Tag: Help Net Security

GoTo (formerly LogMeIn) has confirmed on Monday that attackers have stolen customers’ encrypted backups from a third-party cloud storage service related to its Central, Pro, join.me, Hamachi, and RemotelyAnywhere offerings. However, the attackers have also managed to grab an encryption…

Read more →

Apple has released security updates for macOS, iOS, iPadOS and watchOS, patching – among other things – a type confusion flaw in the WebKit component (CVE-2022-42856) that could be exploited for remote code execution on older iPhones and iPads running…

Read more →

ioSafe introduced the ioSafe 1522+, a five-bay network attached storage (NAS) device for businesses of all sizes, including those with remote locations in fire and flood-prone areas. “The 1522+ is the next proof point in our commitment to delivering the…

Read more →

Hillstone Networks latest upgrade of its operating system, Hillstone StoneOS 5.5R10, delivers AI-based threat protection, centralized zero trust control and management, and further simplification of security operations and system optimization, among over 300 new features. The new functionality enhances the…

Read more →

Arctic Wolf launched Arctic Wolf Incident Response (IR) JumpStart Retainer, an incident response offering that helps organizations proactively plan for cyber incidents without losing valuable time to remediation and the high upfront costs of traditional incident response retainers. In the…

Read more →

In this Help Net Security video, Carlos Fernandez, Security Researcher at Sonatype, talks about how their AI system caught packages that attack Python developers with a unique tactic. Sonatype calls them RAT mutants because they’re a mix of remote access…

Read more →

It has been observed that attackers will attempt to start exploiting vulnerabilities within the first fifteen minutes of their disclosure. As the time to patch gets shorter, organizations need to be more pragmatic when it comes to remediating vulnerabilities, particularly…

Read more →

The National Security Agency (NSA) published guidance to help Department of Defense (DoD) and other system administrators identify and mitigate security issues associated with a transition to Internet Protocol version 6 (IPv6). IPv6 Security Guidance highlights how several security issues…

Read more →

In March 2023, Zagreb will be added to the (already long) list of cities where information security professionals and enthusiasts can share their knowledge with peers at a Security BSides conference. We’ve talked with BSidesZG organizer Ante Jurjevic to find…

Read more →

Linor spends her days working with cybersecurity founders at her Venture Capital firm. Gaining insight into their experiences over the course of building these relationships and supporting the brick-laying of their visions, she shares observations on the tough – and…

Read more →

IoT remains the biggest hurdle in achieving an effective zero-trust security posture across an organization. In this Help Net Security video, Denny LeCompte, CEO at Portnox, discusses how IoT has been difficult to profile accurately and why zero trust strategies…

Read more →

The European Union Agency for Cybersecurity (ENISA) has made available Awareness Raising in a Box (AR-in-a-BOX), a “do it yourself” toolbox to help organizations in their quest to create and implement a custom security awareness raising program. The package includes:…

Read more →

An EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of vulnerabilities than organizations not using code scanning tools, while continuous training greatly improved code security…

Read more →

The sheer volume of reported ICS vulnerabilities and CVEs may cause critical infrastructure asset owners to feel overwhelmed, or need help knowing where to begin, according to SynSaber. The report analyzes the 920+ CVEs released by CISA in the second…

Read more →

CyberGRX has released a Predictive Data tool to the Exchange platform’s Attack Scenario Analytics feature. Customers can leverage CyberGRX’s predictive risk intelligence capabilities, which has up to 91% accuracy, to evaluate levels of risk posed by a third party against…

Read more →

Wallarm has launched the Wallarm API Leak Management solution, an enhanced API security technology designed to help organizations identify and remediate attacks exploiting leaked API keys and secrets, while providing on-going protection against hacks in the event of a leak.…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cacti servers under attack by attackers exploiting CVE-2022-46169 If you’re running the Cacti network monitoring solution and you haven’t updated it since early December, now…

Read more →

Vanta has acquired Trustpage to transform trust into a marketable advantage for companies around the world. With the addition of Trustpage, Vanta is accelerating its product innovation and continuing to scale its industry-defining trust management platform for thousands of global…

Read more →

Exterro’s acquisition of Zapproved is the latest step in furthering Exterro’s vision to empower customers to proactively and defensibly manage their legal governance, risk and compliance obligations. It also represents another strategic milestone for Exterro in its partnership with Leeds…

Read more →

Bitwarden’s acquisition of Passwordless.dev comes on the heels of a $100M funding round and allows Bitwarden to equip customers with a strong WebAuthn framework from which to develop custom features and deliver passwordless user experiences. A core part of the…

Read more →

Fingerprint and Ping Identity partnership enables PingOne DaVinci customers to identify devices throughout user journeys, which helps prevent fraud and improve the overall customer experience. Fingerprint joins a growing network of technology partners developing integrations with PingOne DaVinci through the…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from CloudSEK, Devo Technology, Immuta, Varonis, and Zyxel Networks. CloudSEK BeVigil app protects Android users from security risks By providing users with detailed information about the…

Read more →

Cybersecurity professionals are frustrated over how much time and attention they must devote to API security and worried that their defenses still need to be improved, according to Corsha. Researchers recently surveyed over 400 security and engineering professionals to learn…

Read more →

In this Help Net Security video, André Ferraz, CEO at Incognia, discusses the impact of location spoofing and location-based fraud. Any tool that enables users to alter the location information given by their device is known as location spoofing. Scammers…

Read more →

When you support a remote workforce, you risk opening your data, applications, and organization to the world. How can you sleep soundly at night while enabling a modern “work from anywhere” workforce? Acknowledging the inherited security challenges in remote access…

Read more →

Immuta has released its latest product, Immuta Detect. With its continuous data security monitoring capabilities, Immuta Detect alerts data and security teams about risky data access behavior, enabling more accurate risk remediation and improved data security posture management across modern…

Read more →

Arcserve unveiled Arcserve Unified Data Protection (UDP) 9.0, a centrally managed backup and disaster recovery solution that future-proofs every data infrastructure with robust protection for every type of workload. It combines complete data protection, Sophos cybersecurity protection, immutable storage, tape…

Read more →

Hornetsecurity has appointed Irvin Shillingford to run its Northern European regional team. Shillingford brings more than 30 years’ experience of growing cyber and software solutions at key businesses. He has held several senior leadership roles running business development teams while…

Read more →

A source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development. The latest git vulnerabilities CVE-2022-41903 is an out-of-bounds memory write flaw in log formatting and CVE-2022-23251 is a truncated…

Read more →

The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems. Industrial networks and critical infrastructures…

Read more →

SMBs are aware of increasing cyber threats and allocating resources and investing in areas such as network and cloud security, according to Datto. Key takeaways from this survey include: About a fifth of IT budget is dedicated to security and…

Read more →

Businesses widely use cloud applications, a fact not lost on attackers, which view these apps as an ideal home for hosting malware and causing harm. In this Help Net Security video, Ray Canzanese, Threat Research Director at Netskope, talks about…

Read more →

IDrive Backup has enhanced their endpoint backup solution IDrive 360 with the addition of full system backup and mobile backup, enabling users to ensure that all data from all devices within their organization can be completely recovered if a data…

Read more →

Sygnia has expanded its incident response and proactive security services to include a managed extended detection and response (MXDR) service. Sygnia’s MXDR is technology-agnostic and a 24/7 fully managed security operations service that includes monitoring, threat detection, forensic analysis, accelerated…

Read more →

TD SYNNEX has launched a new fraud defense solution, SMB Fraud Defense Click-to-Run, integrating Microsoft Azure services for small and medium business (SMB) customers during a time of increasing threats within cloud environments. The SMB Fraud Defense Click-to-Run solution elevates…

Read more →

Zyxel Networks launched the Zyxel Astra, a new cloud-based endpoint security service that enables SMBs to secure remote users regardless of their location. Designed to address the unique network security challenges presented by hybrid work environments, Astra enables network administrators…

Read more →

nsKnox has unveiled a new funding round of $17 million, bringing its total funding to date to $35.6M. Two new investors, U.S.-based Internet & technology venture capital firm Link Ventures and Harel Insurance & Finance, took a significant part in…

Read more →

Abacus Group acquired two boutique cybersecurity consulting companies, Gotham Security and its parent company, GoVanguard, both of which have unparalleled track records of excellence in the cyber arena. Gotham Security, as the new business will be known, will be a…

Read more →

Forter acquires Immue to not only strengthen the company’s existing fraud management capabilities but add Immue’s domain-specific bot expertise. Bots are used by the most sophisticated fraud operations to monitor and automate purchases from merchant sites. In fact, it’s frequently…

Read more →

Ivanti and Lookout have extended their strategic partnership to now include Lookout Mobile Endpoint Security as part of the Ivanti Neurons automation platform. The combined solution, which also includes Ivanti Go and Ivanti Neurons for Modern Device Management, is a…

Read more →

Two vulnerabilities (CVE-2022-4873, CVE-2022-4874) found in three NetComm router models could be exploited to achieve remote code execution on vulnerable devices, and there’s a public PoC chaining them, CERT/CC has warned. The good news is that they’ve been fixed by…

Read more →

The FBI has recently warned the public about search engine ads pushing malware diguised as legitimate software – an old tactic that has lately resulted in too many malicious ads served to users searching for software, cracked software, drivers –…

Read more →

Geopolitical instability is exacerbating the risk of catastrophic cyberattacks, according to the Global Cybersecurity Outlook 2023 report from the World Economic Forum. The great threat Over 93% of cybersecurity experts and 86% of business leaders believe “a far-reaching, catastrophic cyber…

Read more →

Varonis introduced least privilege automation for Microsoft 365, Google Drive, and Box — a new capability that continuously removes unnecessary data risk without human intervention. This innovation furthers Varonis’ mission to deliver effortless data security outcomes to customers. Unlike other…

Read more →

ChatGPT from OpenAI is a conversational chatbot recently released in preview mode for research purposes. It takes natural language as input and aims to solve problems, provide follow-up questions or even challenge assertions depending on your question. In this Help…

Read more →

In 2022, state-sponsored cyber activity has been drawn into sharp focus, ransomware continued to dominate as the primary threat facing organizations, and there have been several highly publicized incidents. Beyond the headlines, there have been some interesting shifts in both…

Read more →

Companies are challenged with more complex hybrid IT environments. They are raising budgets to fend off cyberattacks and keep up as production environments continue to diversify across various clouds, according to Veeam Software. The result is that IT leaders feel…

Read more →

DigiCert has released DigiCert Trust Lifecycle Manager, a digital trust solution unifying CA-agnostic certificate management and public key infrastructure (PKI) services. Trust Lifecycle Manager integrates with DigiCert’s public trust issuance for a full-stack solution governing seamless management of corporate digital…

Read more →

Devo Technology unveiled Devo DeepTrace, an autonomous alert investigation and threat hunting solution that uses attack-tracing artificial intelligence (AI) to advance how security teams identify attacks, investigate threats and secure their organizations. DeepTrace augments the work security analysts do by…

Read more →

DNS Insights by NS1 unlocks improved reliability, real-time analysis, and cost control by collecting DNS and network metrics at the edge to empower networking professionals as they troubleshoot and optimize infrastructure at scale. DNS Insights arrives at a critical time…

Read more →

Varonis introduced least privilege automation for Microsoft 365, Google Drive, and Box — a new capability that continuously removes unnecessary data risk without human intervention. This innovation furthers Varonis’ mission to deliver effortless data security outcomes to customers. Unlike other…

Read more →

CloudSEK launched the BeVigil app to provide users with detailed information about the security and privacy practices of their mobile apps. With the BeVigil App, users can search for apps by name and view detailed information about the app’s security…

Read more →

If your enterprise is running ManageEngine products that were affected by CVE-2022-47966, check now whether they’ve been updated to a non-vulnerable version because Horizon3’s will be releasing technical details and a PoC exploit this week. GreyNoise has yet to detect…

Read more →

Although cyberattacks have become more common, handling them remains extremely challenging for organizations. Even if things go well on the technical level, incident response (IR) is still a stressful and hectic process across the company; this is the reality of…

Read more →

33% of companies are not providing any cybersecurity awareness training to users who work remotely, according to Hornetsecurity. The study also revealed that nearly 74% of remote staff have access to critical data, which is creating more risk for companies…

Read more →

In this Help Net Security video, MacKenzie Jackson, Developer Advocate at GitGuardian, offers his cybersecurity predictions for 2032. These include: Developers will be a priority target for hacking campaigns Doubling down on MFA bypass Source code security More efforts to…

Read more →

The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s laptop with malware, stealing their 2FA-backed SSO session cookie, and using it to impersonate the employee…

Read more →

If you’re running the Cacti network monitoring solution and you haven’t updated it since early December, now is the time to do it to foil attackers exploiting a critical command injection flaw (CVE-2022-46169). About Cacti and CVE-2022-46169 Cacti is an…

Read more →

There are a variety of roadblocks associated with moving to passwordless authentication. Foremost is that people hate change. End users push back when you ask them to abandon the familiar password-based login page, while app owners resist changing them to…

Read more →

The quality of protected communications matters – a lot. If the sent material is highly sensitive and the legislation and/or policy demands high security, opportunistic encryption might not be enough. For organizations, deciding what email encryption solution to use is…

Read more →

A new Zapata Computing report reveals a deepening commitment from enterprises that points to a maturing industry with widespread, global interest and increased urgency regarding post-quantum cybersecurity threats. The growing interest in quantum is translating into spending, demonstrated by 71%…

Read more →

77% of IT decision makers across the United States and Canada believe their companies are likely to face a data breach within the next three years according to survey results released by Adastra. Survey respondents ranked data security as the…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google is calling EU cybersecurity founders Google announced that the Google for Startups Growth Academy: Cybersecurity program now accepts applications from EU companies. Rackspace ransomware…

Read more →

SpiderOak has raised $16.4M in Series C round led by Empyrean Technology Solutions, a space technology platform backed by funds affiliated with Madison Dearborn Partners. The Series C round included additional investment from Method Capital, and OCA Ventures. The oversubscribed…

Read more →

Crisis24 acquires Topo.ai to further strengthen its support operations, offer a one-stop shop solution with plug and play capabilities, and ensure the highest levels of client satisfaction. Crisis24 provides unrivaled curated intelligence and sophisticated technologies to enable the world’s most…

Read more →

Conceal has unveiled that it is expanding into the Spain, France, Italy, and Portugal MSSP markets through a strategic partnership with Thousand Guards. “Thousand Guards services are aimed at IT security managers and cybersecurity services companies that need to find…

Read more →

With nearly half of today’s enterprises comprised of non-employees, organizations need to factor this growing group of identities into their approach to identity security. With SecZetta, SailPoint will be able to expand its capabilities to help companies gain better visibility…

Read more →

Cloudflare has expanded its relationship with Microsoft to help customers easily deploy, automate, and enhance their organization’s zero trust security. Working from anywhere is more common than ever, and critical applications have moved to the cloud—no longer residing inside an…

Read more →

Onapsis has formed a strategic collaboration with Wipro to drive digital transformation and business growth for customers. Enterprises embarking on their digital transformation journey are often faced with a complex SAP landscape and a limited understanding of how to secure…

Read more →

Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential of using fuzzing to uncover security holes in implementations of cryptographic protocols. CVE-2022-43974 and CVE-2022-42905 CVE-2022-43974 is a buffer…

Read more →

A critical vulnerability in FortiOS SSL-VPN (CVE-2022-42475) that Fortinet has issued patches for in November 2022 has been exploited by attackers to compromise governmental or government-related targets, the company has shared. Fortinet says the attackers have advanced capabilities: they were…

Read more →

What will the security landscape in 2023 look like? Here’s my take. 1. Attackers’ tactics will evolve, and defense strategies will evolve with them With online platforms and social media fully integrated into our daily routine, phishing and social engineering…

Read more →

Veracode revealed data that could save organizations time and money by helping developers minimize the introduction and accumulation of security flaws in their software. Their report found that flaw build-up over time is such that 32% of applications are found…

Read more →

Bots continue to evolve and thrive at the expense of companies. Kasada’s research shows revenue loss from bot-driven account fraud and web scraping continues to skyrocket, despite companies spending more on bot mitigation solutions every year. In this Help Net…

Read more →

How can organizations create an environment that allows the broadest access across distributed warehouses, databases, object stores and data exchanges, while at the same time maintaining consistent data oversight? There’s no single template for enacting robust and effective data controls.…

Read more →

Status Pages allow PagerDuty customers to proactively communicate status updates with their customers while keeping both internal technical teams and customer service teams informed, as well. Intuitive, easy to use, and able to be set up in minutes, the new…

Read more →

Ordr has formed a collaboration with GE HealthCare to offer customers a solution leveraging Ordr’s platform for health systems. The solution addresses critical patient care challenges across three key stakeholder groups: biomedical and healthcare technology management (HTM) teams, giving them…

Read more →

Cyberpion has unveiled that Marc Gaffan has been named CEO, Doron Gill will serve as VP of Engineering, and Ido Samson joins as CRO. Co-founder Nethanel Gelernter is moving from CEO to CTO where he will focus on accelerating innovation…

Read more →

Infoblox has unveiled that Jesper Andersen has decided to retire as CEO and the Board of Directors has appointed Scott Harrell as the new President and CEO. Andersen will continue to serve on the Board and support Harrell through the…

Read more →

Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected boot features. These vulnerabilities affect over 120 different models of the Siemens S7-1500 CPU product family.…

Read more →

Cisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of routers, but won’t be fixing them as the devices “have entered the end-of-life process.” Proof-of-concept exploit code for CVE-2023-20025 and…

Read more →

For the past 17 years the World Economic Forum’s Global Risks Report has warned about deeply interconnected global risks. Conflict and geo-economic tensions have triggered a series of deeply interconnected global threats, according to the latest report. Serious long-term threats…

Read more →

Personal employee or customer data accounted for nearly 45% of all data stolen between July 2021 and June 2022, while companies’ source code and proprietary information accounted for a further 6.7% and 5.6% respectively, according to Imperva. More positively, the…

Read more →

Security teams struggle to defend their dispersed networks because the technologies responsible for network security are being pushed towards obsolescence by evolutionary pressures. Strategies like EDR and MFA become less effective than intended, leaving organizations with unknown gaps that lead…

Read more →

ChatGPT from OpenAI is a conversational chatbot that was recently released in preview mode for research purposes. It takes natural language as an input and aims to solve problems, provide follow up questions or even challenge assertions depending on what…

Read more →

FileCloud has added Zero Trust File Sharing, which will provide yet another layer of security to the content collaboration platform. Zero Trust File Sharing in FileCloud will enable users to collaborate securely, not just with other employees, but also with…

Read more →

Cloudflare announced several new zero trust email security solutions, compatible with any email provider, to protect employees from multichannel phishing attacks, prevent sensitive data being exfiltrated via email, and help businesses speed up and simplify deployments. Now, Cloudflare is providing…

Read more →

ThriveDX is launching a road tour across Europe from Jan. 11 to Feb. 23, 2023 to introduce the company’s human factor security solutions to Exclusive Networks’ ecosystem of more than 25,000 partners and to address the cybersecurity talent shortage, skills…

Read more →

Bionic has announced a product integration with Wiz to provide customers with an agentless way to unify and scale their cloud and application security posture in production. With this integration, DevSecOps teams now have complete visibility and context into which…

Read more →

Hitachi Vantara has unveiled that Monica Kumar has assumed the role of Chief Marketing Officer (CMO) at the organization, effective immediately. She reports directly to CEO Gajen Kandiah. “Great companies are those who can find a way to articulate their…

Read more →

Arkose Labs has announced that Chris Cabrera, founder and CEO of Xactly Corporation, has joined its Board of Directors effective Jan. 1, 2023. Cabrera is the company’s seventh board member, and represents the interest of common shareholders. Arkose Labs’ board…

Read more →

Tufin has appointed Raymond Brancato as CEO, effective immediately. Raymond has more than 27 years of experience developing and executing go-to-market strategies in the technology industry and will be taking the lead role at the company to guide it through…

Read more →

Censinet has raised $9 million in funding led by MemorialCare Innovation Fund including Rex Health Ventures and Ballad Ventures, bringing the Company’s total funding to more than $22 million. Existing investors LRVHealth, HLM Venture Partners, Schooner Capital, Excelerate Health Ventures,…

Read more →

Cerberus Sentinel has signed a definitive agreement for the acquisition of RAN Security. Under the terms of the agreement, RAN Security will become a wholly owned subsidiary of Cerberus Sentinel. The transaction is expected to close later in the year,…

Read more →

Amid heightened threats to the nation’s healthcare systems, more than 20 leading healthcare organizations have come together to identify effective, efficient, and new innovative approaches to reduce cyber risk across the healthcare industry’s third-party ecosystem. The Health 3rd Party Trust…

Read more →

Hack The Box announces a Series B investment round of $55 million led by Carlyle, alongside Paladin Capital Group, Osage University Partners, Marathon Venture Capital, Brighteye Ventures, and Endeavor Catalyst Fund. The new investment will accelerate Hack The Box’s growth…

Read more →

Researchers have discovered cryptographic vulnerabilities in Swiss-based secure messaging application Threema that may have allowed attackers to do things like break authentication or recover users’ long-term private keys. The vulnerabilities have been fixed and Threema has since switched to a…

Read more →

Google announced that the Google for Startups Growth Academy: Cybersecurity program now accepts applications from EU companies. The three-month program, announced last fall, will start in April and connect the finest of Google with the top European cybersecurity firms. From…

Read more →

DDoS attacks are getting larger and more complex moving towards mobile networks and IoT, which are now used in cyberwarfare. In this Help Net Security video, Steve Winterfeld, Advisory CISO at Akamai, discusses the most powerful DDoS attacks in the…

Read more →

The increase in the number of attack surfaces along with the rise in cybercriminal sophistication is generating technical debt for security operations centers (SOCs), many of which are understaffed and unable to dedicate time to effectively manage the growing number…

Read more →