Tag: Help Net Security

2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall. “The past year reinforced the need for cybersecurity…

Read more →

In this Help Net Security video, Frank Catucci, CTO, and Dan Murphy, Distinguished Architect at Invicti Security, break down the different types of application security testing tools, explore the strengths and tradeoffs, and provide you with the information you need…

Read more →

AlertEnterprise revealed the launch of its Guardian AI Chatbot powered by OpenAI ChatGPT. The Guardian AI Chatbot is developed with the world-renowned GPT-3 platform created by OpenAI and is designed to instantly deliver security operators the physical access and security…

Read more →

Your technology is always changing, and you often play catchup to secure it. This isn’t easy in the cloud when you share security responsibility with the cloud service providers (CSP). You need to know what’s changing so that you can…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Arkose Labs, Cequence Security, CyberGRX, CyberSaint, Deepwatch, DigiCert, Finite State, FireMon, Hornetsecurity, HYCU, KELA, Lacework, Malwarebytes, Netography, Neustar Security Services, Nudge Security, OPSWAT, SecuriThings, Trulioo,…

Read more →

VMware has delivered new and enhanced remote worker/device connectivity and intelligent wireless capabilities to its SD-WAN and SASE customers. Relatedly, VMware announced an expanded collaboration with Intel to deliver new edge appliances featuring 5G connectivity allowing support for additional SD-WAN…

Read more →

Veeam Software has released new Veeam Backup for Microsoft 365 v7, backup and recovery solution for Microsoft 365 including Microsoft Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams. The latest version of Veeam Backup for Microsoft 365 strengthens…

Read more →

Thales and Qualcomm Technologies have announced the certification of the commercially deployable iSIM (Integrated SIM) on the Snapdragon 8 Gen 2 Mobile Platform, enabling the functionality of a SIM within a smartphone’s main processor. Such GSMA’s security certification2 confirms the…

Read more →

Cyolo introduced partner program designed to help organizations enhance their cybersecurity capabilities for protecting sensitive systems and applications. The newly redesigned program will provide partners with a high profit margin through a simplified reseller structure and richer tools, including access…

Read more →

LastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company’s third-party cloud storage service that hosted backups: “The threat actor leveraged information stolen…

Read more →

The old phrase “sharing is caring” is something that Faye Francy has seen revolutionize entire industries. From her years as a Boeing Commercial Airplanes Cybersecurity ONE team leader, to Aviation-ISAC, and ultimately becoming the Executive Director of Automotive-ISAC, Faye has…

Read more →

Employees are providing hundreds to thousands of third-party apps with access to the two most dominant workspaces, Microsoft 365 and Google Workspace, according to Adaptive Shield. With no oversight or control from security teams, companies have no way to quantify…

Read more →

BEC (Business Email Compromise) attacks have become increasingly prevalent in recent years, with cybercriminals using a variety of tactics to gain access to sensitive information and steal money from businesses. While many people may assume that these attacks are primarily…

Read more →

While moving to the cloud increases efficiency and business agility, security strategies haven’t been adapted to account for this shift and traditional tools can’t effectively manage the unique associated risks. CISOs that ignore the risks are left completely exposed and…

Read more →

Cyber attack risks faced by businesses across states and reported data breaches are relative to the respective state governments’ cybersecurity investment, according to Network Assured. Study methodology Network Assured compared data from State Attorneys Generals and the Department of Health…

Read more →

Vouched announced $6.3 million financing led by BHG VC and SpringRock Ventures, as well as prior investors Darrell Cavens and Mark Vadon. Vouched’s expansion plans build upon the company’s rapid growth over the past year. The company now serves more…

Read more →

Red Hat extend partnership with Samsung to introduce a virtualized radio access network (vRAN) solution that offers advanced integration and automation features. The technology will be designed to help service providers better manage networks at scale while also addressing the…

Read more →

LiveRamp has expanded its partnership with Snowflake to upgrade its product capabilities built natively on Snowflake and increase data connectivity for next-generation, post-cookie marketing in the cloud. By building LiveRamp’s data activation solutions using Snowflake’s Native Application Framework, currently in…

Read more →

After having stressed the importance of keeping Exchange servers updated last month, Microsoft is advising administrators to widen the scope of antivirus scanning on those servers. Microsoft Exchange servers in attackers’ crosshairs Cyber attackers love to target Microsoft Exchange servers,…

Read more →

QNAP Systems, the Taiwanese manufacturer of popular NAS and other on-premise storage, smart networking and video devices, has launched a bug bounty program with rewards of up to US $20,000. QNAP’s NAS devices, in particular, have been getting hit in…

Read more →

Newly released Federal Trade Commission (FTC) data shows that consumers reported losing nearly $8.8 billion to fraud in 2022, an increase of more than 30 percent over the previous year. Losing money to investment and imposter scams Consumers reported losing…

Read more →

Resecurity identified one of the largest investment fraud networks by size and volume of operations created to defraud Internet users from Australia, Canada, China, Colombia, European Union, India, Singapore, Malaysia, United Arab Emirates, Saudi Arabia, Mexico, the U.S. and other…

Read more →

The threat landscape and organizations’ attack surface are constantly transforming, and cybercriminals’ ability to design and adapt their techniques to suit this evolving environment continues to pose significant risk to businesses of all sizes, regardless of industry or geography. Destructive…

Read more →

In this Help Net Security video, Caroline Wong, Chief Strategy Officer at Cobalt, offers valuable insight into what leaders can do to instill stronger cybersecurity practices from the bottom up and prevent breaches. The post Stay one step ahead: Cybersecurity…

Read more →

In today’s data-driven world, the expectations and demands faced by many organizations worldwide are reaching unseen levels. To meet the challenge, a data-driven approach is necessary, with effective digital transformation needed to improve operational efficiency, streamline processes, and get more…

Read more →

Enterprise risk management (ERM) teams are struggling to effectively mitigate third-party risk in an increasingly interconnected business environment, according to Gartner. ERM struggles to elevate the right issues In a Gartner survey of 100 executive risk committee members in September…

Read more →

Contrast Security expands Contrast Serverless Application Security offering to support Microsoft Azure Functions and enable customers to scan for security vulnerabilities on multi-cloud environments. Organizations are rapidly adopting serverless and cloud-native development due to their inherent benefits. However, companies struggle…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google Protected Computing: Ensuring privacy and safety of data regardless of location In this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy,…

Read more →

Last year, Microsoft announced automatic attack disruption capabilities in Microsoft 365 Defender, its enterprise defense suite. On Wednesday, it announced that these capabilities will now help organizations disrupt two common attack scenarios: BEC (business email compromise) and human-operated ransomware attacks.…

Read more →

Edgio has enhanced its Security platform enabling enterprises to better detect and respond to emerging threats while ensuring confidentiality, integrity and availability of their data and applications. These new capabilities are aimed at reducing the damage caused by the increase…

Read more →

Although ransomware‘s share of incidents declined only slightly from 2021 to 2022, defenders were more successful detecting and preventing ransomware, according to IBM. Despite this, attackers continued to innovate with the report showing the average time to complete a ransomware…

Read more →

In this Help Net Security video interview, Huxley Barbee, lead organizer of BSidesNYC 2023, talks about the upcoming event. BSidesNYC 2023 will take place at the John Jay College of Criminal Justice on April 22, 2023. The post What to…

Read more →

The war in Ukraine has seen the emergence of new forms of cyberattacks, and hacktivists became savvier and more emboldened to deface sites, leak information and execute DDoS attacks, according to Trellix. “Q4 saw malicious actors push the limits of…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from CyberGRX, Lacework, Malwarebytes, Netography, Nudge Security, and Xcitium. Malwarebytes Application Block restricts access to outdated and unsafe apps Malwarebytes has added Malwarebytes Application Block to…

Read more →

By 2025, nearly half of cybersecurity leaders will change jobs, 25% for different roles entirely due to multiple work-related stressors, according to Gartner. “Cybersecurity professionals are facing unsustainable levels of stress,” said Deepti Gopal, Director Analyst, Gartner. “CISOs are on…

Read more →

Darktrace has launched Darktrace Newsroom, an AI-driven system that continuously monitors open-source intelligence sources for new critical vulnerabilities and assesses each organization’s exposure through its in-depth knowledge of their unique external attack surface. Darktrace’s knowledge of “self” means it can…

Read more →

Edgio has enhanced its Security platform enabling enterprises to better detect and respond to emerging threats while ensuring confidentiality, integrity and availability of their data and applications. These new capabilities are aimed at reducing the damage caused by the increase…

Read more →

Following recent U.S. state government and other organization bans on TikTok and other social media platforms, Netography announced enhancements to Netography Fusion’s operational governance dashboards, providing analysts with real-time comprehensive views of all social media traffic. These capabilities enable customers…

Read more →

Atos has launched its new ‘5Guard’ security offering for organizations looking to deploy private 5G networks and for telecom operators looking to enable integrated, automated, and orchestrated security to protect and defend their assets and customers. A new end-to-end 5G…

Read more →

Deloitte EMEA-LATAM Cybersphere Center (ECC) and Cyberbit have announced a strategic partnership that will drive cyber readiness across industries by focusing on the human element of cybersecurity. Cyberbit delivers a holistic approach to developing cyber readiness that emphasizes the human…

Read more →

Metomic has raised a $20 million Series A funding round. The round is led by Evolution Equity Partners with participation from Resonance and Connect Ventures. The investment will be used for U.S. expansion efforts and research and development initiatives. It…

Read more →

Privacera and Databricks users can now facilitate data discovery and consistent data access across the Databricks Lakehouse Platform, including seamless migration of existing Privacera policies. With this latest integration, Privacera increases the ability for its users to provide a holistic…

Read more →

The massive popularity of OpenAI’s chatbot ChatGPT has not gone unnoticed by cyber criminals: they are exploiting the public’s eagerness to experiment with it to trick users into downloading Windows and Android malware and visit phishing pages. Fake ChatGPT apps…

Read more →

The economic downturn predicted for 2023 will lead to layoffs but cybersecurity workers will be least affected, says the latest (ISC)² report. Also, as soon as things get better, they will likely be the first ones to get (re)hired. Execs…

Read more →

Rezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools. The research revealed numerous high-severity/critical vulnerabilities hidden in hundreds of popular container images, downloaded billions of…

Read more →

Organizations face an average of six breaches in their SaaS supply chain every year, according to new data published by Nudge Security. With threat actors like Lapsus$ exploiting this modern attack surface, securing it has become a top cybersecurity priority…

Read more →

CyberGRX launched a new capability, Portfolio Risk Findings, allowing customers to gain visibility into their organization’s specific control coverages gapped by the riskiest third parties through the lens of any framework or threat profile. With Portfolio Risk Findings, CyberGRX will…

Read more →

Netwrix has released Netwrix Privilege Secure (formerly Netwrix SbPAM), which expands its zero standing privileges (ZSP) approach to databases to ensure privileged accounts exist for only as long as needed. “Netwrix Privilege Secure now eliminates standing privileged accounts across on-premises…

Read more →

Malwarebytes has added Malwarebytes Application Block to its Nebula and OneView endpoint protection platforms. The new threat prevention module helps resource-strained security teams guard against unsafe third-party Windows applications, meet key compliance requirements and encourage productivity without adding management complexity.…

Read more →

Lacework has released composite alerts on the Lacework Polygraph Data Platform, to help customers detect compromised credentials, cloud ransomware, and cryptomining that would otherwise go unnoticed. By combining human intelligence with the automatic correlation of disparate alerts, Lacework generates a…

Read more →

Bitdefender has unveiled Bitdefender Premium Security Plus, a new security suite that provides threat prevention and detection, a fully featured password manager to keep credentials safe, secure virtual private network (VPN) for online privacy, and 24/7 digital identity protection monitoring.…

Read more →

Xcitium has unveiled its endpoint security solution, ZeroDwell Containment, for customers with or without legacy EDR products. Xcitium multi-patented technology closes the gaps in enterprise cybersecurity defenses left by traditional detection methods. According to Tim Bandos, EVP of SOC services…

Read more →

84% of codebases contain at least one known open-source vulnerability, a nearly 4% increase from last year, according to Synopsys. The findings of the report deliver an in-depth look at the current state of open source security, compliance, licensing, and…

Read more →

94% of CISOs report being stressed at work, with 65% admitting work-related stress issues are compromising their ability to protect their organization, according to Cynet. Among the CISOs surveyed, 100% said they needed additional resources to adequately cope with current…

Read more →

Amid uncertain economic conditions, the technology sector has been a hot topic of discussion in recent months due to the mass amounts of layoffs across the industry. In this Help Net Security video, Nick Tausek, Lead Security Automation Architect at…

Read more →

NetSPI has appointed Scott Lundgren and John Spiliotis to its Board of Directors. The two veteran security industry executives will support the company’s next stage of growth following a year of record momentum. “We’re honored to have Scott and John…

Read more →

Sublime has launched open email security platform and raised $9.8 million in funding. The platform has been in private beta testing for more than a year and is already in use at dozens of organizations, including Fortune 500s, Global 2000s,…

Read more →

DarkLight and Resecurity partnership will give DarkLight access to Resecurity’s threat intelligence solution called Context, which identifies indications of cyber intrusions and data breaches for clients. This will give DarkLight the ability to provide comprehensive risk assessments tailored to each…

Read more →

VMware has fixed a critical vulnerability (CVE-2023-20858) in Carbon Black App Control, its enterprise solution for preventing untrusted software from executing on critical systems and endpoints. Even though the flaw has been privately reported to VMware, and there is no…

Read more →

In this Help Net Security video, J.R. Cunningham, CSO at Nuspire, discusses IoT cybersecurity concerns for 2023. With homes becoming increasingly connected and reliant on smart technology, the potential for cybercriminals to exploit vulnerabilities and wreak havoc is higher than…

Read more →

Enterprises looking to modernize their APIs are increasingly switching from the REST architecture to the open-source data query and manipulation language GraphQL. While the transition makes sense – GraphQL is more flexible, scalable, and easier for developers to use –…

Read more →

Cloud adoption among organizations has increased dramatically over the past few years, both in the range of services used and the extent to which they are employed, according to Info-Tech Research Group. However, network builders tend to overlook the vulnerabilities…

Read more →

Researchers identified 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022 – marking a 19% increase year-over-year. Threat actors are actively searching the internet and deep and dark web for 180 vulnerabilities known…

Read more →

Catalogic Software has unveiled a new bundled offering of its native back-up-as-a-service platform CloudCasa and Ondat. This combined CloudCasa and Ondat offering provides customers with a unified solution to run their stateful applications on Kubernetes, without worrying about availability, performance,…

Read more →

Mitigating persistent cyber threats has made network security mission critical for businesses of all sizes. The 2022 U.S. Cybersecurity Census Report found that the average business experiences 42 cyberattacks each year, amplifying the need for a comprehensive solution. Perimeter 81…

Read more →

Horizon3’s Attack Team has released a PoC exploit for CVE-2022-39952, a critical vulnerability affecting FortiNAC, Fortinet’s network access control solution. “Similar to the weaponization of previous archive vulnerability issues that allow arbitrary file write, we use this vulnerability to write…

Read more →

Cryptocurrency exchange Coinbase has fended off a cyberattack that might have been mounted by the same attackers that targeted Twillio, Cloudflare and many other companies last year. Leveraging smishing and vishing, the attackers tried to trick Coinbase employees into sharing…

Read more →

In this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about Protected Computing, the impact of data protection regulations, and privacy in general. Data protection regulations are rapidly developing globally. What…

Read more →

Understanding why ChatGPT is garnering so much attention takes a bit of background. Up until recently, AI models have been quite “dumb”: they could only respond to specific tasks when trained on a large dataset providing context on what to…

Read more →

The rapid evolution of cybercrime is weighing on security teams substantially more than it did last year, leading to widespread burnout and potential regulatory risk, according to Magnet Forensics. “Digital forensics and incident response teams have proven to be indispensable…

Read more →

The ongoing cybersecurity skills shortage is a critical issue plaguing organizations and causing serious problems. The lack of trained and qualified professionals in the field has resulted in numerous security breaches, leading to the loss of large amounts of money.…

Read more →

SANS Security Awareness, a division of the SANS Institute, launched its new short-form technical training modules, “Security Essentials for IT Administrators.” This series provides a comprehensive review of cybersecurity principles, specifically targeting those with a foundational understanding of IT systems…

Read more →

Twitter has announced that starting with March 20, users who don’t pay the Twitter Blue subscription will no longer be able to use the SMS-based two-factor authentication (2FA) option. “While historically a popular form of 2FA, unfortunately we have seen…

Read more →

If an organization relies on automation and tools to highlight API security issues, it is still up to a trained developer to manage API behavior. Since there is no standard for managing APIs, organizations must rely on more than tools…

Read more →

Despite economic volatility and tighter budgets, adoption of software as a service (SaaS) continues to increase. Gartner forecasts a 16.8% growth for SaaS in 2023 as companies – including SMBs – add new SaaS platforms to their IT stack. This…

Read more →

Scientists have taken a key step toward harnessing a form of artificial intelligence known as deep reinforcement learning, or DRL, to protect computer networks. Autonomus cyber defense framework When faced with sophisticated cyberattacks in a rigorous simulation setting, deep reinforcement…

Read more →

Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities (CVE-2022-39952, CVE-2021-42756) affecting its FortiNAC and FortiWeb solutions. Since cyberattackers love to exploit vulnerabilities in Fortinet enterprise solutions and a PoC exploit for…

Read more →

The number of data breaches affecting healthcare providers declined in the second half of 2022, consistent with a downward trend over the past two years, according to Critical Insight. Healthcare industry sees a decrease in data breaches A deeper dive…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Combining identity and security strategies to mitigate risks The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the…

Read more →

Alteryx has unveiled new self-service and enterprise-grade capabilities to its Alteryx Analytics Cloud Platform to help customers make faster and more intelligent decisions. The enhanced platform, which now includes all access for Designer Cloud, offers an approachable easy-to-use drag-and-drop modern…

Read more →

Opsera has released the latest enhancements to its Salesforce DevOps platform that ensures the highest security and compliance standards are met for Salesforce releases through source-driven development and native integrations with security tools. Continuous security with Opsera’s Salesforce DevOps platform…

Read more →

RSA Conference announced its initial lineup of keynote speakers for its upcoming Conference, taking place at the Moscone Center in San Francisco from April 24-27, 2023. Speakers include Lisa Monaco, the Deputy Attorney of the United States, Rumman Chowdhury, a…

Read more →

Dynatrace has formed a strategic technology alliance with Snyk to make software delivery more secure. The alliance will leverage the DevSecOps Lifecycle Coverage with Snyk app, built using the new Dynatrace AppEngine. This app is designed to connect Snyk container…

Read more →

Cisco has released security updates for several of its enterprise security and networking products, fixing (among other things): A critical vulnerability (CVE-2023-20032) in the ClamAV scanning library used by its Secure Endpoint, Secure Endpoint Private Cloud, and Secure Web Appliance,…

Read more →

A joint investigation supported by Europol has led to the dismantling of a Franco-Israeli criminal network involved in large-scale CEO fraud (also known as BEC scams). The operational activities resulted in five action days, which took place between January 2022…

Read more →

ESET has launched its threat intelligence services, designed to extend an organizations’ security intelligence. These new commercially available reports provide deeper insights and actionable guidance from ESET’s renowned global research teams about specific threat vectors and attack sources. Now corporations…

Read more →

Cyber-physical system vulnerabilities disclosed in the second half (2H) of 2022 have declined by 14% since hitting a peak during 2H 2021, while vulnerabilities found by internal research and product security teams have increased by 80% over the same time…

Read more →

In this Help Net Security video, Daniel Dos Santos, Head of Security Research at Forescout, talks about recent research, which has revealed how attackers can move laterally between vulnerable networks and devices found at the controller level of critical infrastructure.…

Read more →

Recently, Entrust named Bhagwat Swaroop as President, Digital Security Solutions. In this role, Bhagwat will lead the evolution, growth, and expansion of the Entrust Digital Security portfolio, which includes solutions for data encryption, public and private certificate authorities, identity and…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from CyberSaint, DigiCert, Finite State, FireMon, and Veeam Software. CyberSaint Executive Dashboard empowers CISOs to take control of cyber risk communication The Executive Dashboard is the…

Read more →

Dynatrace AppEngine platform technology empowers customers and partners with an easy-to-use, low-code approach to create custom, compliant, and intelligent data-driven apps for their IT, development, security, and business teams. These custom apps can address boundless BizDevSecOps use cases and unlock…

Read more →

IGEL has announced IGEL COSMOS, a unified platform to securely manage and automate the delivery of digital workspaces, from any cloud. Offering a modular architecture, granular endpoint control and end-user freedom, COSMOS is designed to enable organizations to garner the…

Read more →

ESET has launched its threat intelligence services, designed to extend an organizations’ security intelligence. These new commercially available reports provide deeper insights and actionable guidance from ESET’s renowned global research teams about specific threat vectors and attack sources. Now corporations…

Read more →

Rhymetec has launched two new service offerings for SaaS companies: PCI Compliance Scanning and Phishing Testing & Training. Both offerings will assist B2B organizations in staying secure and compliant while they continue to grow and innovate. Staying on top of…

Read more →

OneSpan announced the launch of OneSpan Notary, a next-generation, all-in-one, cloud-connected solution that enables organizations to transform the way notaries and customers complete agreements and notarize documents in a secure and trusted environment. OneSpan Notary was co-designed in collaboration with…

Read more →

Perimeter 81 has unveiled a successful integration with ConnectWise. Perimeter 81’s platform, which empowers MSPs to deliver network security solutions to SMB and SME clients, is now integrated with ConnectWise PSA (formerly ConnectWise Manage). The certified integration optimizes efficiency for…

Read more →

Each year at the end of January, internet users are deluged with advice on how to keep their data protected and reclaim their online privacy. What started as Data Privacy Day has now become a Week, to match our increasing…

Read more →

Quantum computing has surged in popularity recently, with its revolutionary computational capabilities transforming the technology sector. While some are skeptical of its real-world potential, others are more visionary about its future. In this Help Net Security video, Vanesa Diaz, CEO…

Read more →

Cloud environments and application connectivity have become a critical part of many organizations’ digital transformation initiatives. In fact, nearly 40% of North American and European-based enterprises adopted industry-specific cloud platforms in 2022. But why are organizations turning to these solutions…

Read more →

Job seekers, students, and career changers around the world want to pursue roles related to science, technology, engineering, and mathematics (STEM) across different industries, but say they are not familiar with career options, according to IBM. At the same time,…

Read more →