Category: Help Net Security

Veritas Technologies announced enhancements to Veritas Backup Exec, the unified backup and recovery solution. The latest updates include malware detection capabilities, role-based access control and additional optimizations for fast backup and recovery of business-critical data. With ransomware attacks on the…

Read more →

Apricorn released a 24TB version of its Aegis Padlock DT and Padlock DT FIPS Desktop Drives. Apricorn brings a 24TB encrypted drive to market, delivering high performance and mass capacity to industries such as healthcare, financial services, education, and government,…

Read more →

LogicGate announces the new Cyber Risk Suite and Operational Risk Suite offerings, providing enterprises with purpose-built integrated solutions to efficiently and effectively optimize their Enterprise Risk Management (ERM) and cyber risk programs. Each suite includes applications, integrations, licenses, and services…

Read more →

Kyndryl and Cloudflare announced a Global Strategic Alliance, an expansion of their partnership, to enable enterprises to migrate and manage networks for multi-cloud connectivity and comprehensive network security. The partnership combines Kyndryl’s end-to-end consulting services and expertise across enterprise networking,…

Read more →

Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity server, has been…

Read more →

Amid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions. Earlier this year, a hacker on a criminal forum claimed to have…

Read more →

In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining…

Read more →

WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting. “I built this solution to streamline the application security process,…

Read more →

Leaked secrets, a phenomenon known as ‘secrets sprawl,’ is a pervasive vulnerability that plagues nearly every organization. It refers to the unintentional exposure of sensitive credentials hardcoded in plaintext within source code, messaging systems, internal documentation, or ticketing systems. As…

Read more →

93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year, according to Thales. The number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Despite this…

Read more →

Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly encourages”…

Read more →

Zoom announces Zoom Compliance Manager, an all-in-one offering that provides archiving, eDiscovery, legal hold, and information protection capabilities to help organizations fulfill regulatory requirements and mitigate organizational communications compliance risks across the Zoom platform. “Zoom currently provides compliance and information…

Read more →

DataDome launched DataDome Account Protect. This solution targets the growing threat of account takeovers and fake account creations that organizations worldwide face, providing robust security for login and registration endpoints against account-based attacks for business fraud purposes. Account fraud, particularly…

Read more →

Smaller RaaS groups are trying to recruit new and “displaced” LockBit and Alphv/BlackCat affiliates by foregoing deposits and paid subscriptions, offering better payout splits, 24/7 support, and other “perks”. Cybercriminals wanted RaaS operations usually consist of a core group that…

Read more →

ControlUp announced Secure DX, a real-time scanning, detection, and remediation solution that improves the security posture of endpoint devices without compromising the digital employee experience. By continuously and autonomously spotting and resolving endpoint vulnerabilities and weak security configurations, Secure DX…

Read more →

Semgrep announced Semgrep Assistant, a tool that uses Artificial Intelligence (AI) to drive efficiencies and uncover insights across all phases of an AppSec program, from rule creation to remediation. Semgrep is a static code analysis tool that alerts users about…

Read more →

Apiiro has announced a product integration and partnership with Secure Code Warrior to extend its ASPM technology and processes to the people layer. The partnership combines Apiiro’s deep code analysis and risk context with Secure Code Warrior’s agile learning catalog…

Read more →

CyberSaint announced the company has raised $21 million in Series A funding led by Riverside Acceleration Capital (RAC). Additional participating investors include Sage Hill Investors, Audeo Capital, and BlueIO. The funding will build on customer momentum, accelerate market expansion, and…

Read more →

Portnox introduced its Conditional Access for Applications solution. Available as part of the Portnox Cloud platform, Conditional Access for Applications delivers easy-to-implement passwordless authentication, endpoint risk posture assessment, and automated endpoint remediation for organizations seeking to harden their application security…

Read more →

Venafi introduced SPIFFE (Secure Production Identity Framework For Everyone) support for Venafi Firefly, Venafi’s lightweight workload identity issuer designed to support modern, highly distributed cloud native workloads. As workload identity plays an increasingly fundamental role in cloud native architectures, today’s…

Read more →

An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence. Malware tactics and techniques The analyzed malware samples were most…

Read more →

ESET Research has recorded a considerable increase in AceCryptor attacks, with detections tripling between the first and second halves of 2023. In recent months, researchers registered a significant change in how AceCryptor is used, namely that the attackers spreading Rescoms…

Read more →

Nirmata announced new features for its flagship product, Nirmata Policy Manager. With today’s increasing cloud security threats, detecting intrusions is no longer enough – the damage may already be done. That’s why Nirmata has developed Nirmata Policy Manager to proactively…

Read more →

As AI gets baked into enterprise tech stacks, AI applications are becoming prime targets for cyber attacks. In response, many cybersecurity teams are adapting existing cybersecurity practices to mitigate these new threats. One such practice measure is red teaming: the…

Read more →

Even with the best-of-the-best tools and tech stack monitoring vulnerabilities, every security executive and GRC leader should still have some layer of paranoia. If they don’t, that’s a huge issue. In this Help Net Security video, Shrav Mehta, CEO at…

Read more →

Data loss is a problem stemming from the interaction between humans and machines, and ‘careless users’ are much more likely to cause those incidents than compromised or misconfigured systems, according to Proofpoint. While organizations are investing in ​Data Loss Prevention…

Read more →

A total of 29% of web attacks targeted APIs over 12 months (January through December 2023), indicating that APIs are a focus area for cybercriminals, according to Akamai. API integration amplifies risk exposure for enterprises APIs are at the heart…

Read more →

Appdome has unveiled its new Social Engineering Prevention service on the Appdome platform. The new service enables mobile brands to continuously detect, block and intervene the moment social engineering attacks attempt to exploit user trust or manipulate user behavior. The…

Read more →

Kasada released a bot detection API with out-of-the-box integrations for Content Delivery Network (CDN) edge computing platforms. Security teams can use the new integrations to quickly block abuse and online fraud without sacrificing user experience or data privacy. Threat actors…

Read more →

Tufin released of Tufin Orchestration Suite (TOS) version R24-1. The latest additions to Tufin’s solution enhance customers’ ability to manage cloud security controls from a centralized interface, making security policy management more effective. With TOS R24-1, Tufin enables complete visibility…

Read more →

CalypsoAI has launched the CalypsoAI Platform, a SaaS-based security and enablement solution for generative AI applications within the enterprise. With the new model-agnostic SaaS platform, technology, innovation, and security leaders can harness the power of generative AI and large language…

Read more →

Ordr has launched its new OrdrAI CAASM+ (Cyber Asset Attack Surface Management) product, built on top of the OrdrAI Asset Intelligence Platform. For years, Ordr has been solving asset visibility and security challenges in the world’s most demanding environments, including…

Read more →

Synopsys released Synopsys fAST Dynamic, a new dynamic application security testing (DAST) offering on the Synopsys Polaris Software Integrity Platform. fAST Dynamic enables development, security, and DevOps teams to find and fix security vulnerabilities in modern web applications without impeding…

Read more →

eSentire launched its first standalone cybersecurity product, eSentire Threat Intelligence, extending eSentire’s protection and automated blocking capability across firewalls, threat intelligence platforms, email services and endpoint agents. eSentire Threat Intelligence provides mid-market and enterprise organizations with a simple API gateway…

Read more →

Drata has unveiled a new offering, Adaptive Automation. Augmenting the scope of continuous control monitoring and evidence collection, Adaptive Automation empowers GRC professionals to save time and automate even more of their compliance program through customized tests within Drata’s platform,…

Read more →

Traefik Labs has unveiled product updates that address the escalating adoption of Kubernetes and the crucial role of API management in modern digital infrastructure. The updates include a Kubernetes-native API gateway, integration of a Web Application Firewall (WAF), and advanced…

Read more →

Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who regularly uses the NVD as a…

Read more →

Working with the world’s largest enterprises and global policymakers to address the complexities of optimizing your software supply chain with SBOMs (Software Bill of Materials), Sonatype announced SBOM Manager. This solution provides an integrated approach to managing SBOMs from third-party…

Read more →

Verimatrix released its new Verimatrix Counterspy anti-piracy solution. Counterspy leverages technology first developed by the company’s cybersecurity team back in 2021 to offer an innovative new way to counter the rise in video piracy in an era where streaming apps…

Read more →

SUSE announced enhancements across its cloud native and Edge portfolio to enable customers to securely deploy and manage business-critical workloads anywhere. New capabilities in Rancher Prime 3.0, SUSE’s commercial offering of Rancher and SUSE Edge 3.0 commit to enabling choice…

Read more →

Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that includes several components: FileCatalyst Direct, Workflow, and Central.…

Read more →

Vultr launched Vultr Cloud Inference, a new serverless platform. Leveraging Vultr’s global infrastructure spanning six continents and 32 locations, Vultr Cloud Inference provides customers with scalability, reduced latency, and enhanced cost efficiency for their AI deployments. Today’s rapidly evolving digital…

Read more →

Cohesity announced a collaboration with NVIDIA to help organizations safely unlock the power of generative AI and data using the recently announced NVIDIA NIM microservices and by integrating NVIDIA AI Enterprise into the Cohesity Gaia platform. Cohesity Gaia, the company’s…

Read more →

GlobalSign has unveiled the availability of the latest iteration of its PKIaaS Connector for ServiceNow. The updates to the GlobalSign PKIaaS Connector enables ServiceNow customers to better manage their digital certificates, with more timely actions on issuance and expiration, detailed…

Read more →

BigID announced that it closed a $60 million growth round led by Riverwood Capital with participation by Silver Lake Waterman and Advent. With the strong momentum of generative AI, enterprises have rushed to stand up new initiatives that drive productivity…

Read more →

In the past few years, an increasing number of tech companies, organizations, and even governments have been working on one of the next big things in the tech world: successfully building quantum computers. These actors see a lot of potential…

Read more →

Central Investigations & Cybersecurity Analyst Meta | USA | On-site – View job details The successful candidate will be able to assess and analyze large amounts of data to identify sources of potential threats and abuses, operate independently in a…

Read more →

Digital Certificates are not new. In this Help Net Security video, Andreas Brix, Senior Program Manager at GlobalSign, discusses why they are back in the news and what you should do about it. The post Why is everyone talking about…

Read more →

In this Help Net Security interview, Pedro Cameirão, Head of Cyber Defense Center at Nokia, discusses emerging cybersecurity trends for 2024 and advises enterprises on preparation strategies. Cameirão will speak at GISEC Global 2024 in Dubai, a conference and exhibition…

Read more →

Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Hardening with Lynis Lynis conducts a thorough security examination of the system directly. Its main objective is to evaluate security measures and recommend enhancing…

Read more →

Fujitsu Limited, the largest Japanese IT services provider, has announced that several of the company’s computers have been compromised with malware, leading to a possible data breach. Known details about the Fujitsu data breach The company published the security notice…

Read more →

Deloitte has launched CyberSphere, a vendor-neutral services and solutions platform to help clients simplify their organizations’ cyber program data, workflows, reporting and third-party technologies for improved cyber operational efficiency and effectiveness. CyberSphere is built by Deloitte to help organizations quickly…

Read more →

Nissan Oceania has confirmed that the data breach it suffered in December 2023 affected around 100,000 individuals and has begun notifying them. First response In early December 2023, the company – a regional Nissan division which includes Nissan Motor Corporation…

Read more →

Loft Labs announced vCluster for Rancher, enabling self-service virtual Kubernetes cluster creation and management for teams already using Rancher for Kubernetes management. Rancher customers can now have more secure Kubernetes multi-tenancy, with the ability to provision virtual clusters in Rancher…

Read more →

French national unemployment agency France Travail (formerly Pôle emploi) and Cap emploi, a government employment service for people with disabilities, have suffered a data breach that might have exposed personal data of 43 million people. The breach The agencies announced…

Read more →

With temporary failures of critical infrastructure on the rise in the recent years, 81% of US residents are worried about how secure critical infrastructure may be, according to MITRE and The Harris Poll. Public views cyberattacks as greatest risk to…

Read more →

A consensus on regulatory AI frameworks seems distant. Yet, the imperative for secure and responsible AI deployment cannot be overstated. How can leaders proactively address AI adoption challenges while waiting for regulatory clarity? In this Help Net Security video, Dr.…

Read more →

Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs. “As I started researching the QUIC protocol, I noticed that my…

Read more →

Beyond traditional AI models, generative AI (GenAI) can create new content, images, and even entire scenarios from scratch. While this technology holds immense promise across various sectors, it also introduces challenges and threats to cybersecurity. In this round-up from Help…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Transitioning to memory-safe languages: Challenges and considerations In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses…

Read more →

While the threat landscape continues to shift and evolve, attackers’ motivations do not, according to a Red Canary report. The classic tools and techniques adversaries deploy remain consistent–with some notable exceptions. The report tracked MITRE ATT&CK techniques that adversaries abuse…

Read more →

12.8 million new secrets occurrences were leaked publicly on GitHub in 2023, +28% compared to 2022, according to GitGuardian. Remarkably, the incidence of publicly exposed secrets has quadrupled since the company started reporting in 2021. Companies need to manage sensitive…

Read more →

Cyber threats are growing at an unprecedented pace, and the year ahead is fraught with cybercrime and incidents anticipated ahead of the busy election year where over 50 countries head to the polls, according to Mimecast. With new threats like…

Read more →

In this Help Net Security video, Tracy Reinhold, CSO at Everbridge, discusses why AI technology must be embraced while also exploring some guardrails that must be in place to protect organizations against threats using AI to penetrate facilities. The post…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from AuditBoard, Cynerio, DataDome, Regula, and Tenable. AuditBoard unveils AI, analytics, and annotation capabilities to deliver more timely insights AuditBoard revealed new AI, analytics, and annotation…

Read more →

Halo Security intoduced its new Dark Web Monitoring feature. This addition further enhances the company’s external security platform, allowing security teams to gain insights into potential threats originating from the dark web. With the new Dark Web Monitoring feature, security…

Read more →

A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a proof-of-concept exploit for it next week, and someone…

Read more →

Perception Point launched its latest innovation, GPThreat Hunter, an addition to the company’s comprehensive security stack. Leveraging the capabilities of OpenAI’s GPT-4 model, GPThreat Hunterre presents a significant leap forward in Perception Point’s ability to autonomously resolve complex security cases…

Read more →

Cado Security announced that the Cado platform now enables customers to acquire Microsoft 365 Unified Audit Log (UAL) to help investigate and respond to Microsoft 365 compromises such as business email compromise (BEC), account takeover (ATO), and insider threats. With…

Read more →

QuSecure unveiled QuProtect Core Security, a product designed to fortify existing Cisco router-to-router communications against emerging quantum threats. Leveraging advanced crypto-agile post-quantum cryptography, QuProtect Core Security offers a seamless and robust security layer, delivering protection for critical network infrastructures for…

Read more →

Concentric AI announced its new Copilot data risk module that delivers data security governance of Copilot data inputs and outputs to ensure that sensitive data – from financial information to IP to business data – remains protected within the organization.…

Read more →

Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC exploit script demonstrating the attack, as…

Read more →

63% of CISA-tracked Known Exploited Vulnerabilities (KEVs) can be found on healthcare networks, while 23% of medical devices—including imaging devices, clinical IoT devices, and surgery devices—have at least one known exploited vulnerability, according to Claroty. Traditionally, medical devices have replacement…

Read more →

The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation. The Static Analyzer is…

Read more →

With breach recovery costs skyrocketing, speeding time to recovery to minimize downtime and losses should be top of mind for security leaders. Yet, most focus on adding more prevention and detection tools. In this Help Net Security video, Nick Scozzaro,…

Read more →

IT leaders consider immutable storage as a must-have in the fight against cyberattacks, according to Scality. Ransomware threats are now understood by organizations to be inevitable. Reports show 1 in 4 organizations that pay a ransom never get their data…

Read more →

While the results of law enforcement action against ransomware-as-a-service operators Alphv/BlackCat and LockBit are yet to be fully realized, the August 2023 disruption of the Qakbot botnet has had one notable effect: ransomware affiliates have switched to vulnerability exploitation as…

Read more →

Tenable has unveiled enhancements to ExposureAI, the generative AI capabilities and services within its Tenable One Exposure Management Platform. The new features enable customers to quickly summarize relevant attack paths, ask questions of an AI assistant and receive specific mitigation…

Read more →

New Relic launched new capabilities for New Relic IAST (Interactive Application Security Testing), including proof-of-exploit reporting for application security testing. New Relic customers can now identify exploitable vulnerabilities with an ability to reproduce the problem and remediate the specific threat…

Read more →

DataDome launched DataDome Ad Protect, designed to combat fraudulent traffic affecting digital ad campaigns. This solution is set to transform how organizations manage and secure their online advertising efforts, ensuring that marketing budgets are spent effectively and reach genuine audiences.…

Read more →

Trellix announced new macOS Trellix Data Loss Prevention Endpoint Complete capabilities to better secure sensitive and proprietary information from accidental or intentional exposure. Global organizations can now protect against critical data leakage via Outlook email, prevent sensitive documents from being…

Read more →

The International Organization for Migration reports that the migrant flow has been steadily rising, with the numbers swelling from 153 million in 1995 to 281 million in 2022. Concurrently, the quality of counterfeit documents keeps advancing. Under these circumstances, the…

Read more →

Stellar Cyber announced a technology partnership with Torq to help security teams dramatically improve their ability to combat advanced attacks. This partnership combines the power of Stellar Cyber Open XDR with Torq Hyperautomation, providing security teams with a turnkey integrated…

Read more →

Nozomi Networks announced a $100 million Series E funding round to help accelerate innovative cyber defenses and expand cost-efficient go-to-market expansion globally. This latest round includes investments from Mitsubishi Electric and Schneider Electric. They join a growing list of OT…

Read more →

Mirantis announced significant updates to Lens Desktop that makes working with Kubernetes easier by simplifying operations, improving efficiency, and increasing productivity. Lens 2024 Early Access is now available to Lens users. Also, Lens adds a new Enterprise subscription tier, providing…

Read more →

Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. “Many of the examples presented during the conference were…

Read more →

Recently, LastPass appointed Asad Siddiqui as its CIO. He brings over two decades of experience leading startups and large technology organizations. It was the perfect time for Help Net Security to find out what’s next for Siddiqui in his new…

Read more →

In this Help Net Security video, Melissa Bischoping, Director, Endpoint Security Research at Tanium, discusses the most concerning risks for 2024 and beyond, from both an internal and external perspective. The post The most concerning risks for 2024 and beyond…

Read more →

As technology adoption has shifted to be employee-led, IT and security teams are contending with an ever-expanding SaaS attack surface. At the same time, they are often spread thin, meaning they need ways to quickly identify and prioritize the highest-impact…

Read more →

In 2023, 50% of malware detections for SMBs were keyloggers, spyware and stealers, malware that attackers use to steal data and credentials, according to Sophos. Attackers subsequently use this stolen information to gain unauthorized remote access, extort victims, deploy ransomware,…

Read more →

On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but – welcome news! – none of them are currently publicly known or actively exploited. Last month, though, several days after Patch Tuesday, the company updated…

Read more →

Aviatrix introduced Aviatrix Distributed Cloud Firewall for Kubernetes, a distributed cloud networking and network security solution for containerized enterprise applications and workloads. With this solution, Aviatrix bridges the gap between virtual machines (VMs) and Kubernetes (K8s), providing a network security…

Read more →

Artificial intelligence (AI), digital transformation, and the Internet of Things have caused a data explosion, leading organizations to grapple with a surging amount of fragmented data where it lives. Rubrik released Rubrik Enterprise Proactive Edition (EPE), a data security product…

Read more →

Egress has announced a partnership with Netskope to enhance behavioral-based threat detection and response, transforming the way organizations manage human risk in cloud email. The partnership enables Egress to aggregate Netskope’s User Confidence Index (UCI) as part of its Human…

Read more →

Claroty released Advanced Anomaly Threat Detection (ATD) Module within the Medigate Platform from Claroty. The new capability provides healthcare organizations with the clinical context to properly identify, assess, and prioritize threats to connected medical devices, IoT, and building management systems…

Read more →

Thrive launched Thrive Incident Response & Remediation, an on-demand cybersecurity response service to contain and remove threats, along with engineering assistance to rebuild and restore critical systems. Phishing, ransomware and other cyberattacks put businesses of every size at huge risk…

Read more →

ZeroFox has unveiled a new External Attack Surface Management (EASM) module on the ZeroFox platform to see and secure external assets. The new capability builds upon ZeroFox’s existing solutions in Digital Risk Protection and Threat Intelligence, offering a single vendor…

Read more →

A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among the exploited vulnerabilities are also two recently discovered Ivanti Connect Secure VPN flaws that are widely…

Read more →

AuditBoard revealed powerful new AI, analytics, and annotation capabilities to help corporate risk, compliance, and assurance teams, including internal audit and SOX functions, improve collaboration with stakeholders, do more with less, and deliver more timely insights. These robust new enhancements…

Read more →

CISO / Head of Enterprise IT Stitch Fix | USA | Remote – View job details Reporting directly to the Chief Product and Technology Officer, you will oversee all aspects of information security, including cloud security, DevSecOps, security operations, and…

Read more →