Tag: Help Net Security

BlackBerry and Adobe have partnered to deliver a secure forms solution for mobile. The software solution, which combines BlackBerry UEM and Adobe Experience Manager Forms, is designed for popular mobile device platforms, and meets the rigorous security standards required by…

Read more →

A new Chrome extension promising to augment users’ Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found. While this specific trick isn’t new, this time around the extension also worked as advertised. “Based on…

Read more →

Logged failed logins into a company’s Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. Those credentials can then be used log in to any of the organization’s platforms that…

Read more →

The Transportation Security Administration (TSA) recently issued new cybersecurity requirements for the aviation industry, which follows last year’s announcement for railroad operators. Both announcements are part of the Department of Homeland Security’s effort to improve the nation’s cybersecurity resiliency and…

Read more →

Between January 2021 and October 2022, the EU Agency for Cybersecurity (ENISA) analyzed and mapped the cyber threats faced by the transport sector, identifying prime threats, analyzing incidents, assessing threat actors, analyzing their motivations, and introducing major trends for each…

Read more →

With cybersecurity incidents involving compromised credentials continually the most common cause of a data breach for enterprises – and account takeover for individuals, securing digital identities has become paramount. In this Help Net Security video, Jeff Reich, Executive Director at…

Read more →

Many companies struggle to implement and integrate a bunch of different solutions covering different parts of the IDV process. In fact, according to Regula’s survey, 40% of organizations cite this overly complex technical environment as the largest constraint to deploying…

Read more →

Lightspin launched the Remediation Hub as part of its cloud-native application protection platform (CNAPP) solution. An evolution of Lightspin’s root cause analysis feature, the Remediation Hub provides users the ability to dynamically remediate the most critical cloud environment risks, at…

Read more →

Secureworks bolsters cyber resiliency with launch Of Security Posture Dashboard. Using the 600 billion security events Taegis analyzes daily, the Dashboard empowers customers to understand their cybersecurity posture and how resilient they would be in the face of a cyberattack.…

Read more →

Vumetric Cybersecurity has launched its Penetration Testing as-a-Service (PTaaS) platform, designed to simplify and modernize cybersecurity assessments for organizations of all sizes. The Vumetric PTaaS platform revolutionizes the penetration testing process by providing self-service capabilities that allow organizations to schedule…

Read more →

An average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited, according to Continuity. The findings underscore a significant gap in the state of enterprise…

Read more →

Verosint and Ping Identity partnership enables mutual customers to analyze digital identities across devices at login to determine account fraud risk. Recognized customers are granted a frictionless transaction path, whereas suspicious users are automatically challenged or blocked to prevent fraudulent…

Read more →

Veza announced the appointment of Jason Garoutte as its first Chief Marketing Officer. Garoutte is responsible for building and leading a world-class marketing organization that drives Veza’s continued growth and scale. Garoutte has two decades of marketing and operational leadership…

Read more →

GNOME 44, code-named Kuala Lumpur, is now available. The GNOME Circle now includes many new apps, and both the Software and Files apps have undergone enhancements. The new version features a grid view in the file chooser, improved settings panels…

Read more →

Google has announced the startups chosen for its Cybersecurity Startups Growth Academy. The 15 selected startups are from eight countries and were chosen from over 120 applicants. They have made significant contributions, from securing health applications to protecting educators and…

Read more →

A mere 15% of organizations globally have the ‘mature’ level of readiness needed to be resilient against today’s modern cybersecurity risks, according to a Cisco report. Organizations have moved from an operating model that was largely static – where people…

Read more →

Although OpenAI is an established organization with many years of experience promoting and developing AI systems, the relative immaturity of the ChatGPT application, combined with the lack of security assurance available for OpenAI, can put organizations at risk. In this…

Read more →

“Is cybersecurity recession-proof?” That’s the question on the minds of many security professionals and executives as a possible economic downturn of indeterminate length and severity looms and many organizations are tightening their belts. While research suggests that IT spending is…

Read more →

Not only do security vulnerabilities lurk within software, but they can also be embedded directly into hardware, leaving technical applications open to widespread attack. For their project, the researchers took thousands of microscopic images of microchips. Pictured here is such…

Read more →

Splunk has released innovations to Splunk’s unified security and observability platform to help build safer and more resilient digital enterprises. Splunk’s latest innovations include enhancements to Splunk Mission Control and Splunk Observability Cloud, and the general availability of Splunk Edge…

Read more →

AlertEnterprise has revealed the launch of its new Guardian SOC Insights suite. Powered by the company’s latest developments in AI, including a powerful integration with the OpenAI ChatGPT platform, Guardian SOC Insights is designed to provide actionable data and playbooks…

Read more →

WALLIX has released SaaS Remote Access, the SaaS version of the remote access management technology integrated into WALLIX PAM4ALL, its unified privilege management solution. SaaS Remote Access is designed for organizations – across all sectors and in particular the industrial…

Read more →

Verosint announced a new solution that helps organizations secure their online businesses and protect their customers in the face of ever-growing account fraud. With Verosint, companies can deliver frictionless access to legitimate customers, while blocking or challenging access by suspicious…

Read more →

SailPoint Technologies has rolled out a new non-employee risk management capability based on the company’s January 2023 acquisition of SecZetta. The SailPoint Non-Employee Risk Management solution is available now as an add-on to the SailPoint Identity Security Cloud. The new…

Read more →

Aembit has unveiled its official launch alongside $16.6M in seed financing from cybersecurity specialist investors Ballistic Ventures and Ten Eleven Ventures. Aembit helps companies apply a zero trust security framework to workload access, similar to existing solutions for workforce access,…

Read more →

Cyberattacks often begin with an unsuspecting user clicking on a link that redirects them to a harmful site containing malware. Even the best employee training won’t prevent every mistake. The best way to stop those mistakes from becoming costly cyber…

Read more →

Stratodesk and deviceTRUST announced their security integration partnership. This partnership benefits customers by delivering an additional layer of security for workspace access and authorization. Stratodesk and deviceTRUST collaboration brings customers the most secure endpoint environment accessing corporate workspaces. deviceTRUST complements…

Read more →

Italian luxury sports car maker Ferrari has suffered a data breach and has confirmed on Monday that it “was recently contacted by a threat actor with a ransom demand related to certain client contact details,” but that it won’t be…

Read more →

Malicious threat actors have actively exploited 55 zero-days in 2022 – down from 81 in 2021 – with Microsoft, Google, and Apple products being most targeted. 53 out of 55 allowed attackers to achieve elevated privileges or execute remote code…

Read more →

Half of U.S. businesses say that security is the most influential factor when buying software, according to Capterra’s Security Features Survey. In fact, 45% have stopped using a specific type of software due to security concerns. Businesses are willing to…

Read more →

Hackers are diversifying attack methods, including a surge in QR code phishing campaigns, according to HP. From February 2022, Microsoft began blocking macros in Office files by default, making it harder for attackers to run malicious code. Data collected by…

Read more →

In this Help Net Security video, Liudas Kanapienis, CEO of Ondato, discusses the impact of AI on the future of ID verification and how it is transforming the way identities are being verified. The post The impact of AI on…

Read more →

My mother is 67 years old. She is a brilliant woman, educated and not at all afraid of technology. Yet, when I tried to get her to install Google Authenticator and use multi-factor authentication (MFA) for logging into applications, she…

Read more →

Eurotech announced its newest edge servers with scalable, cybersecurity certified – AI capabilities. Cyber-threats have become endemic and severely expose states and businesses of all sizes to the risk of loss of data, interruption of services, and direct or indirect…

Read more →

ForgeRock announced ForgeRock Enterprise Connect Passwordless, a new passwordless authentication solution that eliminates the need for users to interact with passwords inside large organizations. Enterprise Connect Passwordless is the latest addition to ForgeRock’s passwordless authentication portfolio for consumer and workforce…

Read more →

Mastercard acquired Baffin Bay Networks to better help businesses deal with the increasingly challenging nature of cyber-attacks. Baffin Bay Networks, based in Sweden, adds to Mastercard’s multi-layered approach to cyber security and helps to stop attacks, while mitigating exposure to…

Read more →

Secret Double Octopus partners with Wipro to strengthen passwordless protection against identity-based cyber attacks. Under the new partnership, Wipro’s Cybersecurity and Risk Services (CRS) will use SDO’s Octopus Enterprise technology platform to drive Wipro’s passwordless authentication solution, as part of…

Read more →

Tracking pixels like the Meta and TikTok pixels are popular tools for online businesses to monitor their website visitors’ behaviors and preferences, but they do come with risks. While pixel technology has been around for years, privacy regulations such as…

Read more →

Waterfall Security Solutions launched the WF-600 Unidirectional Security Gateway, an OT security protection against remote cyber attacks. The WF-600 product line is a blend of hardware and software, enabling unbreachable protection at IT/OT interfaces with unlimited visibility into OT networks,…

Read more →

Our reliance on face matching for identity verification is being challenged by the emergence of artificial intelligence (AI) and facial morphing technology. This technique involves digitally creating an image which is an average of two people’s faces, and which can…

Read more →

99% of all businesses across the United States and Canada are mid-sized businesses facing cybersecurity challenges, according to a Huntress report. Aimed to gain insights into organizational structure, resources and cybersecurity strategies, the results contextualize challenges across core functions including…

Read more →

Worldwide spending on security solutions and services is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022, according to IDC. Investments in hardware, software, and services related to cybersecurity are expected to reach nearly $300…

Read more →

Despite the economic uncertainty, 57% of organizations plan to increase their cybersecurity budgets in 2023, according to a survey from Arctic Wolf. This highlights a powerful trend: critical needs like security must be addressed even with IT budgets tightening. As…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Samsung, Vivo, Google phones open to remote compromise without user interaction Several vulnerabilities in Samsung’s Exynos chipsets may allow attackers to remotely compromise specific Samsung…

Read more →

Keysight Technologies introduces the Keysight Digital Learning Suite, a new unified digital learning platform that provides university engineering educators and students with lab tools, resources, and courseware through a single, secure web interface. In response to demands for flexible learning…

Read more →

DataRobot has released DataRobot AI Platform 9.0, along with deeper partner integrations, AI Accelerators, and redesigned service offerings, all centered on helping organizations derive measurable value from their AI investments. “AI has the potential to enhance every aspect of business…

Read more →

KELA has partnered with Snowflake to launch its technical intelligence data on Snowflake Marketplace. KELA’s Technical Cybercrime Intelligence availability on Snowflake Marketplace will enable joint customers to get near-instant, seamless, and secure access to potentially compromised IPs and domains involved…

Read more →

Several vulnerabilities in Samsung’s Exynos chipsets may allow attackers to remotely compromise specific Samsung Galaxy, Vivo and Google Pixel mobile phones with no user interaction. “With limited additional research and development, we believe that skilled attackers would be able to…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Atakama, Elevate Security, Hornetsecurity, HYPR, and ReversingLabs. Hornetsecurity VM Backup V9 protects users against ransomware threats VM Backup V9 has an easy-to-use, intuitive interface that…

Read more →

Cloud environments provide many benefits, primarily involving their ease of scalability and resilience. Those qualities exist because of automation and the easy and straightforward way to leverage that to enhance a cloud environment. While that ease through automation can have…

Read more →

After news broke late last week about Silicon Valley Bank’s bank run and collapse, security researchers started warning SVB account holders about incoming SVB-related scams and phishing attempts. Another reminder: just because caller ID says FDIC, SVB, or a phone…

Read more →

Security experts are increasingly resorting to unauthorized AI tools, possibly because they are unhappy with the level of automation implemented in their organization’s security operation centers (SOCs), according to a study conducted by Wakefield Research. The research demonstrates that embracing…

Read more →

The cybersecurity industry can leverage GPT-3 potential as a co-pilot to help defeat attackers, according to Sophos. The latest report details projects developed by Sophos X-Ops using GPT-3’s large language models to simplify the search for malicious activity in datasets…

Read more →

Elevate Security has released Elevate Identity, its SaaS offering for Identity and Access Management (IAM) Professionals that integrates Elevate’s user risk profiling capability with IAM tools such as Cisco Duo, Crowdstrike Falcon, and Microsoft Azure AD to add a full…

Read more →

Approximately 10-16 percent of organizations have shown evidence of malicious command and control (C2) activities, strongly indicating a network breach within the last year, according to Akamai. Emotet and QSnatch Akamai observes nearly seven trillion DNS requests daily and classifies…

Read more →

Atakama unveiled its new Multifactor Encryption platform, Atakama Enterprise, featuring the Atakama Intelligence Center. Atakama’s Multifactor Encryption combines advanced Distributed Key Management (DKM) with the proven concept of multi-device authentication for a progressive security solution that challenges the status quo…

Read more →

HYPR announced its newest offering, Enterprise Passkeys for Microsoft Azure and integrated with Microsoft Entra. This new technology turns any smartphone into a FIDO2 virtual security key, providing authentication flexibility, user convenience and security while eliminating the complexity and cost…

Read more →

Perception Point has added browser-centric Data Loss Prevention (DLP) capabilities to its Advanced Browser Security extension. The Browser Security plugin provides comprehensive security measures and granular controls to safeguard corporate assets from loss, misuse, and unauthorized access. Working in the…

Read more →

Dell Technologies has unveiled new security services and solutions to help organizations protect against threats, respond to attacks and secure their devices, systems and clouds. Seventy-two percent of IT business leaders and professionals believe the changing working world exposes their…

Read more →

BigID has introduced purpose-built AI and ML-based data discovery and classification capabilities designed to detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets – including as API keys, tokens, usernames and passwords, and security…

Read more →

Trustwave and Trellix have formed a strategic partnership to bring visibility and more precise detection and response to security teams defending against cyberthreats. Trustwave’s Managed Detection and Response (MDR) provides enterprises across the globe with 24×7 monitoring, detection, and response…

Read more →

Veeam Software has unveiled a strategic partnership with Carahsoft Technology. Under the agreement, Carahsoft will serve as Veeam’s preferred public sector distributor, expanding public sector access to the Veeam Data Platform (VDP), which provides customers with the data security, data…

Read more →

Through CyberGRX and ServiceNow integration, ServiceNow Vendor Risk Management customers will have access to CyberGRX’s extensive third-party risk data, enabling them to prioritize risk actions and maintain constant visibility on emerging third-party threats. Organizations work with multiple vendors, partners and…

Read more →

OffSec released the 2023 edition of Penetration Testing with Kali Linux (PEN-200). This new version, which incorporates the latest ethical hacking tools and techniques through real-world penetration testing simulations, offers many improvements and additions, including new Learning Modules and Learning…

Read more →

Hornetsecurity launched VM Backup V9 – the newest version of its virtual machine (VM) backup, replication and recovery solution. This latest iteration offers ransomware protection leveraging immutable cloud storage on Wasabi and Amazon S3, with Microsoft Azure soon to follow.…

Read more →

Appian introduced Appian Protect, a new set of security offerings that delivers reliable data monitoring and end-to-end encryption for cloud and mobile applications. Appian Protect gives Appian customers increased control over their security posture, with top-tier encryption capabilities, 24x7x365 monitoring,…

Read more →

AWS has been offering Amazon Linux, a cloud-optimized Linux distribution, since 2010. This distribution’s latest version is now available. Amazon Linux 2023 is provided at no additional charge. Standard Amazon EC2 and AWS charges apply for running EC2 instances and…

Read more →

Cyber attribution is a process by which security analysts collect evidence, build timelines and attempt to piece together evidence in the wake of a cyberattack to identify the responsible organization/individuals. Cyber threat attribution stems from the core psychology of a…

Read more →

1,450 global consumers’ experiences with passwordless authentication, hybrid identities, and ownership over personally identifiable information reveal that they want more convenience when it comes to identity credentials, according to Entrust. “The pace of commerce and business is moving faster than…

Read more →

Phishing attacks have become increasingly prevalent and sophisticated, making it more difficult for individuals to protect themselves from these scams. In this Help Net Security video, Ofek Ronen, Software Engineer at Perception Point, discusses two-step phishing attacks, which are not…

Read more →

Unpatched vulnerabilities are responsible for 60% of all data breaches. The Department of Homeland Security has estimated that the proportion of breaches stemming from unpatched flaws may be as high as 85%. Timely patching is an important aspect of managing…

Read more →

While 93% of CIOs expect an increase in IT budgets for 2023, 83% of them are feeling pressured to stretch their budgets even further than before, with a focus on managing cloud costs more efficiently and addressing the growing issue…

Read more →

With the rise of faster multi-gig internet speeds now available to more and more households, the growing number of connected devices per family and the ever-increasing growth of bandwidth hungry 4K/8K video streaming, HD Zoom calls, hybrid collaborative graphics-intensive work,…

Read more →

Neurotechnology has released MegaMatcher 13.0 that provides a range of products for developing multi-biometric solutions that require high accuracy, speed and scalability. The latest release features MegaMatcher SDK, MegaMatcher Accelerator and MegaMatcher ABIS updates and improvements and adds a new…

Read more →

ReversingLabs has unveiled new secrets detection features within its Software Supply Chain Security (SSCS) platform. ReversingLabs improves secrets detection coverage by providing teams with the context and transparency needed to prioritize developers’ remediation efforts, reduce manual triage fatigue, and improve…

Read more →

Cloudflare is entering the fraud detection market to help businesses identify and stop online fraud – including fraudulent transactions, fake account signups, account takeover attacks, and carding attacks – before it impacts their brand or their bottom line. Powered by…

Read more →

ESET researchers have uncovered a compromise of an East Asian data loss prevention (DLP) company. The attackers utilized at least three malware families during the intrusion, compromising both the internal update servers and third-party tools utilized by the company. This…

Read more →

If you are developing a modern medical, manufacturing, or logistics facility, there’s no doubt that a large portion of your investment was made into the electronic aspects of your device. Sensors, connected devices, and machinery are synchronized to deliver a…

Read more →

So, you want to deploy Kubernetes in an air-gapped environment, but after months of grueling work, you’re still not up and running. Or maybe you’re just embarking on the journey but have heard the horror stories of organizations trying to…

Read more →

As server-side security advances, more attackers are exploiting vulnerabilities and launching malicious attacks through the less protected and seldom monitored client-side supply chain. Unfortunately, because of these attacks’ sophisticated and subtle nature, they can be hard to detect until it’s…

Read more →

While massive public data breaches rightfully raise alarms, the spike in malware designed to exfiltrate data directly from devices and browsers is a key contributor to continued user exposure, according to SpyCloud. The 2023 report identified over 22 million unique…

Read more →

There is a consensus among MSPs and MSSPs that vCISO services pose an excellent opportunity for a new revenue stream, but how do you successfully do that? Watch this panel discussion to hear from MSSP leaders who already sell vCISO…

Read more →

Today, phishing is the fastest growing Internet crime, and a threat to both consumers and businesses. Finance, technology, and telecom brands were the most commonly impersonated industries, notably for the unprecedented access and financial benefit that bank accounts, email and…

Read more →

Startpage’s latest enhancements include private local in-map results, knowledge panels and instant answers, providing users with a more intuitive search experience while also prioritizing user privacy. They also feature what every user wants, fewer ads. Search results now incorporate information…

Read more →

Tanium has released its new certificate manager and enhanced policy management capabilities, offering organizations convenient tool consolidation, cost and time savings, and more accurate reporting via Tanium’s XEM platform. Organizations today struggle to see and manage digital certificates; the average…

Read more →

Motorola Solutions announced the new Avigilon physical security suite that provides secure video security and access control to organizations of all sizes around the world. The Avigilon security suite includes the cloud-native Avigilon Alta and on-premise Avigilon Unity solutions, each…

Read more →

Concentric AI announced a DSPM solution with support for optimized large language models delivering improved data security and protection. As a result, Concentric AI’s Semantic Intelligence delivers semantic understanding of data and leverages context to offer precise accuracy in discovering…

Read more →

Canonical is partnering with MediaTek to meet the growing demands of the IoT industry, reduce development costs and accelerate time-to-market. By partnering to enable Ubuntu on the Genio platform, MediaTek and Canonical will make it easier for developers, innovators and…

Read more →

Cloudflare announced new integrations with Atlassian, Microsoft, and Sumo Logic to help businesses of any size secure the tools and applications they rely on with enterprise-ready zero trust security. Now businesses will be able to use security insights from the…

Read more →

It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors. About CVE-2023-23397 “CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is…

Read more →

Organizations in critical infrastructure sectors whose information systems contain security vulnerabilities associated with ransomware attacks are being notified by the US Cybersecurity and Infrastructure Security Agency (CISA) and urged to implement a fix. A pilot program to strengthen critical infrastructure…

Read more →

Canonical announced its Ubuntu Core OS is now compatible with the Arm SystemReady IR system specification, enabling security best practices across connected devices. In addition, the OS has achieved the PSA Certified Level 1. Ubuntu Core is a minimal version…

Read more →

Old ads can be startling—cigarette ads used to boast their health-giving properties, sugar-laden candy was once advertised as a dietary aid, and soft drinks were advertised as a milk alternative for babies. None of this would fly today, of course,…

Read more →

Hopefully, you’ve been working with the Center for Internet Security (CIS) on securing your cloud infrastructure for a while now. Initially, you might have used our CIS Benchmarks and other free resources to manually configure your operating systems in the…

Read more →

BEC attacks are growing year over year and are projected to be twice as high as the threat of phishing in general, according to IRONSCALES and Osterman Research. 93% of organizations experienced one or more of the BEC attack variants…

Read more →

Skyhigh Security has seen firsthand how 33,000 enterprise users have accessed ChatGPT through corporate infrastructures. Almost 7 TB of data has been transacted with ChatGPT through corporate web and cloud assets between Nov 2022 – Feb 2023. In this Help…

Read more →

Managing user access in applications has always been a headache for any developer. Implementing policies and enforcing them can prove to be quite complex, and very time-consuming. Even if a homebrew authorization solution has been developed for an application, sooner…

Read more →

Adtran and Satelles collaboration will enable operators of critical infrastructure to safeguard their timing networks with Satellite Time and Location (STL) technology. By integrating Satelles’ STL into its Oscilloquartz network synchronization products, Adtran will provide an alternative to GNSS systems…

Read more →

OffSec (formerly Offensive Security) has released Kali Linux 2023.1, the latest version of its popular penetration testing and digital forensics platform, and the release is accompanied by a big surprise: a technical preview of Kali Purple, a “one stop shop…

Read more →

For those who haven’t followed the drama, Silicon Valley Bank has been shut down by the California Department of Financial Protection and Innovation, after a bank run that followed an insolvency risk and a stock crash. The Federal Deposit Insurance…

Read more →