. As part of this program, the Deepwatch MDR solution is now available…

Read more →

Belden has joined forces with Cylus, and will enable customers that use Belden’s Firewall to supplement it with an optimized version of CylusOne software available for license from Cylus. The combination of Belden and Cylus solutions that customers will be…

Read more →

Intellicheck has appointed Dondi Black and Greg Braca to the company’s board of directors. Black is Senior Vice President, Chief Product Officer at TSYS. Braca is the former CEO and president of TD Bank. “We are very excited to add…

Read more →

Splunk has named Tom Casey as Senior Vice President and General Manager, Platform, effective September 20, 2022. Reporting to Gary Steele, President and Chief Executive Officer of Splunk, Casey will lead the company’s platform strategy, including development and operations of…

Read more →

Rick Jackson is an experienced marketing leader who most recently held chief marketing roles at Qlik, Rackspace and VMware. He will lead Veeam’s global marketing organization as it continues to drive brand preference and ongoing growth as the market leader…

Read more →

Revolut, the fintech company behing the popular banking app of the same name, has suffered a data breach, which has been followed by phishing attacks aimed at taking advantage of the situation. About the Revolut data breach Revolut customers began…

Read more →

Uber has confirmed that the recent breach of its systems started with a compromised account belonging to a contractor. “It is likely that the attacker purchased the contractor’s Uber corporate password on the dark web, after the contractor’s personal device…

Read more →

Apple announced additional security and privacy updates for its newest operating system. In this Help Net Security video, you’ll learn how to activate Lockdown Mode on your Mac in macOS Ventura. The post How to activate Lockdown Mode on macOS…

Read more →

A recent research found an increase in attacks across all the most targeted industries and organizations, including education, healthcare and finance. Attacks on critical infrastructure in particular have quadrupled. It is clear that the goal of theses cyberattacks is less…

Read more →

Every morning, we wake up and chances are, we start immediately accessing and consuming information. Whether it’s accessing personal emails, downloading sales reports, or paying bills, we’re switching devices constantly, and are used to managing both our personal and work…

Read more →

New Relic published the 2022 Observability Forecast report, which captures insights into the current state of observability, its growth potential, and the benefits of achieving full-stack observability. As IT and application environments increasingly move toward complex, cloud-based microservices, the research…

Read more →

Anaconda released its annual 2022 State of Data Science report, revealing the widespread trends, opportunities, and perceived blockers facing the data science, machine learning (ML), and artificial intelligence (AI) industries. The global study targeted the open-source community through three cohorts…

Read more →

CircleCI released the 2022 State of Software Delivery report, which examines two years of data from more than a quarter billion workflows and nearly 50,000 organizations around the world, and provides insight for engineering teams to understand how they can…

Read more →

42Crunch has released API Scan service inside the IDEs for developers. With over 500,000 developers already using 42Crunch, this latest addition to the platform means enterprises can further strengthen their shifting of API security as far left as possible into…

Read more →

iBASIS has integrated the multi-protocol signaling firewall of jtendo to its Managed Cloud-Based Security Portfolio, iBASIS Security iQ360. The increase in the number of network protocols (also covering 5G), technologies, and roaming traffic creates a greater complexity requiring advanced features…

Read more →

Shockoe and Veriff collaborate to pave the way for secure mobile solutions by allowing businesses to create mobile apps accessible to real users, preventing fraud and providing privacy. Shockoe creates solutions that are measurable, impactful, and intuitive. Shockoe works across…

Read more →

Absolute Software has partnered with Trellix to extend its patented Absolute Persistence technology to Trellix Endpoint Security (ENS). With this latest addition to the company’s Application Resilience ecosystem, joint customers can leverage the power of Absolute’s firmware-embedded connection to ensure…

Read more →

Peretz Regev brings more than 20 years of senior leadership and product engineering experience to CyberArk. Previously, Regev was vice president of Global Data Science and Engineering at PayPal. Regev also served as the general manager of PayPal Israel. In…

Read more →

83% of educational organizations confirmed they store sensitive data in the cloud. With educators and students constantly sharing that information, they are more concerned about insider threats than other industries. 48% of respondents in this sector consider cybersecurity risks associated…

Read more →

American video game publisher Rockstar Games has suffered an unfortunate data leak: someone has released online in-development footage/videos for Grand Theft Auto (GTA) 6, the eagerly anticipated instalment of the popular game. “Its possible i could leak more data soon,…

Read more →

Oxeye security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities (CVE-2022-31671, CVE-2022-31666, CVE-2022-31670, CVE-2022-31669, CVE-2022-31667) in CNCF-graduated project Harbor, the popular open-source artifact registry by VMware. Harbor is an open-source cloud native…

Read more →