Tag: Help Net Security

MITRE released the Cyber Resiliency Engineering Framework (CREF) Navigator — a free, visualization tool that allows organizations to customize their cyber resiliency goals, objectives, techniques, as aligned with NIST SP 800-160, Volume 2 (Rev. 1), National Institute of Standards and…

Read more →

Deepwatch and Trace3 announced Trace3 Managed Detection and Response (MDR) Services powered by Deepwatch. Together, Deepwatch and Trace3 will deliver end-to-end solutions that enable clients to keep pace with the dynamic cyber threat landscape and deliver exceptional service and security…

Read more →

Drata has launched Audit Hub, a new tool to amplify customer-auditor collaboration and real-time audit correspondence. Integrating feedback directly from its Auditor Alliance, Drata designed Audit Hub to centralize key communication and audit needs in its own platform to further…

Read more →

Australian software maker Atlassian has released patches for CVE-2023-22501, a critical authentication vulnerability in Jira Service Management Server and Data Center, and is urging users to upgrade quickly. “Installing a fixed version of Jira Service Management is the recommended way…

Read more →

How far is too far for a hacker? Earlier this year the Lockbit ransomware-as-a-service organization apologized and provided a free decryptor following a ransomware attack on a children’s hospital in Toronto—blaming a “rogue affiliate” for going against the rules and…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Arkose Labs, Hornetsecurity, HYCU, KELA, and Trulioo. Hornetsecurity unveils two tools to counter rise in phishing attacks and malicious links Hornetsecurity launched two new tools…

Read more →

83% of organizations experienced more than one data breach in 2022. However, 97% of respondents feel confident that they are well-equipped with the tools and processes needed to prevent and identify intrusions or breaches, according to Exabeam. “The findings indicate…

Read more →

Enterprises have a limited number of analysts running their security operations centers (SOCs) and are deploying multiple tools in an attempt to address their cloud security challenges, according to ManageEngine. According to Gartner, 85% of organizations will embrace cloud-first strategies…

Read more →

Pixalate has released new iCloud Private Relay (iCPR) IVT detection features in the Pixalate Analytics dashboard to help clients measure their exposure to iCPR traffic. Pixalate found 21% of US mobile and desktop Safari traffic in Q4 2022 was associated…

Read more →

Keepit has launched its backup and recovery solution for Power BI. With the release of Keepit for Power BI, Keepit is extending its data protection service for Microsoft’s cloud solutions. Power BI is the first of the Microsoft Power Platform…

Read more →

HYCU unveiled R-Cloud to allow Software as a Service (SaaS) companies and Independent Software Vendors (ISVs) to provide, in days, backup and recovery services for their SaaS offerings. R-Cloud is a low-code, purpose-built data protection development platform specifically designed to…

Read more →

Netwrix has released new multi-tenant, software-as-a-service (SaaS) auditing solution Netwrix 1Secure designed to meet the needs of MSPs. Its cloud architecture helps MSPs ensure the security and compliance of their clients’ systems and data from a single console. Netwrix 1Secure…

Read more →

Wasabi Technologies has introduced Wasabi Surveillance Cloud, a solution that enables organizations to offload video surveillance footage from their local storage environment directly to the cloud without ever running out of capacity. This ‘bottomless’ approach to video storage is vital…

Read more →

Gem Security has emerged from stealth, launching its Cloud TDIR (Threat Detection, Investigation and Response) platform and announcing $11 million in seed funding led by Team8. The adoption of cloud infrastructure is increasing and diversifying the attack surface for organizations.…

Read more →

Radiant Logic and Brainwave GRC address a broad set of identity use cases, and the acquisition accelerates the companies’ shared vision of an Identity Data Fabric that uses the science of data to ensure the right information is in place…

Read more →

NTT has added Palo Alto Networks Prisma SASE to its Managed Campus Networks portfolio. The new offering is a managed Secure Access Service Edge (SASE) solution that includes SD-WAN, cloud-delivered security, and enhanced automation and reporting. The end-to-end solution is…

Read more →

Tanium has appointed Dan Streetman to the role of CEO. Orion Hindawi, who is the co-founder and current CEO of Tanium, will assume the role of executive chairman. In this new role, Orion will continue to drive the strategic vision…

Read more →

Help Net Security is attending the Cybertech Tel Aviv 2023 conference and exhibition, which gathers cybersecurity experts, businesses and startups from around the world. Here are a few photos from the event, featured vendors include: DarkOwl, ThriveDX, Minerva Labs, Astrix…

Read more →

When it comes to attacks against application programming interfaces (APIs), the building blocks that provide access to many of our applications, the OWASP API Top Ten is seen as definitive – and rightly so. Compiled in 2019 based on a…

Read more →

98 percent of organizations have vendor relationships with at least one third-party that has experienced a breach in the last two years, according to SecurityScorecard and The Cyentia Institute. The study also found that 50 percent of organizations have indirect…

Read more →

71% of business executives worry about accidental internal staff error as one of the top threats facing their companies, almost on par with concern about outside attackers (75%), according to EisnerAmper. An additional 23% said they worry about malicious intent…

Read more →

Companies are challenged with more complex hybrid IT environments. They are raising budgets to fend off cyberattacks and keep up as production environments continue to diversify across various clouds, according to Veeam Software. While organizations of all sizes now embrace…

Read more →

InterVision has launched new offerings: Managed Cloud Services (MCS) for AWS and Azure cloud environments and Penetration Testing as a Service (PTaaS) powered by RedSpy365. Both services offer enhanced and expanded cybersecurity designed to address current business and resilience concerns.…

Read more →

Hornetsecurity launched two new tools – the QR Code Analyzer and Secure Links – to combat growing cyber threats. These launches come in response to a rise in fake QR codes and the ongoing threat of phishing, which represents 40%…

Read more →

Neustar Security Services has introduced UltraDDR (DNS Detection and Response), a recursive DNS-based protection service aimed at combatting network breaches, ransomware attacks, phishing and supply chain compromise, while enforcing enterprise acceptable use policies for its users. UltraDDR provides a Protective…

Read more →

Certa’s workflow automation services, combined with Sayari’s integrated business intelligence and ownership data, enable a solution for enterprise businesses to onboard, assess risk, and monitor third parties through the duration of their lifecycle. Certa’s no-code capabilities allow users to dynamically…

Read more →

Zscaler has unveiled Zscaler Resilience, incorporating a new set of capabilities that extend the resilience of Zscaler’s architecture and operations and maintain interconnections between users and devices to critical cloud-based applications. Building upon 15 years of SaaS security, these SSE…

Read more →

Sentra has completed a $30 million Series A funding round led by Standard Investments with participation from Munich Re Ventures (MRV), Moore Strategic Ventures, Xerox Ventures and INT3 as well as existing investors Bessemer Venture Partners and Zeev Ventures. The…

Read more →

Dremio and Privacera have unveiled their latest integration, expanding advanced data governance and security capabilities for customers building modern data applications on top of data lakehouses. As data lakehouses are gaining more popularity, it is increasingly important to manage and…

Read more →

SAP and Red Hat have expanded partnership to increase SAP’s use of and support for Red Hat Enterprise Linux. This collaboration aims to enhance intelligent business operations, support cloud transformation across industries and drive holistic IT innovation. Building on the…

Read more →

As CEO of RedSeal, Gregory Enriquez will lead RedSeal into its next phase of growth with on-premises and cloud network security for government agencies and enterprise companies. RedSeal’s technology gives security and management teams the most holistic understanding of their…

Read more →

Dragos has appointed Kurt Gaudette as VP of Global Threat Intelligence to lead the company’s team of adversary hunters, threat analysts, research engineers and analytic developers. After transitioning from the military, Gaudette served as part of the U.S. Department of…

Read more →

Cisco has released patches for a high-severity vulnerability (CVE-2023-20076) found in some of its industrial routers, gateways and enterprise wireless access points, which may allow attackers to insert malicious code that can’t be deleted by simply rebooting the device or…

Read more →

Help Net Security is in Israel this week for Cybertech Tel Aviv 2023, talking to the key players from the cybersecurity industry and businesses from a wide range of sectors, who gathered to exchange knowledge, to network, and learn about…

Read more →

Cybertech Tel Aviv 2023 is under way at the Tel Aviv Expo. The conference and exhibition gathers cybersecurity experts, businesses and startups from around the world, and Help Net Security is there to take it all in. Here are a…

Read more →

Anti-money laundering (AML) policies are getting stronger as countries crack down on any opportunity criminals might have to take advantage of services and resources to further their activity. The US has the Bank Secrecy Act, the Patriot Act, and Anti-Money…

Read more →

Involta has introduced Disaster Recovery as a Service (DRaaS+), a new, three-tiered model designed to deliver the right service level for securing essential business systems and data. DRaaS+ allows Involta clients to choose their experience from a low-touch, infrastructure delivery-only…

Read more →

77% of CIOs say their role has been elevated due to the state of the economy and they expect this visibility within the organization to continue, according to Foundry. “The CIO role is constantly evolving, and economic conditions have put…

Read more →

IT departments continue to face immense pressure to get vulnerability and patch management right as threat actors use new and old methods to exploit network endpoints. But are we ready for what’s next? As vulnerabilities continue to increase, what strategies…

Read more →

ThreatSpike Red helps organisations of all sizes to close the cybersecurity gap by providing continuous unlimited testing and scanning of applications and websites to identify vulnerabilities. The new managed service is giving customers full visibility over cost, and makes advanced…

Read more →

OTAVA launched Security as a Service (SECaaS) for businesses that need external resources or added expertise to maintain a comprehensive cybersecurity practice. OTAVA’s purpose-built Security as a Service solutions cut through the noise of automated alerting and protect against all…

Read more →

Trulioo continues to evolve its identity verification capabilities by combining a full suite of global person and business verification solutions with no-code workflow building, low-code integrations and more, all in one platform. With one contract Trulioo customers can access personally…

Read more →

GroupSense’s VIP Monitoring service assesses and monitors high-profile individuals, executive identities, and their extended personal networks to detect exposure and threats, helping to prevent identity theft, fraud, ransomware and other cyber-attacks. Most enterprises use DRPS to protect their brand; however,…

Read more →

Rising threats to vehicles and industrial operational technology (OT) have led a growing number of enterprises worldwide to invest in advanced technologies and services to better secure their assets, according to an ISG research report. The report finds that cybersecurity…

Read more →

BOXX Insurance has unveiled a US$14.4 million Series B funding round, bringing the total amount raised from investors to US$24.5 million in the last 16 months. The latest investment was led by Zurich Insurance Company (Zurich). BOXX also unveiled that…

Read more →

Red Hat and Oracle have unveiled a multi-stage alliance to offer customers a greater choice of operating systems to run on Oracle Cloud Infrastructure (OCI). The strategic collaboration starts with Red Hat Enterprise Linux running on OCI as a supported…

Read more →

Malicious third-party OAuth apps with an evident “Publisher identity verified” badge have been used by unknown attackers to target organizations in the UK and Ireland, Microsoft has shared. The attacks were first spotted by Proofpoint researchers in early December 2022,…

Read more →

QNAP Systems has fixed a critical vulnerability (CVE-2022-27596) affecting QNAP network-attached storage (NAS) devices, which could be exploited by remote attackers to inject malicious code into a vulnerable system. Luckily for QNAP NAS owners, there’s no mention of it being…

Read more →

49% of organizations have sufficient budget to fully meet their current cybersecurity needs, and 11% can, at best, protect only their most critical assets, according to a survey by the Neustar International Security Council. Despite the rapidly changing threat landscape,…

Read more →

In this Help Net Security video, Kurtis Minder, CEO of GroupSense, discusses President Biden’s National Cybersecurity Strategy, designed to take the nation’s cybersecurity posture to the next level. While the strategy promises to make it much easier for government agencies…

Read more →

New solution brings together full stack of CA-agnostic certificate lifecycle management, PKI services and tightly integrated public trust issuance. We rarely consciously think about the fact that, in this Information Age, many aspects of our private and work lives are…

Read more →

Utility infrastructure is in dire need of modernization. In many parts of the world, the infrastructure delivering power and water to consumers is not ready to withstand natural disasters and rising energy demands. Integrating real-time data analytics into the decision-making…

Read more →

ShardSecure has forged a strategic technology alliance with Entrust to provide cloud data protection to a growing market of enterprise companies and medium-sized businesses. The ShardSecure-Entrust partnership, part of the Entrust Ready Technology Partner Program, ensures that data in cloud…

Read more →

A Zero Trust Networking Access (ZTNA) security posture is quickly becoming an industry standard worldwide. More than 85% of organizations across the globe have allocated a moderate or, in some cases, a significant year-over-year increase in budget for Zero Trust…

Read more →

KELA launched a new and consolidated cyber intelligence platform, consisting of a new intuitive user interface and four complementary modules: Threat Landscape, Monitor, Hunt, and Tactical Intelligence. The platform provides real, actionable intelligence to support various security teams across an…

Read more →

The expansion of potential cyber threats has increased due to the integration of connected devices, the Internet of Things (IoT), and the convergence of IT and OT in railway operations. In this Help Net Security interview, Dimitri van Zantvliet is…

Read more →

ESET researchers have discovered yet another wiper malware used to target Ukrainian organizations. Dubbed SwiftSlicer, it is thought to be wielded by the Sandworm APT. Simultaneously, the Ukranian CERT has confirmed that the attackers who recently aimed to disrupting the…

Read more →

Critical vulnerabilities discovered in OpenEMR can be chained to gain code execution on a server running a vulnerable version of the popular open-source electronic health record system. Discovered, privately reported and now publicly documented by researcher Dennis Brinkrolf, the vulnerabilities…

Read more →

Arkose Labs has launched a new SMS Toll Fraud online ROI calculator that enables CISOs to estimate the cost savings associated with stopping SMS Toll Fraud, a serious operational and financial threat to enterprises. SMS Toll Fraud, also known as…

Read more →

Insider threats are a top concern at organizations of all kinds; only 3% of respondents surveyed are not concerned with insider risk, according to Gurucul. With responses from more than 325 cybersecurity professionals, the report explores the latest trends and…

Read more →

SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, talks about the key findings: For the CVEs reported in the second half of 2022, 35%…

Read more →

The expansion of potential cyber threats has increased due to the integration of connected devices, the Internet of Things (IoT), and the convergence of IT and OT in railway operations. In this Help Net Security interview, Dimitri van Zantvliet is…

Read more →

It is the immediate natural reaction of most organizations to cut costs during an economic downturn. But the economy will return and cutting back too far can be damaging in the long term. Complex situations such as a global recession…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: BSidesZG 2023: Strengthening the infosec community in Croatia’s capital In March 2023, Zagreb will be added to the (already long) list of cities where information…

Read more →

Mirantis has acquired Shipa to add automated application discovery, operations, security, and observability to the Lens Kubernetes Platform. Lens helps eliminate Kubernetes complexity – accelerating mainstream developer adoption – and empowers users to easily manage, develop, debug, monitor, and troubleshoot…

Read more →

OneSpan has agreed to acquire ProvenDB to provide a trust model for high assurance contracts and documents. ProvenDB will extend the capabilities of OneSpan’s Transaction Cloud Platform to both public and private blockchains and serve as a modern technological foundation…

Read more →

Ransomware has lately been the primary method of monetization for threat actors. Still, research has revealed a slight decrease in ransomware attacks and ransomware payments this past year, suggesting cybercriminals are evolving their strategies. Threat actors have been leveraging more…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Perimeter 81, SpyCloud, ThreatConnect, Venafi, and Wallarm. SpyCloud Compass identifies infected devices accessing critical workforce apps SpyCloud Compass enables organizations to reduce their risk of…

Read more →

Enterprises are going all-in on cloud storage, with average stored capacity in the public cloud expected to reach 43% of their total storage footprint by 2024, and the vast majority (84%) are increasing their budgets to make that a reality,…

Read more →

80% of organizations increased their use of open source software over the last 12 months, according to Perforce Software and the Open Source Initiative. Four out of five companies rely on OSS for a wide range of business-critical applications including…

Read more →

Ermetic has extended its Cloud Native Application Protection Platform (CNAPP) with cloud workload protection capabilities that enable customers to detect, prevent and remediate security risks in virtual machines, containers and serverless functions. Using context that spans infrastructure configurations, network, access…

Read more →

Cloud Range has introduced Cloud Range for Critical Infrastructure—the live-fire simulation training specifically designed to proactively train and prepare incident responders (IR) and security operations (SOC) teams in operational technology (OT) and information technology (IT) environments to defend against cyber…

Read more →

Prove Identity appointed Amanda Fennell as the company’s Chief Information Security Officer (CISO) and Chief Information Officer (CIO). Fennell, who most recently served as the CISO & CIO at Relativity, brings over twenty years of security industry experience to the…

Read more →

Iron Bow Technologies acquired GuardSight, a cybersecurity operations as a service (SECOPS), and managed detection and response (MDR) company that serves businesses and organizations across the U.S. The acquisition of GuardSight will enhance Iron Bow’s existing cybersecurity solutions portfolio, combining…

Read more →

Europol supported the German, Dutch and US authorities in taking down the infrastructure of the prolific HIVE ransomware. This international operation involved authorities from 13 countries in total. Law enforcement identified the decryption keys and shared them with many victims,…

Read more →

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available. Ubuntu Pro helps teams get timely CVE patches, harden their systems at scale and remain compliant with regimes such as FedRAMP, HIPAA and PCI-DSS. The…

Read more →

Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. “An attacker could manipulate an existing public x.509 certificate to spoof their identity and perform actions such as authentication or…

Read more →

Tricking users at targeted organizations into installing legitimate remote monitoring and management (RMM) software has become a familiar pattern employed by financially motivated attackers. No organization is spared, not even agencies of the US federal civilian executive branch – as…

Read more →

Open-source software enables better security for both large and small organizations. It is the foundation of today’s society and is found throughout a modern application stack, from the operating system to networking functions. It’s estimated that around 90% of organizations…

Read more →

Malwarebytes has announced the upcoming Malwarebytes Mobile Security for Business, extending its endpoint protection capabilities to professional mobile devices. From corporate organizations to educational institutions, the increasing number of connected mobile devices introduces security risks to users and networks. With…

Read more →

ThreatConnect released ThreatConnect Platform 7.0 designed specifically for TI Ops. The new release increases the effectiveness of threat intelligence analysts and security operations teams by bringing together the power of human analysis, ML-powered analytics and intelligence, and automation. “Legacy approaches…

Read more →

Halo Security recently implemented a new feature to reduce the noise and improve attack surface visibility, helping customers identify active threats in the wild — known exploited vulnerabilities (KEVs) from the Cybersecurity and Infrastructure Security Agency (CISA) catalog — and…

Read more →

A language-generating AI model called ChatGPT, available for free, has taken the internet by storm. While AI has the potential to help IT and security teams become more efficient, it also enables threat actors to develop malware. In this interview…

Read more →

PKWARE has released its newest data discovery and protection solution, PK Secure Email. This Microsoft Outlook add-in automatically discovers sensitive information in email message body, subject line, and attachment and prompts policy-driven protection actions upon sending. Email is a staple…

Read more →

Lupovis has released Prowl, new platform capabilities designed to help security analysts automatically identify bot traffic from malicious human threat actors, to help reduce the time they waste investigating false positives. False positives are flagged by security products that identify…

Read more →

SpyCloud launched Compass, a transformative solution to help enterprises detect and respond to the initial precursors to ransomware attacks. Compass provides definitive evidence that data siphoned by malware infections is in cybercriminals’ hands and provides a comprehensive approach to incident…

Read more →

With continued transition to cloud services to support remote work, the threat of malware continues to grow, expanding each company’s attack surface. The first half of 2022 saw 2.8 billion malware attacks in which more than 270,000 “never-seen-before” malware variants…

Read more →

The first half of 2022 saw fewer compromises reported due in part to Russia-based cybercriminals distracted by the war in Ukraine and volatility in the cryptocurrency markets, according to the Identity Theft Resource Center. However, data compromises steadily increased in…

Read more →

Crypto.com has been certified with ISO 27017 for security in the cloud and ISO 27018 for privacy protection in the cloud as audited by SGS, an internationally-recognized certification authority. These two certifications, both firsts for a digital asset platform, demonstrate…

Read more →

LogicGate has hired Nicholas Kathmann as its CISO to help scale the company’s information security program, manage its external system security, drive platform security innovations and engage with LogicGate customers on security management. “To build on LogicGate’s growth and market…

Read more →

Forescout Technologies has unveiled that Barry Mainz will join the company as CEO, effective immediately. Barry Mainz brings more than 25 years of experience in executive leadership across infrastructure software and cybersecurity companies. Mainz has served as CEO and member…

Read more →

Strata has closed a $26M Series B round of financing led by Telstra Ventures with participation from existing investors Menlo Ventures, Forgepoint Capital and Innovating Capital. The company has developed, Maverics, the distributed identity orchestration platform that enables organizations to…

Read more →

The hackers who breached Riot Games last week are asking for $10 million not to leak the stolen source code for the company’s popular League of Legends online game. The company has also confirmed that source code for TFT (Teamfight…

Read more →

VMware has fixed two critical (CVE-2022-31706, CVE-2022-31704) and two important (CVE-2022-31710, CVE-2022-31711) security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility and intelligent analytics. Reported by Trend Micro’s Zero Day Initiative, none of…

Read more →

According to the FBI’s 2021 Internet Crime Report, business email compromise (BEC) accounted for almost a third of the country’s $6.9 billion in cyber losses that year – around $2.4 billion. In surprisingly sharp contrast, ransomware attacks accounted for only…

Read more →

Quantum computing poses a great opportunity but also a great threat to internet security; certain mathematical problems that form the basis of today’s most popular cryptographic algorithms will be much easier to solve with quantum than with “classical” computers. Recently,…

Read more →

Despite a difficult economic environment, organizations continue to invest in privacy, with spending up significantly from $1.2 million just three years ago to $2.7 million this year, according to Cisco. Yet, 92 percent of respondents believe their organization needs to…

Read more →

The cybersecurity skills shortage is a global problem, but each region – including Europe or, more specifically, the EU – has distinct problems it has to tackle to solve it. In this Help Net Security Dritan Saliovski, Director – Nordic…

Read more →

Datto introduced its second-generation family of cloud managed switches, along with global expansion of the early access for its secure remote access solution, Datto Secure Edge. These new networking solutions complement Datto’s existing product lines of Wi-Fi 6 access points…

Read more →

As part of the Venafi Control Plane for machine identities, TLS Protect for Kubernetes enables security and platform teams to easily and securely manage cloud native machine identities, such as TLS, mTLS and SPIFFE, across all of an enterprise’s multi-cloud…

Read more →