Tag: Help Net Security

After combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, the results clearly illustrate that the API threat landscape is becoming more dangerous, according to Wallarm. API attack…

Read more →

Kensington has expanded its robust portfolio of data protection solutions with the launch of three new privacy screens. The SA270 Privacy Screen for Studio Display (K50740WW), SA240 Privacy Screen for iMac 24” (K55170WW), and MagPro Elite Magnetic Privacy Screen for…

Read more →

Akamai Technologies has introduced the Akamai Hunt security service that enables customers to capitalize on the infrastructure of Akamai Guardicore Segmentation, Akamai’s global attack visibility, and expert security researchers to hunt and remediate the most evasive threats and risks in…

Read more →

Persona has launched Graph to help businesses stop online identity fraud. Leveraging advanced link analysis technology and a configurable query, Graph detects risky connections between users, enabling organizations to uncover and proactively block hard-to-detect fraud. Risk and compliance teams now…

Read more →

SANS Institute has launched the SANS Cloud Diversity Academy (SCDA) in collaboration with Google. This academy provides training and certifications to Black, Indigenous, and People of Color (BIPOC), women, and other underrepresented groups who are passionate about pursuing a technical…

Read more →

When it comes to data breaches, organizations are generally informed about the risks and procedures for mitigating them. They can (typically) respond with minimal collateral damage. But the impact a data breach can have on individuals can be devasting; getting…

Read more →

ESET researchers have analyzed MQsTTang, a custom backdoor that they attribute to the China-aligned Mustang Panda APT group. This backdoor is part of an ongoing campaign that ESET can trace back to early January 2023. Execution graph showing the subprocesses…

Read more →

Serious security vulnerabilities have been identified in multiple DJI drones. These weaknesses had the potential to allow users to modify crucial drone identification details such as its serial number and even bypass security mechanisms that enable authorities to track both…

Read more →

Palo Alto Networks released new Identity Threat Detection and Response (ITDR) module for Cortex XSIAM, enabling customers to ingest user identity and behavior data and deploy AI technology to detect identity-driven attacks within seconds. The module further strengthens XSIAM’s ability…

Read more →

F5 and Visa join forces to enable merchants to securely reduce login friction for their customers. Customers expect seamless commerce experiences and transactions to be secure. Yet, in today’s digital-first world, customers are under threat from bad actors looking to…

Read more →

Resecurity accelerates Digital Forensics & Incident Response Services portfolio with the newly appointed industry professional, Akash Rosen. Akash Rosen is a recognized digital forensics expert and investigator. He assisted international law enforcement on numerous cases related to online-banking theft, financial…

Read more →

An unknown threat actor has discreetly compromised business-grade DrayTek routers in Europe, Latin and North America, equipping them with a remote access trojan (dubbed HiatusRAT) and a packet capturing program. “The impacted models are high-bandwidth routers that can support VPN…

Read more →

In a joint effort, the German Regional Police, Ukrainian National Police, Europol, Dutch Police, and FBI joined forces on February 28, 2023, to take down the masterminds behind a notorious criminal organization responsible for unleashing devastating cyberattacks using the DoppelPaymer…

Read more →

A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available. Patches for the flaw – which affects a wide variety of…

Read more →

Today’s business leaders are grappling with two opposing challenges. On the one hand, present day global economic and recessionary pressures mean spending policies need to be reviewed and cash reserves built up. On the other hand, the volume and increasing…

Read more →

In today’s digital age, cybersecurity and privacy have become major concerns for internet users. With the increase in cyber attacks and data breaches, it is vital to protect your online privacy and security. One way to do this is by…

Read more →

92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, according to Approov. The Approov Mobile Threat Lab downloaded, decoded and scanned the top 200 financial…

Read more →

Recently, Claroty released its State of XIoT Security Report, which shares analyses of publicly disclosed vulnerabilities affecting operational technology (OT), internet of things (IoT) devices, and most recently, the internet of medical things (IoMT). In this Help Net Security video,…

Read more →

OneTrust introduces OneTrust Certification Automation to the OneTrust ecosystem to help organizations navigate the complex and evolving regulatory landscape. OneTrust Certification Automation brings together automation, pre-built policies, and controls for 29 industry frameworks, over 100 integrations, and tailored guidance from…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google Cloud Platform allows data exfiltration without a (forensic) trace Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving…

Read more →

Akamai Technologies reached a definitive agreement to acquire Ondat, a cloud-based storage technology provider with a Kubernetes-native platform for running stateful applications anywhere at scale. Ondat’s technology delivers persistent storage directly onto any Kubernetes cluster for running business-critical, stateful applications…

Read more →

Snowflake and Amazon Web Services (AWS) have unveiled a multi-year expansion of their partnership, with Snowflake growing its AWS spend and both companies jointly contributing millions of dollars to support go-to-market efforts. The expansion of the collaboration will take a…

Read more →

The Trusted Cybersecurity Services (TCS) solution, a hosted intrusion detection service that utilizes classified government threat intelligence to identify and address existing, potential, and emerging cyber threats on an organization’s network, has been introduced by Viasat. The service leverages cyber…

Read more →

Hewlett Packard Enterprise (HPE) revealed that it entered into a definitive agreement to acquire Axis Security, a cloud security provider. This acquisition will allow HPE to expand its edge-to-cloud security capabilities by offering a unified Secure Access Services Edge (SASE)…

Read more →

Spec and Fingerprint joined forces to provide companies with an solution that tackles fraud while ensuring a seamless customer experience. By integrating Fingerprint’s device identification technology into its no-code Trust Cloud platform, Spec can now offer its customers accuracy in…

Read more →

A new plug-in, created by Microsoft and MITRE, integrates various open-source software tools to aid cybersecurity professionals in bolstering their defenses against attacks on machine learning (ML) systems. The Arsenal tool implements tactics and techniques defined in the MITRE ATLAS…

Read more →

Ermetic revealed that its Cloud Native Application Protection Platform (CNAPP) can now automatically detect and correct misconfigurations, compliance violations, and risky or excessive privileges in Kubernetes clusters for its customers. Unlike traditional Kubernetes security tools, Ermetic combines signals from the…

Read more →

While there was a reduction in the widespread exploitation of new vulnerabilities in 2022, the risk remains significant as broad and opportunistic attacks continue to pose a threat, according to Rapid7. Deploying exploits Attackers are developing and deploying exploits faster…

Read more →

Known vulnerabilities – those for which patches have already been made available – are the primary vehicle for cyberattacks, according to Tenable. The Tenable report categorizes important vulnerability data and analyzes attacker behavior to help organizations inform their security programs…

Read more →

To unleash the power of AI, it’s essential to integrate some human input. The technical term is Reinforcement Learning from Human Feedback (RLHF): a machine-learning technique that uses human feedback to train and improve the accuracy of an AI model.…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Fastly, Forescout, ManageEngine, and Veeam Software. Forescout XDR enables SOC teams to reduce the attack surface Forescout XDR is an eXtended detection and response…

Read more →

ManageEngine has added a security and risk posture management dashboard to Log360, its unified security information and event management (SIEM) solution with integrated DLP and CASB capabilities. Enterprises can leverage this new feature to implement proactive security strategies and prevent…

Read more →

WatchGuard launched ThreatSync, a comprehensive XDR solution included as part of WatchGuard’s Unified Security Platform architecture that provides XDR technology for WatchGuard Network and Endpoint Security products. WatchGuard ThreatSync equips organizations with XDR capabilities to centralise cross-product detections and orchestrate…

Read more →

Fastly introduced Fastly Managed Security Service, a service for threat detection and response available around the clock, aimed at assisting businesses in mitigating the risk of web application attacks and minimizing the costs incurred due to lost transactions. Available to…

Read more →

Forescout revealed Forescout XDR, a solution designed to aid enterprises in detecting, investigating, and responding to an extensive range of sophisticated threats throughout their extended enterprise. A typical SOC is flooded with 450 alerts per hour, and analysts waste precious…

Read more →

The AI Bill of Rights, bias, and operational challenges amid tightening budgets are pressing issues affecting the adoption of ML as well as project and initiative success, according to Comet. “Our latest survey comes as ML practitioners are facing a…

Read more →

For many years now, unsecured internet-facing Redis servers have been steadily getting co-opted by criminals to mine cryptocurrency, so the latest cryptojacking campaign spotted by Cado Labs researcher cannot be considered news. But one its elements points to a new…

Read more →

The National Cybersecurity Strategy was unveiled today by the Biden-Harris Administration. The Strategy recognizes that government must use all tools of national power in a coordinated manner to protect national security, public safety, and economic prosperity. The United States will…

Read more →

ESET researchers have published the first analysis of a UEFI bootkit capable of circumventing UEFI Secure Boot, a critical platform security feature. The functionality of the bootkit and its features make researchers believe that it is a threat known as…

Read more →

Appdome has released its next generation ThreatScope product, delivering Extended Detection and Response (XDR) for consumer mobile apps and brands globally. Mobile brands gain the power and agility of XDR to address any cyber, fraud and other attacks in the…

Read more →

With the EU Cyber Resilience Act (CRA), the industry is dealing with one of the strictest regulatory requirements. Manufacturers, importers and even distributors of products with digital elements – in other words, anything with a microchip – will be required…

Read more →

Apps, whether for communication, productivity or gaming, are one of the biggest threats to mobile security, according to McAfee. The end of 2022 saw the release of some game-changing applications such as OpenAI’s ChatGPT chatbot and DALL-E 2 image generator.…

Read more →

A cybersecurity technique that shuffles network addresses like a blackjack dealer shuffles playing cards could effectively befuddle hackers gambling for control of a military jet, commercial airliner, or spacecraft, according to Sandia National Laboratories and Purdue University researchers. However, the…

Read more →

In this Help Net Security video interview, James Edgar, CISO at Fleetcor, discusses what consequences SMBs are most concerned about when it comes to cyberattacks, what technology SMBs are most interested in, and much more. The post Uncovering the most…

Read more →

ThreatNG announced its agentless Cloud and SaaS Exposure Module as a part of its External Attack Surface Management (EASM) and Digital Risk solution. The ThreatNG “Cloud and SaaS Exposure” Module supports the following vendors and technology categories: Amazon Web Services…

Read more →

ReasonLabs FamilyKeeper parental control app helps make parenting easier in the digital world by equipping parents with the tools they need to protect their kids online. Data shows that kids face numerous significant risks online. For example: 51% of teenagers…

Read more →

Radiant Logic announced redesigned Identity Data Platform, offering an identity-first approach to security and business decisions. To drive confident policies, enterprises need real-time access to a tremendous amount of data, synchronized across hybrid and complex environments. It must be accurate,…

Read more →

Pliant launched Observability Automation solution developed specifically for leading performance monitoring vendors and their customers. The Pliant Observability Solution elevates performance monitoring for operations teams at large enterprises, carriers, and managed service provider organizations. This new offering revolutionizes how teams…

Read more →

Appdome has released its next generation ThreatScope product, delivering Extended Detection and Response (XDR) for consumer mobile apps and brands globally. Mobile brands gain the power and agility of XDR to address any cyber, fraud and other attacks in the…

Read more →

HCLSoftware and SolarWinds are expanding their partnership to build an end-to-end 5G network observability platform from Cloud to RAN (Radio Access Network). This joint AI-based solution combines HCLSoftware’s Augmented Network Automation (HCL ANA) platform, HCL DRYiCE iObserve powered by SolarWinds,…

Read more →

With access control as a cornerstone of physical security, and today’s businesses requiring more advanced tools, Axis Communications and Genetec have partnered to introduce an enterprise-level access control solution. Axis Powered by Genetec combines Axis network door controllers and Genetec…

Read more →

Otorio and Compugen have formed a business partnership to protect customers against industrial cyber threats to OT environments. Through the alliance, Otoeio’s comprehensive OT solution and Compugen’s professional services will empower global industrial customers with a powerful way to combat…

Read more →

InQuest appointed Darren Spruell, a seasoned information security professional, as its Chief Intelligence Officer. Darren brings an array of technical skills bolstered by intense curiosity and a passion for continual mastery. Darren’s career includes specialties in several areas of cybersecurity,…

Read more →

Your technology is always changing, and you often end up playing catchup to secure it. This is difficult in the cloud when you share security responsibility with the cloud service providers (CSP). You need to know what’s changing so that…

Read more →

Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s storage access logs, Mitiga researchers have discovered. GCP data exfiltration attack (Source: Mitiga) Covert data exfiltration…

Read more →

What DNS abuse techniques are employed by cyber adversaries and which organizations can help incident responders and security teams detect, mitigate and prevent them? The DNS Abuse Techniques Matrix published by FIRST provides answers. The Domain Name System (DNS) is…

Read more →

When it comes to assessing the security of computer systems, penetration testing tools are critical for identifying vulnerabilities that attackers may exploit. Among these tools, Burp Suite stands out as one of the most popular and widely used options among…

Read more →

Developers care about the quality and security of their code, and when empowered to help, developers make great security advocates who can help harden your supply chain security while reducing the burden on DevOps and security teams. Introducing security tools…

Read more →

Successful attacks on systems no longer require zero-day exploits, as attackers now focus on compromising identities through methods such as bypassing MFA, hijacking sessions, or brute-forcing passwords, according to Oort. “The vast majority of successful breaches in the past year…

Read more →

2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall. “The past year reinforced the need for cybersecurity…

Read more →

In this Help Net Security video, Frank Catucci, CTO, and Dan Murphy, Distinguished Architect at Invicti Security, break down the different types of application security testing tools, explore the strengths and tradeoffs, and provide you with the information you need…

Read more →

AlertEnterprise revealed the launch of its Guardian AI Chatbot powered by OpenAI ChatGPT. The Guardian AI Chatbot is developed with the world-renowned GPT-3 platform created by OpenAI and is designed to instantly deliver security operators the physical access and security…

Read more →

Your technology is always changing, and you often play catchup to secure it. This isn’t easy in the cloud when you share security responsibility with the cloud service providers (CSP). You need to know what’s changing so that you can…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Arkose Labs, Cequence Security, CyberGRX, CyberSaint, Deepwatch, DigiCert, Finite State, FireMon, Hornetsecurity, HYCU, KELA, Lacework, Malwarebytes, Netography, Neustar Security Services, Nudge Security, OPSWAT, SecuriThings, Trulioo,…

Read more →

VMware has delivered new and enhanced remote worker/device connectivity and intelligent wireless capabilities to its SD-WAN and SASE customers. Relatedly, VMware announced an expanded collaboration with Intel to deliver new edge appliances featuring 5G connectivity allowing support for additional SD-WAN…

Read more →

Veeam Software has released new Veeam Backup for Microsoft 365 v7, backup and recovery solution for Microsoft 365 including Microsoft Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams. The latest version of Veeam Backup for Microsoft 365 strengthens…

Read more →

Thales and Qualcomm Technologies have announced the certification of the commercially deployable iSIM (Integrated SIM) on the Snapdragon 8 Gen 2 Mobile Platform, enabling the functionality of a SIM within a smartphone’s main processor. Such GSMA’s security certification2 confirms the…

Read more →

Cyolo introduced partner program designed to help organizations enhance their cybersecurity capabilities for protecting sensitive systems and applications. The newly redesigned program will provide partners with a high profit margin through a simplified reseller structure and richer tools, including access…

Read more →

LastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company’s third-party cloud storage service that hosted backups: “The threat actor leveraged information stolen…

Read more →

The old phrase “sharing is caring” is something that Faye Francy has seen revolutionize entire industries. From her years as a Boeing Commercial Airplanes Cybersecurity ONE team leader, to Aviation-ISAC, and ultimately becoming the Executive Director of Automotive-ISAC, Faye has…

Read more →

Employees are providing hundreds to thousands of third-party apps with access to the two most dominant workspaces, Microsoft 365 and Google Workspace, according to Adaptive Shield. With no oversight or control from security teams, companies have no way to quantify…

Read more →

BEC (Business Email Compromise) attacks have become increasingly prevalent in recent years, with cybercriminals using a variety of tactics to gain access to sensitive information and steal money from businesses. While many people may assume that these attacks are primarily…

Read more →

While moving to the cloud increases efficiency and business agility, security strategies haven’t been adapted to account for this shift and traditional tools can’t effectively manage the unique associated risks. CISOs that ignore the risks are left completely exposed and…

Read more →

Cyber attack risks faced by businesses across states and reported data breaches are relative to the respective state governments’ cybersecurity investment, according to Network Assured. Study methodology Network Assured compared data from State Attorneys Generals and the Department of Health…

Read more →

Vouched announced $6.3 million financing led by BHG VC and SpringRock Ventures, as well as prior investors Darrell Cavens and Mark Vadon. Vouched’s expansion plans build upon the company’s rapid growth over the past year. The company now serves more…

Read more →

Red Hat extend partnership with Samsung to introduce a virtualized radio access network (vRAN) solution that offers advanced integration and automation features. The technology will be designed to help service providers better manage networks at scale while also addressing the…

Read more →

LiveRamp has expanded its partnership with Snowflake to upgrade its product capabilities built natively on Snowflake and increase data connectivity for next-generation, post-cookie marketing in the cloud. By building LiveRamp’s data activation solutions using Snowflake’s Native Application Framework, currently in…

Read more →

After having stressed the importance of keeping Exchange servers updated last month, Microsoft is advising administrators to widen the scope of antivirus scanning on those servers. Microsoft Exchange servers in attackers’ crosshairs Cyber attackers love to target Microsoft Exchange servers,…

Read more →

QNAP Systems, the Taiwanese manufacturer of popular NAS and other on-premise storage, smart networking and video devices, has launched a bug bounty program with rewards of up to US $20,000. QNAP’s NAS devices, in particular, have been getting hit in…

Read more →

Newly released Federal Trade Commission (FTC) data shows that consumers reported losing nearly $8.8 billion to fraud in 2022, an increase of more than 30 percent over the previous year. Losing money to investment and imposter scams Consumers reported losing…

Read more →

Resecurity identified one of the largest investment fraud networks by size and volume of operations created to defraud Internet users from Australia, Canada, China, Colombia, European Union, India, Singapore, Malaysia, United Arab Emirates, Saudi Arabia, Mexico, the U.S. and other…

Read more →

The threat landscape and organizations’ attack surface are constantly transforming, and cybercriminals’ ability to design and adapt their techniques to suit this evolving environment continues to pose significant risk to businesses of all sizes, regardless of industry or geography. Destructive…

Read more →

In this Help Net Security video, Caroline Wong, Chief Strategy Officer at Cobalt, offers valuable insight into what leaders can do to instill stronger cybersecurity practices from the bottom up and prevent breaches. The post Stay one step ahead: Cybersecurity…

Read more →

In today’s data-driven world, the expectations and demands faced by many organizations worldwide are reaching unseen levels. To meet the challenge, a data-driven approach is necessary, with effective digital transformation needed to improve operational efficiency, streamline processes, and get more…

Read more →

Enterprise risk management (ERM) teams are struggling to effectively mitigate third-party risk in an increasingly interconnected business environment, according to Gartner. ERM struggles to elevate the right issues In a Gartner survey of 100 executive risk committee members in September…

Read more →

Contrast Security expands Contrast Serverless Application Security offering to support Microsoft Azure Functions and enable customers to scan for security vulnerabilities on multi-cloud environments. Organizations are rapidly adopting serverless and cloud-native development due to their inherent benefits. However, companies struggle…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google Protected Computing: Ensuring privacy and safety of data regardless of location In this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy,…

Read more →

Last year, Microsoft announced automatic attack disruption capabilities in Microsoft 365 Defender, its enterprise defense suite. On Wednesday, it announced that these capabilities will now help organizations disrupt two common attack scenarios: BEC (business email compromise) and human-operated ransomware attacks.…

Read more →

Edgio has enhanced its Security platform enabling enterprises to better detect and respond to emerging threats while ensuring confidentiality, integrity and availability of their data and applications. These new capabilities are aimed at reducing the damage caused by the increase…

Read more →

Although ransomware‘s share of incidents declined only slightly from 2021 to 2022, defenders were more successful detecting and preventing ransomware, according to IBM. Despite this, attackers continued to innovate with the report showing the average time to complete a ransomware…

Read more →

In this Help Net Security video interview, Huxley Barbee, lead organizer of BSidesNYC 2023, talks about the upcoming event. BSidesNYC 2023 will take place at the John Jay College of Criminal Justice on April 22, 2023. The post What to…

Read more →

The war in Ukraine has seen the emergence of new forms of cyberattacks, and hacktivists became savvier and more emboldened to deface sites, leak information and execute DDoS attacks, according to Trellix. “Q4 saw malicious actors push the limits of…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from CyberGRX, Lacework, Malwarebytes, Netography, Nudge Security, and Xcitium. Malwarebytes Application Block restricts access to outdated and unsafe apps Malwarebytes has added Malwarebytes Application Block to…

Read more →

By 2025, nearly half of cybersecurity leaders will change jobs, 25% for different roles entirely due to multiple work-related stressors, according to Gartner. “Cybersecurity professionals are facing unsustainable levels of stress,” said Deepti Gopal, Director Analyst, Gartner. “CISOs are on…

Read more →

Darktrace has launched Darktrace Newsroom, an AI-driven system that continuously monitors open-source intelligence sources for new critical vulnerabilities and assesses each organization’s exposure through its in-depth knowledge of their unique external attack surface. Darktrace’s knowledge of “self” means it can…

Read more →

Edgio has enhanced its Security platform enabling enterprises to better detect and respond to emerging threats while ensuring confidentiality, integrity and availability of their data and applications. These new capabilities are aimed at reducing the damage caused by the increase…

Read more →

Following recent U.S. state government and other organization bans on TikTok and other social media platforms, Netography announced enhancements to Netography Fusion’s operational governance dashboards, providing analysts with real-time comprehensive views of all social media traffic. These capabilities enable customers…

Read more →

Atos has launched its new ‘5Guard’ security offering for organizations looking to deploy private 5G networks and for telecom operators looking to enable integrated, automated, and orchestrated security to protect and defend their assets and customers. A new end-to-end 5G…

Read more →

Deloitte EMEA-LATAM Cybersphere Center (ECC) and Cyberbit have announced a strategic partnership that will drive cyber readiness across industries by focusing on the human element of cybersecurity. Cyberbit delivers a holistic approach to developing cyber readiness that emphasizes the human…

Read more →

Metomic has raised a $20 million Series A funding round. The round is led by Evolution Equity Partners with participation from Resonance and Connect Ventures. The investment will be used for U.S. expansion efforts and research and development initiatives. It…

Read more →