Tag: Help Net Security

High-risk users represent approximately 10% of the worker population and are found in every department and function of the organization, according to Elevate Security research. High-risk users represent a sizable threat to the organization Additionally, the study made several unexpected…

Read more →

Open Systems has redefined the managed detection and response (MDR) market with the launch of Ontinue, its new MDR division. Ontinue is the managed extended detection and response (MXDR) provider that leverages AI-driven automation, human expertise and the Microsoft security…

Read more →

Veeam Software has released the Veeam Data Platform, a single platform delivering more advanced data security, recovery and hybrid cloud capabilities. The Veeam Data Platform, which includes Veeam Backup & Replication (VBR) v12, provides secure backup and recovery that keeps…

Read more →

Styra Load advances the capabilities of Open Policy Agent (OPA), and alleviates the effects of data-heavy authorization while reducing infrastructure costs and increasing authorization performance for platform engineering teams. Purpose-built for enterprises managing authorization with large data sets, Styra Load…

Read more →

FireMon unveils FireMon Policy Analyzer, a complimentary firewall assessment tool that provides organizations with a comprehensive diagnostic report outlining the health of a firewall policy, complete with best practices and suggestions to improve their security posture. According to Gartner, 99%…

Read more →

Check Point has introduced Check Point Infinity Spark, a threat prevention solution that delivers AI security and integrated connectivity to small and medium-sized businesses (SMBs). Infinity Spark offers enterprise grade security across networks, email, office, endpoint, and mobile devices. With…

Read more →

GoSecure has released Titan Identity, a solution combining technology with a managed service to provide a cost-effective, deployable solution that enables organizations to improve credential theft response times. Threat actors have many techniques to abuse identity services like Active Directory…

Read more →

Together, LogRhythm and Trend Micro are empowering security teams to confidently navigate a changing threat landscape and quickly secure their environments. The combined solution allows security teams to pull threat data from multiple sources, correlate the data, and automate a…

Read more →

Deepwatch has unveiled a total of $180 million in equity investments and strategic financing from Springcoast Capital Partners, Splunk Ventures and Vista Credit Partners, a subsidiary of Vista Equity Partners and strategic credit and financing partner focused on the enterprise…

Read more →

CompTIA has reported that up to 2,000 people across the country, from communities that are underrepresented in technology, will be trained to work as technical support and help desk professionals as part of its new workforce development program. CompTIA’s new…

Read more →

Quantinuum has unveiled that Rajeeb (Raj) Hazra has been appointed to the role of CEO of Quantinuum, effective immediately. In stepping down, current Quantinuum CEO Ilyas Khan will remain a leader in the company. He remains a member of the…

Read more →

Last week, the Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, announced Jeff Reich as the organization’s new Executive Director. This was…

Read more →

Adam Shostack, the author of “Threat Modeling: Designing for Security”, and the co-author of “The New School of Information Security”, recently launched his new book – “Threats: What Every Engineer Should Learn From Star Wars”. In this Help Net Security…

Read more →

Another year of high-profile cyberattacks, another year of beating the cybersecurity drums. Clearly, we’re missing a few notes. Attack surface management (ASM) is a make or break for organizations, but before we get to the usual list of best practices,…

Read more →

SynSaber has launched OT PCAP Analyzer tool that allows users to view a high-level breakdown of the device and protocol information contained within a packet capture (PCAP) file. SynSaber’s OT PCAP Analyzer provides visibility into a snapshot of your network…

Read more →

Akamai Technologies has launched Akamai Connected Cloud, a massively distributed edge and cloud platform for cloud computing, security, and content delivery that keeps applications and experiences closer and threats farther away. Akamai also announced new strategic cloud computing services for…

Read more →

ThreatBlockr introduced major updates and features to its platform. The release improves flexibility, control, and visibility, with key updates including list consolidation, simplified policy configuration, easier protection of networks and ports, improvements to management systems and simplified access controls. These…

Read more →

CyberSaint’s Executive Dashboard allows CISOs to present their cyber risk posture to the rest of the C-suite and Board of Directors in a credible, financially quantifiable manner that enables informed decision-making. The Executive Dashboard is just the latest in a…

Read more →

Finite State has released its Next Generation Platform featuring extended SBOM management with the ability to ingest and aggregate 120+ external data sources. The new platform gives Application and Product Security teams a unified and prioritized risk view with unprecedented…

Read more →

There is a definite trend of MSPs shifting into security. There are a number of very good reasons for this, including the fact that other services traditionally offered are becoming commoditized, as well as the increasing threat that SMEs and…

Read more →

Resecurity has partnered with CSG (Centre Systems Group) to accelerate channel sales growth in UAE and enable CSG to offer a Cyber Threat Intelligence (CTI), Dark Web Monitoring (DWM), Digital Risk Management (DRM), Fraud Prevention (FP) and Identity Protection (IDP)…

Read more →

Ping Identity has formed a new strategic alliance with Deloitte to help the organizations’ shared clients improve advanced Identity Access Management (IAM) Solutions selection and onboarding. Through the alliance, Ping and Deloitte’s shared clients will be able to streamline digital…

Read more →

Elastic has appointed Mathew Donoghue as Chief Marketing Officer (CMO) effective February 13, 2023 to drive scalable growth across the company’s $88 billion total addressable market (TAM) by leveraging innovative solutions and a customer-first approach. As the leader of the…

Read more →

DirectDefense has unveiled that Christopher Walcutt has been promoted to Chief Security Officer (CSO), effective immediately. Walcutt will ensure consistent and high-quality information security management throughout the organization. Additionally, he will partner with internal teams across all levels, including the…

Read more →

Zscaler acquires Canonic Security to prevent organizations’ growing risks of SaaS supply chain attacks. With the massive migration to the cloud, as organizations are adopting hundreds of SaaS platforms, their users are connecting thousands of third-party applications and browser extensions…

Read more →

The February 2023 Patch Tuesday is upon us, with Microsoft releasing patches for 75 CVE-numbered vulnerabilities, including three actively exploited zero-day flaws (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823). The three zero-days (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823) CVE-2023-21715 a vulnerability that allows attackers to bypass a…

Read more →

Canonical released real-time Ubuntu 22.04 LTS, providing a deterministic response to an external event, aiming to minimise the response time guarantee within a specified deadline. The new enterprise-grade real-time kernel is ideal for stringent low-latency requirements. Enterprises in industrial, telecommunications,…

Read more →

Apple has released security updates that fix a WebKit zero-day vulnerability (CVE-2023-23529) that “may have been actively exploited.” The bug has been fixed in iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3.1, and possibly also in tvOS 16.3.2…

Read more →

“Swiss Army knife” malware – multi-purpose malware that can perform malicious actions across the cyber-kill chain and evade detection by security controls – is on the rise, according to the results of Picus Security’s analysis of over 550,000 real-world malware…

Read more →

Expel managed detection and response (MDR) for Kubernetes enables customers to secure their business across their Kubernetes environment and adopt new technologies at scale without being hindered by security concerns. “Organizations are adopting Kubernetes as a way to help their…

Read more →

Despite the widespread belief that understanding the cyber threat actors who could be targeting their organization is important, 79% of respondents stated that their organizations make the majority of cybersecurity decisions without insights into the threat actor targeting them. While…

Read more →

The number of DDoS attacks we see around the globe is on the rise, and that trend is likely to continue throughout 2023, according to Corero. We expect to see attackers deploy a higher rate of request-based or packets-per-second attacks.…

Read more →

The dire shortage of information security experts has left organizations struggling to keep up with the growing demand for their skills. Still, getting a job in cybersecurity tends to take time and effort. In this Help Net Security interview, Joseph…

Read more →

Recently, I was asked to imagine that I had been granted an hour with top officials at the Cybersecurity and Infrastructure Security Agency (CISA) – what advice would I offer to help it have an even bigger impact in 2023…

Read more →

Three vulnerabilities found in a variety of Korenix JetWave industrial access points and LTE cellular gateways may allow attackers to either disrupt their operation or to use them as a foothold for further attacks, CyberDanube researchers have found. “If such…

Read more →

A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal information or sharing their crypto wallet’s secret recovery phrase. Attention @Namecheap users: be wary of…

Read more →

Let’s face it, security teams are only as good as the next problem they face. But why is keeping up so difficult? New/evolving requirements, lengthy/confusing acronyms, and countless moving parts plague compliance regulations. In this Help Net Security video, Gianna…

Read more →

The concept of zero trust – as a way to improve the security of and access to an organization’s network, systems, and data – has gained traction in recent years. The basic premise is that no user or device should…

Read more →

Cybercriminals remained active in spying and information stealing, with lottery-themed adware campaigns used as a tactic to obtain people’s contact details, according to Avast. Threats using social engineering to steal money, such as refund and invoice fraud and tech support…

Read more →

Recently, at Cybertech Tel Aviv 2023, I met with Luigi Lenguito, CEO at Bfore.AI, who introduced me to their technology. In this Help Net Security interview, Lenguito talks about threat prevention challenges and how his company can predict cyber attacks…

Read more →

Integreon has unveiled the development of CyberHawk-AI, an advanced automated technology that utilizes artificial intelligence (AI) to streamline the process of extracting and analyzing sensitive data following cyber breaches. This technology will be integrated into their cyber response workflow to…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: While governments pass privacy laws, companies struggle to change In this Help Net Security interview, Bill Tolson, VP of Compliance and eDiscovery at Archive360, discusses…

Read more →

CyberData Pros has partnered with Ketch to provide data security and compliance services for clients worldwide. CyberData Pros specializes in data security, compliance, consulting, and due diligence, allowing their analysts to provide solution-oriented awareness and implementation routes to help with…

Read more →

US and South Korean agencies have issued a joint cybersecurity advisory describing the tactics, techniques and procedures used by North Korean hackers to deploy “state-sponsored” ransomware on hospitals and other organizations that can be considered part of the countries’ critical…

Read more →

Patch Tuesday falls on Valentine’s Day this year but will it be a special date? While there have been ongoing cyber-attacks of all kinds, it has been relatively quiet on the release of new patches from Microsoft. Expect that trend…

Read more →

Popular social news website and forum Reddit has been breached (again) and the attacker “gained access to some internal docs, code, as well as some internal dashboards and business systems,” but apparently not to primary production systems and user data.…

Read more →

75% of the organizations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average potential costs of more than $1 million for their most expensive attack, according to a new…

Read more →

Are ageing technologies and infrastructure threatening the security and productivity of your business? A recent investigation by the National Audit Office (NAO – UK’s independent public spending watchdog) revealed that the Department for Environment, Food and Rural Affairs is relying…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Cequence Security, Deepwatch, Neustar Security Services, OPSWAT, and SecuriThings. OPSWAT MetaDefender Kiosk K2100 secures critical networks in challenging environments The OPSWAT MetaDefender Kiosk K2100 is…

Read more →

SecuriThings announced a new Managed Service Platform for the physical security space that enables managed service providers to manage, visualize and maintain customer environments from a single pane of glass. Organizations across the globe invest extensively in buying and installing…

Read more →

Strike Graph has integrated a new solution which allows customers to go through security audits powered by technology at a fraction of the cost and time. This new streamlined offering was made available in 2022 and resulted in over 80%…

Read more →

Acalvio launched Identity Threat Detection and Response (ITDR) solution that offers identity attack surface area visibility and management, and Active Defense against identity threats. By incorporating Active Defense, Acalvio’s ITDR solution changes the environment to not only catch and counter…

Read more →

SentryBay adds to its family of Armored Client products with a solution specifically designed to address the client-side security gaps of Microsoft Azure Virtual Desktop and Windows 365 – while harnessing the strengths of Intune. Users of endpoint devices that…

Read more →

N-able launched N-able Managed Endpoint Detection and Response (Managed EDR), a threat monitoring, hunting, and response service designed for MSPs that have standardized on N-able Endpoint Detection and Response (EDR). Managed EDR supplements EDR with dedicated managed security services. Powered…

Read more →

IT and security teams are consolidating management and security functions to help better deliver new applications to end users, improve regulatory compliance, and reduce cyberattacks resulting from poor coordination between endpoint security and management teams, according to Syxsense. Endpoint security…

Read more →

Socure has joined the FIDO (Fast IDentity Online) Alliance to advance identity verification standards that make it easy to verify identity online and protect against identity fraud across industries. Socure’s mission is to verify 100% of good identities in real-time…

Read more →

Adaptive Shield has partnered with Datadog to provide joint customers with the ability to stream and visualize SaaS security alerts from Adaptive Shield. For all SaaS apps, users, and associated devices, the Adaptive Shield platform continuously monitors and immediately identifies…

Read more →

With Veza and GitHub integration, Veza customers who use GitHub can now keep company IP out of the hands of threat actors by managing access permissions to the organization’s codebase. Identity-related attacks continue to be the top culprit behind data…

Read more →

ASCON is the name of the group of lightweight authenticated encryption and hashing algorithms that the U.S. National Institute of Standards and Technology (NIST) has chosen to secure the data generated by Internet of Things (IoT) devices: implanted medical devices,…

Read more →

As a new year commences, it’s not unusual for people to take the opportunity to adopt better practices and principles and embrace new ways of thinking in both their personal and professional lives. Software development teams always strive to master…

Read more →

Between July–December 2022, the median open rate for text-based business email compromise (BEC) attacks was nearly 28%, according to Abnormal Security. Business email and supply chain compromise as attack strategies Additionally, of the malicious emails that were read, an average…

Read more →

Russia’s invasion of Ukraine continues to have a major impact on energy prices, inflation, and cyberthreats, with the ransomware scene experiencing some of the biggest shifts, according to ESET. “The ongoing war in Ukraine has created a divide among ransomware…

Read more →

The popular notion might view the rail industry as a laggard compared to auto or high-tech manufacturing when embracing Industry 4.0. Yet railways are increasingly dependent on sophisticated connected systems to enhance efficiency and customer satisfaction. Rail industry needs to…

Read more →

TikTok and Lensa AI have sparked worldwide conversations on the future of social media and consumer data privacy. In this Help Net Security video, Rick McElroy, Principal Security Strategist at VMware, offers a perspective on these trends, including tips on…

Read more →

Skybox Security appoints Mordecai Rosen as Chief Executive Officer and closes $50 million in financing from CVC Growth Funds, Pantheon, and J.P. Morgan. Mr. Rosen is a seasoned security technology executive with over 25 years of experience and will focus…

Read more →

Opscura has received $9.4M in Series A funding as it scales to engage further U.S. partners and customers seeking to protect and connect their critical operations. Founded in Spain as Enigmedia, the new global entity Opscura is also launching a…

Read more →

Appdome has released the first Appdome Orb for CircleCI as part of the Appdome Dev2Cyber Agility Partner Initiative to accelerate delivery of secure mobile apps globally. The new Appdome Build_2Secure Orb for CircleCI integrates directly into the CircleCI CI/CD platform,…

Read more →

Riskonnect has enhanced its Business Continuity and Resilience solution through a partnership with OnSolve. Riskonnect will utilize OnSolve’s Risk Intelligence to offer a new Threat Intelligence module to provide resilience leaders the ability to monitor global threats in real time…

Read more →

SonarSource has launched SonarQube 9.9 Long-Term Support (LTS) that empowers organizations to achieve the Clean Code state securely and at scale. With accelerated pull request analysis, support for building and deploying secure cloud-native applications, enterprise-grade capabilities, and many innovations related…

Read more →

Shufti Pro has launched its risk assessment and eIDV services to help global businesses fight identity fraud and financial crimes, and meet the ever-evolving KYC/AML regulatory landscape. Risk assessment solution Purposely built tool to help businesses identify risks associated with…

Read more →

Deepwatch announced new service offerings and advances to the Deepwatch SecOps Platform to speed the detection and containment of threats across the enterprise. The launch of Deepwatch MXDR for Identity provides extended detection and response to evolving identity-based threats; Deepwatch…

Read more →

Logpoint has released a ChatGPT integration for Logpoint SOAR in a lab setting. It allows the users to experiment with the potential of the AI-driven chatbot and discover how the technology could apply in cybersecurity operations. “We’re excited to enable…

Read more →

According to the latest data, the number of ESXiArgs ransomware victims has surpassed 3,800, and CISA has published a recovery script for victim organizations. Fixing the mess The attacks started late last week and are still ongoing. Investigations point to…

Read more →

As 2023 goals become solidified, companies need to decide how they are prioritizing cybersecurity. It’s time to focus on what organizations can prioritize. In this Help Net Security video, Kevin Garrett, Senior Solutions Engineer at Censys, recommends three critical elements…

Read more →

Cisco customers can now access new risk-based capabilities across Cisco’s security portfolio to better protect hybrid work and multi-cloud environments. These advancements demonstrate progress towards realizing the full vision of the Cisco Security Cloud which will protect the integrity of…

Read more →

Everbridge has introduced a new AI-powered situational awareness tool enabling incident commanders and resolvers to gain deep visibility into IT service disruptions. Available as part of Everbridge’s Digital Operations solutions bundle, DigitalOps Insights powered by xMatters provides Operations/IT​, NOC/SOC​, Service…

Read more →

Neustar Security Services is launching UltraPlatform, a solution that leverages three Neustar Security Services’ offerings critical to protecting organizations’ online assets and infrastructure: an authoritative domain name system (DNS) service, protection against distributed denial-of-service (DDoS) attacks and a web application…

Read more →

Digital identities are rapidly becoming more widely used as organizations’ and governments’ digital transformation projects mature and users demand more remote accessibility for everything, from creating a bank account to applying for government services, according to iProov. To support this…

Read more →

If there’s one thing people will remember about AI advances in 2022, it’ll be the advent of sophisticated generative models: DALL.E 2, Stable Diffusion, Midjourney, ChatGPT. They all made headlines – and they will change the way we work and…

Read more →

Too many online store administrators are storing private backups in public folders and exposing database passwords, secret API keys, administrator URLs and customer data to attackers who know where to look. “Exposed secrets have been used to gain control of…

Read more →

Flawed encryption logic used in Cl0p (Clop) ransomware’s Linux (ELF) variant has allowed SentinelOne researchers to create and release a free decryptor. “The [Cl0p] Windows variant encrypts the generated RC4 key responsible for the file encryption using the asymmetric algorithm…

Read more →

Starting in April 2023, Amazon S3 will change the default security configuration for all new S3 buckets. For new buckets created after this date, S3 Block Public Access will be enabled, and S3 access control lists (ACLs) will be disabled.…

Read more →

Fortinet has released FortiSP5, the latest breakthrough in ASIC technology from Fortinet to propel major leaps forward in securing distributed network edges. Building on over 20 years of ASIC investment and innovation from Fortinet, FortiSP5 delivers secure computing power advantages…

Read more →

OPSWAT unveiled MetaDefender Kiosk K2100, a new, ultra-rugged mobile kiosk designed to keep critical networks secure in even the harshest conditions. “OPSWAT has a deep understanding of the challenges OT security teams face,” said Sid Snitkin, VP, Cybersecurity Services at…

Read more →

Cequence Security has enhanced the testing capabilities within its Unified API Protection Platform with the availability of API Security Testing. This API Security Testing framework encourages shift-left efforts by giving security and development teams the tools to quickly uncover and…

Read more →

51% of IT professionals predict that we are less than a year away from a successful cyberattack being credited to ChatGPT, and 71% believe that foreign states are likely to already be using the technology for malicious purposes against other…

Read more →

All businesses seek profitable growth. The issue is that growth adds complexity. Organizations need new systems and more employees to support this larger footprint, thus expanding the number of potential points of failure. This means more financial and reputation risks…

Read more →

Tensions between two of the biggest producers of connected (IoT) devices are coming to a head, and will be changing the IoT landscape in 2023. In recent months, India and China have faced off over their disputed border in the…

Read more →

In this Help Net Security video, Christopher Hodson, CSO at Cyberhaven, talks about how CISOs have been investing in inflating their tech stack, but for what? No amount of acronyms will do any good if stuff is leaking from within.…

Read more →

Nozomi Networks and Industrial Defender have unveiled a strategic partnership to enhance the security of critical infrastructure and manufacturing facilities. The companies’ joint solution combines asset visibility and threat detection capabilities from Nozomi Networks with change and configuration monitoring from…

Read more →

U2opia licensed two technologies from the Department of Energy’s Oak Ridge National Laboratory that offer a new method for advanced cybersecurity monitoring in real time. “Identifying and quickly responding to attempted cybersecurity attacks is an urgent need across government and…

Read more →

Late last week, unknown attackers launched a widespread ransomware attack hitting VMware ESXi hypervisors via CVE-2021-21974, an easily exploitable vulnerability that allows them to run exploit code remotely, without prior authentication. Patches for CVE-2021-21974, a vulnerability in ESXi’s OpenSLP service,…

Read more →

Government agencies keep making new privacy rules while end users fall victim to malpractice and scams. Bill Tolson, VP of Compliance and eDiscovery at Archive360, has spent many years consulting with regulators and advising businesses on concrete steps to enhance…

Read more →

Everyone wants extraordinary online experiences without sacrificing the security of their personal information. Yet according to Ping Identity’s 2022 Consumer Survey, 77% of people feel they will never be in full control of their privacy online and still blindly accept…

Read more →

Although ransomware campaigns declined quarter over quarter in 2022, primarily due to the collapse of more experienced cybercriminal groups, IT leaders still consider them to be the most worrying cyber threats. “Aside from ransomware and the hybrid work model, in…

Read more →

Splashtop launched Splashtop Antivirus powered by Bitdefender, enabling MSPs and IT teams to protect their endpoints against threats with the benefit of a centralized management experience. The latest offering elevates Splashtop’s commitment to protecting users on multiple fronts, from securing…

Read more →

Resecurity has identified a new version of Nevada Ransomware which recently emerged on the Dark Web right before the start of 2023. The actors behind this new project have an affiliate platform first introduced on the RAMP underground community, which…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Mounting cybersecurity pressure is creating headaches in railway boardrooms In this Help Net Security interview, Dimitri van Zantvliet is the Cybersecurity Director/CISO of Dutch Railways,…

Read more →

Gigamon announced that Chaim Mazal has been named Chief Security Officer (CSO), joining the Gigamon executive leadership team and will report directly to President and CEO Shane Buckley. Mr. Mazal will be responsible for global security, information technology, network operations,…

Read more →

ExtraHop partners with Binary Defense to offer Reveal(x) 360, ExtraHop’s SaaS-based network detection and response (NDR) solution, as a managed service. As threats rapidly evolve, cybersecurity teams are finding themselves more strapped for resources than ever before, with shrinking budgets…

Read more →