Category: Help Net Security

CloudSEK launched the BeVigil app to provide users with detailed information about the security and privacy practices of their mobile apps. With the BeVigil App, users can search for apps by name and view detailed information about the app’s security…

Read more →

If your enterprise is running ManageEngine products that were affected by CVE-2022-47966, check now whether they’ve been updated to a non-vulnerable version because Horizon3’s will be releasing technical details and a PoC exploit this week. GreyNoise has yet to detect…

Read more →

Although cyberattacks have become more common, handling them remains extremely challenging for organizations. Even if things go well on the technical level, incident response (IR) is still a stressful and hectic process across the company; this is the reality of…

Read more →

33% of companies are not providing any cybersecurity awareness training to users who work remotely, according to Hornetsecurity. The study also revealed that nearly 74% of remote staff have access to critical data, which is creating more risk for companies…

Read more →

In this Help Net Security video, MacKenzie Jackson, Developer Advocate at GitGuardian, offers his cybersecurity predictions for 2032. These include: Developers will be a priority target for hacking campaigns Doubling down on MFA bypass Source code security More efforts to…

Read more →

The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s laptop with malware, stealing their 2FA-backed SSO session cookie, and using it to impersonate the employee…

Read more →

If you’re running the Cacti network monitoring solution and you haven’t updated it since early December, now is the time to do it to foil attackers exploiting a critical command injection flaw (CVE-2022-46169). About Cacti and CVE-2022-46169 Cacti is an…

Read more →

There are a variety of roadblocks associated with moving to passwordless authentication. Foremost is that people hate change. End users push back when you ask them to abandon the familiar password-based login page, while app owners resist changing them to…

Read more →

The quality of protected communications matters – a lot. If the sent material is highly sensitive and the legislation and/or policy demands high security, opportunistic encryption might not be enough. For organizations, deciding what email encryption solution to use is…

Read more →

A new Zapata Computing report reveals a deepening commitment from enterprises that points to a maturing industry with widespread, global interest and increased urgency regarding post-quantum cybersecurity threats. The growing interest in quantum is translating into spending, demonstrated by 71%…

Read more →

77% of IT decision makers across the United States and Canada believe their companies are likely to face a data breach within the next three years according to survey results released by Adastra. Survey respondents ranked data security as the…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google is calling EU cybersecurity founders Google announced that the Google for Startups Growth Academy: Cybersecurity program now accepts applications from EU companies. Rackspace ransomware…

Read more →

SpiderOak has raised $16.4M in Series C round led by Empyrean Technology Solutions, a space technology platform backed by funds affiliated with Madison Dearborn Partners. The Series C round included additional investment from Method Capital, and OCA Ventures. The oversubscribed…

Read more →

Crisis24 acquires Topo.ai to further strengthen its support operations, offer a one-stop shop solution with plug and play capabilities, and ensure the highest levels of client satisfaction. Crisis24 provides unrivaled curated intelligence and sophisticated technologies to enable the world’s most…

Read more →

Conceal has unveiled that it is expanding into the Spain, France, Italy, and Portugal MSSP markets through a strategic partnership with Thousand Guards. “Thousand Guards services are aimed at IT security managers and cybersecurity services companies that need to find…

Read more →

With nearly half of today’s enterprises comprised of non-employees, organizations need to factor this growing group of identities into their approach to identity security. With SecZetta, SailPoint will be able to expand its capabilities to help companies gain better visibility…

Read more →

Cloudflare has expanded its relationship with Microsoft to help customers easily deploy, automate, and enhance their organization’s zero trust security. Working from anywhere is more common than ever, and critical applications have moved to the cloud—no longer residing inside an…

Read more →

Onapsis has formed a strategic collaboration with Wipro to drive digital transformation and business growth for customers. Enterprises embarking on their digital transformation journey are often faced with a complex SAP landscape and a limited understanding of how to secure…

Read more →

Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential of using fuzzing to uncover security holes in implementations of cryptographic protocols. CVE-2022-43974 and CVE-2022-42905 CVE-2022-43974 is a buffer…

Read more →

A critical vulnerability in FortiOS SSL-VPN (CVE-2022-42475) that Fortinet has issued patches for in November 2022 has been exploited by attackers to compromise governmental or government-related targets, the company has shared. Fortinet says the attackers have advanced capabilities: they were…

Read more →

What will the security landscape in 2023 look like? Here’s my take. 1. Attackers’ tactics will evolve, and defense strategies will evolve with them With online platforms and social media fully integrated into our daily routine, phishing and social engineering…

Read more →

Veracode revealed data that could save organizations time and money by helping developers minimize the introduction and accumulation of security flaws in their software. Their report found that flaw build-up over time is such that 32% of applications are found…

Read more →

Bots continue to evolve and thrive at the expense of companies. Kasada’s research shows revenue loss from bot-driven account fraud and web scraping continues to skyrocket, despite companies spending more on bot mitigation solutions every year. In this Help Net…

Read more →

How can organizations create an environment that allows the broadest access across distributed warehouses, databases, object stores and data exchanges, while at the same time maintaining consistent data oversight? There’s no single template for enacting robust and effective data controls.…

Read more →

Status Pages allow PagerDuty customers to proactively communicate status updates with their customers while keeping both internal technical teams and customer service teams informed, as well. Intuitive, easy to use, and able to be set up in minutes, the new…

Read more →

Ordr has formed a collaboration with GE HealthCare to offer customers a solution leveraging Ordr’s platform for health systems. The solution addresses critical patient care challenges across three key stakeholder groups: biomedical and healthcare technology management (HTM) teams, giving them…

Read more →

Cyberpion has unveiled that Marc Gaffan has been named CEO, Doron Gill will serve as VP of Engineering, and Ido Samson joins as CRO. Co-founder Nethanel Gelernter is moving from CEO to CTO where he will focus on accelerating innovation…

Read more →

Infoblox has unveiled that Jesper Andersen has decided to retire as CEO and the Board of Directors has appointed Scott Harrell as the new President and CEO. Andersen will continue to serve on the Board and support Harrell through the…

Read more →

Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected boot features. These vulnerabilities affect over 120 different models of the Siemens S7-1500 CPU product family.…

Read more →

Cisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of routers, but won’t be fixing them as the devices “have entered the end-of-life process.” Proof-of-concept exploit code for CVE-2023-20025 and…

Read more →

For the past 17 years the World Economic Forum’s Global Risks Report has warned about deeply interconnected global risks. Conflict and geo-economic tensions have triggered a series of deeply interconnected global threats, according to the latest report. Serious long-term threats…

Read more →

Personal employee or customer data accounted for nearly 45% of all data stolen between July 2021 and June 2022, while companies’ source code and proprietary information accounted for a further 6.7% and 5.6% respectively, according to Imperva. More positively, the…

Read more →

Security teams struggle to defend their dispersed networks because the technologies responsible for network security are being pushed towards obsolescence by evolutionary pressures. Strategies like EDR and MFA become less effective than intended, leaving organizations with unknown gaps that lead…

Read more →

ChatGPT from OpenAI is a conversational chatbot that was recently released in preview mode for research purposes. It takes natural language as an input and aims to solve problems, provide follow up questions or even challenge assertions depending on what…

Read more →

FileCloud has added Zero Trust File Sharing, which will provide yet another layer of security to the content collaboration platform. Zero Trust File Sharing in FileCloud will enable users to collaborate securely, not just with other employees, but also with…

Read more →

Cloudflare announced several new zero trust email security solutions, compatible with any email provider, to protect employees from multichannel phishing attacks, prevent sensitive data being exfiltrated via email, and help businesses speed up and simplify deployments. Now, Cloudflare is providing…

Read more →

ThriveDX is launching a road tour across Europe from Jan. 11 to Feb. 23, 2023 to introduce the company’s human factor security solutions to Exclusive Networks’ ecosystem of more than 25,000 partners and to address the cybersecurity talent shortage, skills…

Read more →

Bionic has announced a product integration with Wiz to provide customers with an agentless way to unify and scale their cloud and application security posture in production. With this integration, DevSecOps teams now have complete visibility and context into which…

Read more →

Hitachi Vantara has unveiled that Monica Kumar has assumed the role of Chief Marketing Officer (CMO) at the organization, effective immediately. She reports directly to CEO Gajen Kandiah. “Great companies are those who can find a way to articulate their…

Read more →

Arkose Labs has announced that Chris Cabrera, founder and CEO of Xactly Corporation, has joined its Board of Directors effective Jan. 1, 2023. Cabrera is the company’s seventh board member, and represents the interest of common shareholders. Arkose Labs’ board…

Read more →

Tufin has appointed Raymond Brancato as CEO, effective immediately. Raymond has more than 27 years of experience developing and executing go-to-market strategies in the technology industry and will be taking the lead role at the company to guide it through…

Read more →

Censinet has raised $9 million in funding led by MemorialCare Innovation Fund including Rex Health Ventures and Ballad Ventures, bringing the Company’s total funding to more than $22 million. Existing investors LRVHealth, HLM Venture Partners, Schooner Capital, Excelerate Health Ventures,…

Read more →

Cerberus Sentinel has signed a definitive agreement for the acquisition of RAN Security. Under the terms of the agreement, RAN Security will become a wholly owned subsidiary of Cerberus Sentinel. The transaction is expected to close later in the year,…

Read more →

Amid heightened threats to the nation’s healthcare systems, more than 20 leading healthcare organizations have come together to identify effective, efficient, and new innovative approaches to reduce cyber risk across the healthcare industry’s third-party ecosystem. The Health 3rd Party Trust…

Read more →

Hack The Box announces a Series B investment round of $55 million led by Carlyle, alongside Paladin Capital Group, Osage University Partners, Marathon Venture Capital, Brighteye Ventures, and Endeavor Catalyst Fund. The new investment will accelerate Hack The Box’s growth…

Read more →

Researchers have discovered cryptographic vulnerabilities in Swiss-based secure messaging application Threema that may have allowed attackers to do things like break authentication or recover users’ long-term private keys. The vulnerabilities have been fixed and Threema has since switched to a…

Read more →

Google announced that the Google for Startups Growth Academy: Cybersecurity program now accepts applications from EU companies. The three-month program, announced last fall, will start in April and connect the finest of Google with the top European cybersecurity firms. From…

Read more →

DDoS attacks are getting larger and more complex moving towards mobile networks and IoT, which are now used in cyberwarfare. In this Help Net Security video, Steve Winterfeld, Advisory CISO at Akamai, discusses the most powerful DDoS attacks in the…

Read more →

The increase in the number of attack surfaces along with the rise in cybercriminal sophistication is generating technical debt for security operations centers (SOCs), many of which are understaffed and unable to dedicate time to effectively manage the growing number…

Read more →

With 88% of organizations supporting a hybrid or remote work model, it’s clear that the way people work has changed. Organizations are realizing that the means in which secure access is achieved must also adapt, according to Axis Security. SSE…

Read more →

Over 400 distinct cloud applications delivered malware in 2022, nearly triple the amount seen in the prior year, and 30% of all cloud malware downloads in 2022 originated from Microsoft OneDrive, according to Netskope. Cloud applications are widely used by…

Read more →

Cloudflare announced Magic WAN Connector, the open source software-defined software package that makes it easier for businesses to connect and secure their network with Cloudflare. With Magic WAN Connector, Cloudflare One is now a true integrated SASE security and networking…

Read more →

Waterfall Security Solutions announced a collaboration agreement with Yokogawa, a provider of industrial automation and test and measurement solutions. This new collaboration will make Waterfall’s Unidirectional Gateway cybersecurity products and technologies available to Yokogawa’s customers globally. In a world where…

Read more →

Schneider Electric partners with BitSight to develop a global Operational Technology (OT) Risk Identification and Threat Intelligence capability. In recent years, both opportunistic and advanced cyber threat actors have shown increased willingness to target industrial and operational sites. Schneider Electric…

Read more →

42Crunch has joined the Microsoft Intelligent Security Association (MISA), a group of security technology providers who have integrated their solutions with Microsoft’s security technology products to better defend against a world of increasing threats. 42Crunch has integrated with Microsoft Sentinel…

Read more →

NetSPI has acquired nVisium to further scale its offensive security solutions and address heightened demand for human-delivered penetration testing. nVisium will support NetSPI’s continued efforts to deliver strategic security testing solutions to enterprises. With the acquisition, NetSPI now has over…

Read more →

Simeio’s acquisition of PathMaker Group (PMG) is a key strategic move that complements Simeio’s organic strategy of expanding into new industries and talent pools and adding new capabilities around identity orchestration and automation. The acquisition also strengthens Simeio’s presence in…

Read more →

To mark the January 2023 Patch Tuesday, Microsoft has released patches for 98 CVE-numbered vulnerabilities, including one exploited in the wild (CVE-2023-21674) and one (CVE-2023-21549) that’s been publicly disclosed. Both allow attackers to elevate privileges on the vulnerable machine. Vulnerabilities…

Read more →

Security veteran Chris Deibler, the new VP of Security at DataGrail, has been brought in to build the company’s security team to support its growth. A former Director of Security Engineering at Shopify and Director of Security at Twitch, he…

Read more →

In this Help Net Security video, Karthik Kannan, CEO at Anvilogic, talks about predictions for the cybersecurity world in 2023 and how to gain security consciousness through cost. The post How to gain security consciousness through cost appeared first on…

Read more →

While many of the tried and true best security hygiene practices remain, we’ll face new and complex business challenges related to how we work, the systems we use, threats and compliance issues we face. Although often overlooked, a strong identity…

Read more →

Compliance services are emerging as one of the hottest areas of cybersecurity. While compliance used to be mainly the province of large enterprises, times have changed, and it is now a day-to-day concern for a growing number of small and…

Read more →

Cloudflare has released Cloudflare Digital Experience Monitoring, an all in one dashboard that helps CIOs understand how critical applications and Internet services are performing across their entire corporate network. Cloudflare Digital Experience Monitoring, part of Cloudflare’s Zero Trust platform, will…

Read more →

Zyxel Networks has launched the XMG1930 series switches that provide SMBs, system integrators, managed service providers, and small internet service providers with a solution to support the increasing bandwidth requirements driven by advanced business applications. Upgrade network speeds without re-cabling…

Read more →

DataGrail announced that Chris Deibler, formerly of Shopify, Twitch, and Box, has been named DataGrail’s VP of Security. Deibler will oversee the building out of the security team for DataGrail as it transitions into its next phase of growth. The…

Read more →

Appgate has unveiled that its board of directors has appointed Leo Taddeo as the company’s new Chief Executive Officer and President, effective January 4, 2023. With 25 years of executive federal and commercial experience, Taddeo had been serving as Appgate’s…

Read more →

The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week. The exploit chains CVE-2022-41082, a RCE flaw, and CVE-2022-41080, a privilege escalation…

Read more →

immudb has a connector to store events and data gathered by Security Operations Center (SOC) and Security Information and Event Management (SIEM) tools from Splunk, Elastic, plus IBM QRadar XDR and Microsoft Sentinel. “It’s important to store logs and events…

Read more →

The new trust Business has always relied upon a foundation of trust. Before we did business we looked our potential business partner in the eye, shook their hand and got a sense of their trustworthiness. But trust today is based…

Read more →

You may already have an IR plan but regardless of how thorough you might feel it is at this moment, the evolving cyber threat landscape and shifting circumstances within your organization demand regular changes and improvements. What are the attack…

Read more →

In this Help Net Security video, Jason Kent, Director at Open Seas, explains why FIDO and passwordless authentication is the future. He dives deep into the technical reasons and explains why physical FIDO authentication is safer than other software/app/SMS solutions.…

Read more →

Trend Micro has established CTOne, a new Trend Micro subsidiary focused on advancing 5G network security and beyond. The group’s intellectual capital and leadership come from Trend Micro’s culture of innovation and is the latest incubation project to launch as…

Read more →

The start of a new year means it’s time to start working towards achieving your annual resolutions. Based on the headlines from the December news media, perhaps the most important point is don’t procrastinate! We should all have some sort…

Read more →

Oxeye revealed five predictions expected to shape enterprise security spending in 2023. The predictions follow industry-wide research, which shows the industry is shifting away from legacy software infrastructure and standardizing on cloud-native applications – resulting in the need for new…

Read more →

Digital forensics is used to find, examine and analyze digital evidence that can serve in criminal investigations, but also in incident response, investigations of data breaches, to unearth insider threats, etc. Colm Gallagher, Forensics Director, CommSec Communications & Security, talks…

Read more →

Regardless of what 2023 holds in store for the economy, your organization’s financial commitment to supporting OT cybersecurity efforts is being decided now. In the public sector, much of the funding needed to secure critical infrastructure has already been allocated.…

Read more →

Box has released new enhancements to the Box for Salesforce integration on Salesforce AppExchange, that helps businesses connect teams to their content so they can work securely from anywhere. “With hundreds of apps used in the average enterprise, we know…

Read more →

LogRhythm has unveiled a series of expanded capabilities and integrations for its security operations solutions. The updates propel LogRhythm’s ability to be a force multiplier for overwhelmed security teams who are expected to confidently, effectively, and efficiently defend against cyberattacks.…

Read more →

Valeo and C2A Security have unveiled a strategic collaboration to enhance Valeo’s cybersecurity offerings on their products in development and continuous operations. The new partnership addresses the industry’s need for streamlined and efficient cybersecurity. As cars become more software-centric and…

Read more →

GuardKnox is collaborating with Wind River to enable developers to build secure containerized applications for software-defined vehicles of the future. The combination of GuardKnox’s SOA (Service Oriented Architecture) core framework and corresponding tools suite with Wind River’s VxWorks real-time operating…

Read more →

Keysight Technologies has collaborated with Qualcomm Technologies to establish an end-to-end 5G non-terrestrial network (NTN) connection. Based on this successful demonstration of call signaling and data transfer using orbit trajectory emulation, Keysight and Qualcomm Technologies aim to accelerate 5G NTN…

Read more →

Will your organization fall apart if you don’t switch from a VPN to a zero trust network access (ZTNA) solution in the near future? I’m here to tell you it won’t. The reality of VPN vs. ZTNA For a while…

Read more →

Data backup has traditionally been in the operational domain of IT, while security teams have been responsible for threats to data from attacks. As these attacks have become more sophisticated, backups have come under threat and vendors have had to…

Read more →

Every SOC on the planet is grappling with the challenges of integrating detection techniques and response processes for public cloud computing. This presentation by Rich Mogull, SVP Cloud Security at FireMon, delves into the details with a framework for modernizing…

Read more →

HARMAN has unveiled that its Digital Transformation Solutions (DTS) business unit is introducing DefenSight Cybersecurity Platform to help enterprises keep their IT systems safe and secure using real-time threat intelligence analytics. DefenSight Cybersecurity Platform identifies vulnerable systems through continuous monitoring…

Read more →

CORL Technologies introduced Third-Party Incident Response (TPIR), allowing healthcare providers to address third-party security incidents proactively. CORL’s TPIR service tames the chaos of incident response by enabling healthcare companies to share information and provide total clarity about how each party…

Read more →

IronNet enhances its network detection and response (NDR) solution, IronDefense, enabling early visibility of unknown cyber threats that have slipped past endpoint and firewall detection and entered the network, whether on-premises or in the cloud. With IronNet’s latest NDR updates,…

Read more →

Attackers are expected to broaden their targeting strategy beyond regulated verticals such as financial services and healthcare. Large corporations (41%) will be the top targeted sector for cyberattacks in 2023, favored over financial institutions (36%), government (14%), healthcare (9%), and…

Read more →

In 2022, significant geopolitical developments have led to equally significant changes within the cyber insurance market. In this Help Net Security video, Chris Denbigh-White, Global Director of Customer Success for Next DLP, discusses how, with the increasing number of breaches,…

Read more →

There is a famous quote I often think about at 3am on a Sunday morning as I am working with a client to recover from a large-scale cybersecurity incident: “Fail to prepare, prepare to fail.” It is painfully obvious which…

Read more →

MediaTek announced the latest chipset in the Genio platform for IoT devices, the octa-core Genio 700 designed for smart home, smart retail, and industrial IoT products. With a focus on power efficiency, the MediaTek Genio 700 is a N6 (6nm)…

Read more →

Most IT security professionals will focus on improving “detect” and “respond” capabilities, amidst concern over increasing costs and regulatory pressures, according to Deepwatch. The report found that digital transformation initiatives and regulatory requirements were the top two cost drivers expected…

Read more →

Raj Samani, SVP, Chief Scientist, Rapid7, discusses the tactics observed from a recent case of espionage, and what can be learned from such observations. This video was recorded at IRISSCON 2022, an annual conference organized by IRISSCERT. The all-day event…

Read more →

The cybersecurity industry will undergo some significant changes in 2023. As more systems get connected, we can expect to see more outages. We probably won’t see a “digital Pearl Harbor,” but we will see more breaches, impact, and fear. How…

Read more →

If you’re interested in penetration testing and digital forensics, you know that Kali Linux is worth a try. And if you’re already doing it, chances are good you are already using it. We talked to Jim O’Gorman, Chief Content and…

Read more →

GreyNoise Intelligence unveiled its research report that dives deep into the most significant threat detection events of the past 12 months. “When it comes to cybersecurity, not all vulnerabilities are created equal, and many of the ones that garner media…

Read more →

High-profile ransomware news stories grabbed headlines a few years ago but faded in popularity as other attacks like cryptojacking grew more profitable. Since the first months of 2020, ransomware attacks have been on the rise and are in the news…

Read more →

When a CISO takes the wrong approach to data loss prevention (DLP), it can quickly compound into a triple loss. First, they lose their organization’s money by investing in an ineffective solution that meets required regulations but does little else.…

Read more →