Category: Help Net Security

SaaS sprawl introduces security risks, operational headaches, and eye-popping subscription costs. Download this guide to learn how to implement a strategic approach to reducing your SaaS attack surface without slowing down the business. Inside the guide, you’ll find: Tools and…

Read more →

Cohesity announced Cohesity Gaia, an AI-powered enterprise search assistant that brings retrieval augmented generation (RAG) AI and large language models (LLMs) to high-quality backup data within Cohesity environments. Cohesity Gaia will be made generally available on March 15. The conversational…

Read more →

Pepco Group has confirmed that its Hungarian business has been hit by a “sophisticated fraudulent phishing attack.” The European company, which operates shops under the Pepco, Poundland and Dealz brands, said that the company lost approximately €15.5 million in cash…

Read more →

Exabeam announced two pioneering cybersecurity features, Threat Center and Exabeam Copilot, to its AI-driven Exabeam Security Operations Platform. A first-to-market combination, Threat Center is a unified workbench for threat detection, investigation, and response (TDIR) that simplifies and centralizes security analyst…

Read more →

Suspected Chinese state-sponsored hackers who have been leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hunters. They were able to perform…

Read more →

Compliance Scorecard​ and ConnectSecure have joined forces to automate asset governance. With just a few clicks, MSPs can pull inventory data from ConnectSecure vulnerability scans into Compliance Scorecard’s Asset Scorecard, giving them the ability to identify all managed assets and…

Read more →

ManageEngine announced the integration between Endpoint Central, its flagship unified endpoint management solution, and Check Point‘s Harmony Mobile, a mobile threat defense solution, to help IT security teams automate the remediation of mobile threats. The expanding mobile workforce has presented…

Read more →

NinjaOne and SentinelOne launched a bi-directional product integration that redefines endpoint protection through the merging of IT operations and security. The solution provides enterprise security teams with leading levels of control and simplicity, while revolutionizing the management and security of…

Read more →

The EU’s NIS Directive (Directive on security of network and information systems) was established to create a higher level of cybersecurity and resilience within organizations across the member states. It was updated in January 2023 to bring more organizations into…

Read more →

More 68% of employees knowingly put their organizations at risk, potentially leading to ransomware or malware infections, data breaches, or financial loss, according to Proofpoint. Perception on security responsibility And while the incidence of successful phishing attacks has slightly declined…

Read more →

In this Help Net Security interview, Itamar Friedman, CEO of Codium AI, discusses the integration of AI into DevOps practices and its impact on software development processes, particularly in automating code review, ensuring compliance, and improving efficiency. Despite the benefits,…

Read more →

Companies more than ever view GRC (Governance, Risk, and Compliance) as a holistic process and are taking steps toward getting a complete view of their risk environment and compliance obligations, according to Hyperproof. Centralized GRC strategy gains momentum Centralizing strategy,…

Read more →

88% of cybersecurity professionals believe that AI will significantly impact their jobs, now or in the near future, and 35% have already witnessed its effects, according to ISC2’s AI study, AI Cyber 2024. Impact of AI on cybersecurity professionals While…

Read more →

Spin.AI released SpinSPM for Salesforce. This SaaS Security Posture Management (SSPM) solution allows security professionals and IT administrators to proactively secure Salesforce environments. With complete configuration visibility, ongoing management, automated tools for incident response, and much more, organizations can reduce…

Read more →

PKI Solutions introduced a new version of PKI Spotlight, a real-time monitoring and alerting system that provides live status, availability, configuration, and security of PKI environments (Microsoft PKI and others) and hardware security modules (HSMs). The latest release of PKI…

Read more →

VIAVI Solutions announced the addition of traffic analysis capabilities to its Observer Sentry Software-as-a-Service-based threat exposure management solution. With traffic visibility, Observer Sentry goes beyond identifying unintended and potentially dangerous exposures, and enables SecOps, DevOps and cloud architects to determine…

Read more →

Akamai announced that it is extending its segmentation solution, Akamai Guardicore Segmentation, to hybrid cloud environments. Extending Akamai Guardicore Segmentation to the cloud helps reduce attack surfaces and helps contain attacks targeting cloud-native workloads. Network security professionals can seamlessly manage…

Read more →

AgileBlue announced the availability of Sapphire AI in its Cerulean XDR|SOAR platform. The advanced AI system reinforces the company’s commitment to customer excellence, serving as the first line of defense against a cyberattack. With cyber threats evolving at an alarming…

Read more →

The White House is asking the technical community to switch to using memory-safe programming languages – such as Rust, Python, Swift, C#, Java, and Go – to prevent memory corruption vulnerabilities from entering the digital ecosystem. According to a recent…

Read more →

AU10TIX launched an Know Your Business (KYB) solution that enables companies to know exactly who they are doing business with and avoid potential financial and reputational losses. By combining KYB with Know Your Customer (KYC) processes, the offering addresses every…

Read more →

Legato Security launched Ensemble, a security operations platform that is poised to redefine how organizations detect, manage, and respond to threats. Ensemble empowers organizations to optimize their security investments by unifying threat detection, providing context, and offering the visibility necessary…

Read more →

Meta, the company that owns some of the biggest social networks in use today, has explained how it means to tackle disinformation related to the upcoming EU Parliament elections, with a special emphasis on how it plans to treat AI-generated…

Read more →

Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. About APT29 APT29 (aka Midnight Blizzard, aka Cozy Bear) is a cyber espionage group believed…

Read more →

Bitwarden enhanced Bitwarden Secrets Manager by integrating with Ansible Playbook. This out-of-the-box integration enables developers and DevOps teams to securely streamline their server deployment processes using zero knowledge end-to-end encryption to enhance their security posture. The need for speed in…

Read more →

Octopus Deploy announced the acquisition of Codefresh. Codefresh, founded in 2014 by Oleg Verhovsky and Raziel Tabib, is Argo maintainer and leader in Kubernetes CD, GitOps, and CI. The acquisition marks a significant milestone as Octopus strengthens its support for…

Read more →

The National Institute of Standards and Technology (NIST) has updated its widely utilized Cybersecurity Framework (CSF), a key document for mitigating cybersecurity risks. The latest version, 2.0, is tailored to cater to a broad range of audiences, spanning various industry…

Read more →

As development environments grow more complex, applications increasingly communicate with many external services. When a software development project communicates with an external service, it utilizes a token or “secret” for authentication. These tokens are the glue that keeps any modern…

Read more →

In this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO’s leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. Dope…

Read more →

A growing divide separates leaders with a firm grasp on digital trust from those at the bottom of the pool, according to DigiCert. While digital trust overwhelmingly remains a critical focus for all enterprises, the latest report from DigiCert shines…

Read more →

Big tech firms are already rolling out AI remediation tools to prevent developers from introducing security risks into the software development lifecycle (SDLC). In this Help Net Security video, Matias Madou, CTO at Secure Code Warrior, discusses how AI remediation…

Read more →

Many industrial organizations lack the resources, expertise, and collaborative processes to effectively mitigate threats and ensure secure access to operational technology (OT) systems, according to Cyolo. Ensuring secure access to OT environments is about more than just cybersecurity. These environments…

Read more →

Bitdefender announced Cryptomining Protection, a cryptomining management feature that allows users to both protect against malicious cryptojacking and manage their own legitimate cyptomining initiatives on their Windows PCs. According to a 2023 report, cryptojacking attacks have increased nearly 400% year…

Read more →

DataVisor launched a solution designed to both detect fraud and financial crimes more effectively and to uphold sponsor bank compliance in the face of evolving regulations for Banking-as-a-Service (BaaS) offerings. As the fintech industry continues to rapidly evolve amidst a…

Read more →

LockBitSupp, the individual running the LockBit ransomware-as-a-service operation, has made good on one promise: the LockBit leak site is back online on backup domains, with lists of victims expected to be unveiled in the coming days. Law enforcement strikes LockBit…

Read more →

NetSTAR announced an advancement in phish detection technology with the introduction of PhishCompass. This innovative AI-supported solution marks a significant milestone in the ongoing battle against phishing threats and attacks, tailored for a wide range of industry sectors including security,…

Read more →

Palo Alto Networks announced end-to-end private 5G security solutions and services in collaboration with leading Private 5G partners. Bringing together Palo Alto Networks enterprise-grade 5G Security and Private 5G partner integrations and services allows organizations to easily deploy, manage, and…

Read more →

After a short hiatus, Pikabot is back, with significant updates to its capabilities and components and a new delivery campaign. About the Pikabot loader Pikabot is a loader – a type of malware whose primary function is to serve as…

Read more →

Intel announced its new Edge Platform, a modular, open software platform enabling enterprises to develop, deploy, run, secure, and manage edge and AI applications at scale with cloud-like simplicity. Together, these capabilities will accelerate time-to-scale deployment for enterprises, contributing to…

Read more →

McAfee announced the launch of Social Privacy Manager to its McAfee+ product line-up. This protection tool makes it easy for consumers to gain and maintain control of their social media privacy, providing visibility over who can access their personal information…

Read more →

The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. About ConnectWise ScreenConnect ConnectWise ScreenConnect is a remote desktop solution consisting of server and client elements (applications).…

Read more →

NTT DATA and Schneider Electric have unveiled a co-innovation that empowers enterprises to harness the power of edge computing. The strategic partnership introduces a unique solution that seamlessly integrates Edge, Private 5G, IOT, and Modular Data Centers, providing unparalleled connectivity,…

Read more →

Security teams are hiding an embarrassing secret from the outside world: despite their position at the vanguard of technology, security risks and threats, their actual war plans are managed on spreadsheets. This is a far cry from the dark rooms,…

Read more →

Web Check offers thorough open-source intelligence and enables users to understand a website’s infrastructure and security posture, equipping them with the knowledge to understand, optimize, and secure their online presence. Unlike similar services, Web Check is free. There’s no signup,…

Read more →

As the frequency and sophistication of cyber threats continue to escalate, the need for robust cybersecurity regulations has never been more critical. In this Help Net Security round-up, we present segments from previously recorded videos in which cybersecurity experts underscore…

Read more →

The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month. Sharp CVE increase heightens software vulnerability concerns Vulnerabilities are…

Read more →

Primary school systems handle sensitive data concerning minors, while higher education institutions must safeguard intellectual property data, making them prime targets for cyberattacks, according to Trustwave. These attacks not only threaten the safety and security of teachers and administrators but…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Inside the strategy of Salesforce’s new Chief Trust Officer In this Help Net Security interview, Arkin discusses a collaborative approach to building trust among customers,…

Read more →

The Federal Trade Commission will require software provider Avast to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes to settle charges that the company and its subsidiaries sold such information…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from ManageEngine, Metomic, Pindrop, and Truffle Security. Pindrop Pulse offers protection against audio deepfakes Pindrop Pulse’s ability to detect deepfakes provides organizations and their customers protection…

Read more →

In 2023, cybercriminals saw more opportunities to “log in” versus hack into corporate networks through valid accounts – making this tactic a preferred weapon for threat actors, according to IBM’s 2024 X-Force Threat Intelligence Index. Attacks on critical infrastructure reveal…

Read more →

Hackers have significantly increased demands for ransomware, rising over 20% year-over-year to $600,000, according to Arctic Wolf. Organizations are failing to patch their networks And there are worrying signs that 2024 will be especially volatile, as ransomware groups expand their…

Read more →

In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100%, according to Cofense. In just two years, Cofense identified over 1.5 million malicious emails bypassing their customers’ SEGs, signaling a 37% increase in threats compared…

Read more →

In 2024, buyers are increasingly focused on cost efficiency, AI functionality, and enhanced security, according to Gartner. The report reveals that 61% of buyers are seeking upgrades for more functionality in their recently purchased software. The need to upgrade reflects…

Read more →

After select US federal agencies tested Microsoft’s expanded cloud logging capabilities for six months, Microsoft is now making them available to all agencies using Microsoft Purview Audit – regardless of license tier. “This change will impact government departments & agencies…

Read more →

The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect (v23.9.10.8817), which contains…

Read more →

If you are a large-scale company, the recent AI boom hasn’t escaped your notice. Today AI is assisting in a large array of development-related and digital-related tasks, from content generation to automation and analysis. The development of AI is rapid…

Read more →

The speed of cyberattacks continues to accelerate at an alarming rate, according to CrowdStrike. Adversaries increasingly exploit stolen credentials The speed of cyberattacks continues to accelerate at an alarming rate. The report indicates that the average breakout time is down…

Read more →

In this Help Net Security video, Tyler Adams, CEO at CertifID, illustrates how the real estate sector needs to invest significant effort in educating consumers and implementing protective measures to safeguard real estate transactions. Recent CertifID research found that median…

Read more →

42% of organizations surveyed in the US are considering or already have moved at least half of their cloud-based workloads back to on-premises infrastructures, a phenomenon known as cloud repatriation, according to Citrix. The survey showed that 94% of respondents…

Read more →

2Organizations are increasingly turning to Managed Service Providers (MSPs) to alleviate pressure on IT departments, according to SonicWall. Managed services have emerged as a game-changing solution, providing organizations with an additional human-layer of defense, addressing alert fatigue, and freeing up…

Read more →

Searchlight Cyber has integrated the MITRE ATT&CK Enterprise Framework into its dark web monitoring solution, DarkIQ. Aligning actionable dark web intelligence with a universally understood cybersecurity framework empowers all cybersecurity teams, irrespective of size, to contextualize ongoing threats and respond…

Read more →

Beyond Identity released a new Device360 solution for continuous device security posture management. Device360 is the device security tool designed from day 0 to offer a simple admin experience, provide visibility into security posture of 100% of devices, and combines…

Read more →

Bitsight launched a fully-integrated Third-Party Risk Management solution to help enterprise risk and security leaders protect the digital supply chain. By combining Vendor Risk Management and Continuous Monitoring into a single platform, enterprise teams can assess vendor health, manage onboarding,…

Read more →

Check Point introduces Check Point Quantum Force series: a lineup of ten firewalls designed to meet and exceed the stringent security demands of enterprise data centers, network perimeters, campuses, and businesses of all dimensions. Powered by the advanced Check Point…

Read more →

VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven’t been and won’t be fixed. Instead, VMware is…

Read more →

Hummingbird launched Automations, a new product for boosting compliance productivity, reducing risk, and lowering costs. Automations provides compliance teams at financial institutions with an easy-to-use, visual automation builder, allowing them to automate away manual, repetitive tasks, saving time and effort…

Read more →

CampusGuard announced latest online Security Awareness and Compliance Training packages, offering expanded choices for our valued customers. The Information Security Awareness package includes access to over 20 security awareness modules, providing users with best practices on email security, internet security,…

Read more →

TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. “TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning Git revision history for secrets.…

Read more →

At Help Net Security, we’ve been following the cybersecurity business landscape closely for the past 25 years. Through our Industry News section, we’ve been tracking the pulse of the cybersecurity world, bringing you product news from companies worldwide. Certain vendors…

Read more →

Last year was challenging for the global market, and the market downturn greatly affected even the historically resilient cybersecurity ecosystem. In this Help Net Security video, Merav Ben Avi, Content Manager at YL Ventures, talks about how the Israeli cybersecurity…

Read more →

In 2024, API requests accounted for 57% of dynamic internet traffic around the globe, according to the Cloudflare 2024 API Security & Management Report, confirming that APIs are a crucial component of modern software development. But with their increased adoption…

Read more →

A Ukrainian national was extradited to the United States from the Netherlands after being indicted for crimes related to fraud, money laundering, and aggravated identity theft. According to court documents, Mark Sokolovsky conspired to operate the Raccoon Infostealer as a…

Read more →

Nearly every organization has core systems services tied to Active Directory that will go down during an outage, according to Cayosoft. Consequences of system downtime for business operations The impact of just one system being down can devastate business operations…

Read more →

ManageEngine released an ML-powered exploit triad analytics feature in its SIEM solution, Log360. Now, enterprises can knowledgeably trace the path of adversaries and mitigate breaches by providing complete contextual visibility into the exploit triad: users, entities and processes. Addressing the…

Read more →

Pindrop launched Pindrop Pulse, an audio liveness detection capabilities for real-time identification, monitoring, and analysis of audio deepfakes. Notably, Pulse was instrumental in identifying the TTS engine used in the recent President Biden robocall attack, By leveraging advanced deep learning…

Read more →

1Password announced the acquisition of Kolide, enabling businesses to meet the rising security challenges of the modern workforce that now works from anywhere and on any device. “We’ve witnessed a historic transformation of the workplace that demands transformative and intuitive…

Read more →

Pentera announced an integration with SpyCloud to automate the discovery and validation of compromised identities. Pentera uses exposure intelligence data to identify exploitable identities and facilitates targeted remediation to proactively reduce risk. Compromised credentials remain one of the most pervasive…

Read more →

Metomic announced that it’s rolling out its new suite of human firewall features for SaaS apps like Google, Slack and MS Teams. The new features will enable Security and Compliance teams to scale their data security workflows by involving employees…

Read more →

In the wake of yesterday’s surprise law enforcement takeover of LockBit’s leak site, the UK National Crime Agency (NCA) and Europol have shared more information about the extent of the takedown. “Today, after infiltrating the group’s network, the NCA has…

Read more →

On Monday afternoon, LockBit’s leak site has been taken over by a coalition of law enforcement agencies and is showing a seizure notice that promises more details today, at 11:30 GMT. “This site is now under the control of The…

Read more →

ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. “There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must…

Read more →

SEC’s new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023. For businesses that already harbor concerns over their cybersecurity protections, visibility, and incident response…

Read more →

92% of respondents to a recent report shared that their organization had been a victim of identity fraud, costing an average of $4.3 million over the last 12 months. Even so, only 40% stated identity verification as a top identity…

Read more →

In this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the promises and implications of decentralized identity (DCI) in cybersecurity. By redistributing identity management responsibilities among issuers, holders, and verifiers, DCI empowers individuals to selectively disclose…

Read more →

Analysis of 7 billion emails shows clean links are duping users, malicious EML attachments increased 10-fold in Q4, and social engineering attacks are at all-time highs, according to VIPRE Security. The rise of the EML file attachments In 2024, QR…

Read more →

Security debt, defined as flaws that remain unfixed for longer than a year, exists in 42% of applications and 71% of organizations, according to Veracode. Worryingly, 46% of organizations have persistent, high-severity flaws that constitute ‘critical’ security debt, putting businesses…

Read more →

Arcitecta announced significant enhancements to its Mediaflux Livewire offering that address the challenges of transmitting data over low-bandwidth and unreliable network connections. With the latest Mediaflux Livewire, customers can securely and reliably transfer massive file volumes at light speed around…

Read more →

When Elon Musk’s ambitions to transform X into an “everything app” were divulged last year, he joined several companies known to be exploring or actively working on developing super apps, suggesting there’s clearly a niche to be filled. In fact,…

Read more →

CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effects of vulnerabilities on…

Read more →

Recently, Salesforce named Brad Arkin, previously Chief Security & Trust Officer at Cisco, the company’s new Chief Trust Officer. This was the perfect opportunity to find out more about his plans. In this Help Net Security interview, Arkin discusses a…

Read more →

SolarWinds has released updates for Access Rights Manager (ARM) and (Orion) Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. SolarWinds ARM flaws fixed SolarWinds, the company whose Orion IT administration platform has been infamously…

Read more →

In an era defined by relentless cyber threats and evolving attack vectors, traditional security models are proving increasingly inadequate to safeguard sensitive information. Unlike conventional systems that often rely on perimeter defenses, zero trust adopts a more discerning philosophy, treating…

Read more →

70% of businesses report that fraud losses have increased in recent years and over half of consumers feel they’re more of a fraud target than a year ago, according to Experian. To thwart fraudulent activity in 2024, businesses need to…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Integrating cybersecurity into vehicle design and manufacturing In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the…

Read more →

In January 2024, an operation dismantled a network of hundreds of SOHO routers controlled by GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit. This network facilitated various crimes, including…

Read more →

Cyberint is unveiling its latest contribution to the infosec community: Ransomania. This free-to-use web application gives users access to a complete repository of ransomware data gathered by the Cyberint Research Team, empowering organizations to combat ransomware with efficiency and collaboration,…

Read more →

Permit.io announced it has raised $8 million in Series A funding, led by Scale Venture Partners, along with NFX, Verissimo Ventures, Roosh Ventures, Firestreak, 92712, and other existing investors, to ensure application developers never have to build permissions again. Scale…

Read more →

The essence of cybersecurity is not just about defense but enabling business through trust and reliability. As Gmail and Yahoo take steps to enforce stricter email authentication, organizations that are proactive in their DMARC compliance will not only enhance their…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Center for Internet Security, Cyberhaven, LOKKER, Sumsub, and CompliancePro Solutions. CIS ESS Mobile offers visibility into blind spots on mobile devices CIS ESS Mobile…

Read more →

In this Help Net Security video, Andrey Slastenov, Head of Security Department at Gcore, discusses the findings of their latest report that provide insights into the current state of the DDoS protection market and cybersecurity trends. Key highlights from Q3–Q4…

Read more →