Category: Help Net Security

Veeam Software has launched Veeam Backup for Salesforce v2, available on Salesforce AppExchange. Veeam Backup for Salesforce eliminates the risks of Salesforce data and metadata loss from human, integration, and corruption errors. This newest version from Veeam extends support for…

Read more →

Living Security announced a new partnership and technology integration with Zscaler. Joint customers will realize the benefits of secure internet and SaaS access, secure private access, and human risk quantification, enabling them to reduce risk. The majority of cybersecurity incidents…

Read more →

TrustArc announced significant enhancements across its portfolio of products within the TrustArc Privacy Management Platform designed to enable organizations to implement accountable AI data privacy governance. As AI and machine learning continue to drive innovation and reshape numerous businesses, operations,…

Read more →

ThreatModeler released ThreatModeler, Version 7.0, bringing several new capabilities, including ThreatModeler WingMan (AI assistant), to help streamline the threat modeling process for software security and DevOps teams. ThreatModeler 7.0 enables faster and more consistent threat modeling with features such as…

Read more →

In a significant stride towards fortifying the cybersecurity landscape in the Middle East, Resecurity introduced its Digital Identity Protection (IDP) solution. This strategic move aligns with Resecurity’s commitment to creating a safer digital society and empowering individuals and businesses in…

Read more →

Radiant Security announced the successful closure of a $15 million Series A funding round. This strategic financing, led by Next47, reaffirms the soaring demand for AI-based solutions that address the longstanding challenges faced by Security Operations Centers (SOCs). In addition…

Read more →

HARmor is an open-source tool that sanitizes HTTP Archive files. Easy to install and run, it enables the safe handling and sharing of HAR files. What are HAR files? HAR files are critical for support teams working to debug and…

Read more →

Quantum computing is reshaping our world and will revolutionize many industries, including materials science, life sciences, transportation, and energy. Google recently demonstrated the power of quantum computers by solving a problem in seconds that today’s supercomputers require nearly 50 years…

Read more →

Mainframe systems have served as the bedrock of enterprise networks for years, standing unmatched in terms of reliability, scalability, and data protection. However, security risks have become a pressing concern as the digital landscape evolves, emerging practices like DevOps, the…

Read more →

Funded by the National Security Agency, MITRE’s D3FEND framework is helping to provide standardization, specificity, and repeatability needed by cybersecurity engineers. As the framework moves from the beta version to version 1.0 in 2024, we asked D3FEND creator Peter Kaloroumakis…

Read more →

Organizations reliance on technology has contributed to the fact that their attack surface has grown in size and complexity, according to Armis. Global organizations are facing an unprecedented level of cyber risk due to blind spots in their environment and…

Read more →

Persistent challenges in adhering to established incident management processes pose a significant risk to organizations, amplifying potential downtime costs amidst a surge in service incidents, according to Transposit. Despite a majority of respondents (59.4%) who have a defined incident management…

Read more →

In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the…

Read more →

The Danish energy sector has suffered what is believed to be the most extensive cyberattack in Danish history, according to SektorCERT. Danish energy sector under attack SektorCERT, an organization owned and funded by Danish critical infrastructure (CI) companies, uses a…

Read more →

DirectDefense launched ThreatAdvisor 3.0, its proprietary security orchestration, automation and response (SOAR) platform. Designed to improve the speed, efficiency, and accuracy of DirectDefense’s Security Operations Center (SOC), ThreatAdvisor 3.0 offers continuous security monitoring and management, automates manual processes, and includes…

Read more →

Illumio has expanded its Zero Trust Segmentation Platform with Illumio CloudSecure, enhancing its segmentation portfolio to address attacks across hybrid and multi-cloud environments. Now through a single console, organizations can more quickly reduce the impact of cyberattacks, ransomware, and increase…

Read more →

Kasada announced KasadaIQ, its new suite of attack prediction services. The first service in this suite — KasadaIQ for Fraud — supplies actionable signals, collected across millions of points across the Internet, for businesses who need insight into how bots…

Read more →

Lacework announced its release of code security, which provides Lacework customers full visibility throughout the complete application development lifecycle. Lacework code security helps prevent security issues from getting into the wild by identifying them before code is deployed, and helps…

Read more →

SolarWinds announced major enhancements in its Database Observability capability within the cloud-based SolarWinds Observability platform. SolarWinds Database Observability provides full visibility into open-source, cloud-enabled, and NoSQL databases to identify and address costly and critical threats to their systems and business.…

Read more →

OneSpan introduced its latest innovation to the Digipass Authenticators product line, with DIGIPASS FX1 BIO. This physical passkey with fingerprint scan empowers organizations to embrace passwordless authentication while providing the utmost security against social engineering and account takeover attacks. This…

Read more →

CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday. Most of these bugs are not particularly severe by themselves, but they can be – and…

Read more →

IBM announced that watsonx.governance will be generally available in early December to help businesses shine a light on AI models and eliminate the mystery around the data going in, and the answers coming out. While generative AI, powered by LLM…

Read more →

6clicks announced that it has added SEC Form 8-K content required for event tracking to its incident management module in its GRC platform to help organizations meet new SEC disclosure requirements for qualified cybersecurity events. The new content support empowers…

Read more →

Low code platforms have democratized development in the enterprise. They improve efficiency and enable companies to do more with less. But as you begin to do more you will start hitting speed bumps that eventually become roadblocks. If your releases…

Read more →

In this article, we’ve curated a list of insightful corporate cybersecurity blogs that provide analysis and actionable advice to help you keep your company’s digital assets secure. This list is not meant to be exhaustive since thousands of companies have…

Read more →

In this Help Net Security interview, Marko Gulan, Cyber Security Consultant at Schneider Electric, discusses the complexities of safeguarding industrial control systems (ICS). Our conversation will explore the importance of cross-departmental collaboration, balancing security with system functionality, and the dynamic…

Read more →

Open-source solution k0smotron is enterprise-ready for production-grade Kubernetes cluster management with two support options. Kubernetes cluster management Management and worker planes do not have to run on the same infrastructure provider, making k0smotron ideal for consolidating Kubernetes control planes for…

Read more →

From identifying unusual behavior patterns to detecting unauthorized access, real-time monitoring provides a view of your digital environment, ensuring that threats are spotted and dealt with before they can cause harm. In this Help Net Security video, Costa Tsaousis, CEO…

Read more →

98% of organizations globally are facing a cloud skills gap, specifically in trying to find people with general cloud skills, cloud architecture knowledge, and adapting, monitoring, and troubleshooting for the cloud, according to a report by SoftwareOne. This is causing…

Read more →

It used to take an attacker 44 days on average to exfiltrate data from an organization once it was compromised — now it’s a matter of hours — and with companies taking an average of 5.5 days to initially contain…

Read more →

PCI Pal has joined forces with Zoom Video Communications to deliver an improved customer experience through the integration of PCI Pal Agent Assist and Digital Payments solutions into Zoom Contact Center and Zoom Phone. PCI Pal’s PCI Compliance solutions will…

Read more →

Impinj announced the Impinj R720 RAIN RFID reader. With more processing power and memory than Impinj’s prior-generation reader, the Impinj R720 speeds edge processing and reduces network load and latency, allowing on-reader applications to meet the most demanding requirements of…

Read more →

Qohash introduces data remediation features to bolster organizations’ security and risk management. With this addition, the Qostodian platform now offers end-to-end security workflows, encompassing data discovery, monitoring, and remediation, to significantly enhance organizations’ security posture and risk management capabilities. Qostodian…

Read more →

Network Perception announced a technology integration with Claroty to provide OT network auditors with a comprehensive, independent audit platform to track and verify system changes and enhance network visibility. The combined technology enables auditors to establish an accurate baseline view…

Read more →

Resecurity announced its integration with the Palo Alto Networks Cortex XSOAR Marketplace, a platform for security orchestration, automation, and response (SOAR). This integration allows Resecurity to offer three of its flagship products, Resecurity Context, Resecurity Risk, and Resecurity IDProtect, to…

Read more →

Elliptic Labs has launched its latest product, the AI Virtual Seamless Sensor. Elliptic Labs’ AI Virtual Seamless Sensor enables cross-device user experiences across different operating systems and chipset platforms, using a multi-modal approach to create interoperability between PCs, smartphones, peripheral…

Read more →

In this Help Net Security interview, Sumedh Thakar, President and CEO of Qualys explores the vision behind the Qualys Enterprise TruRisk Platform, a strategic move aimed at redefining how enterprises measure, communicate, and eliminate cyber risk. We delve into how…

Read more →

With each step towards digitalization, from cloud computing to electronic records, the healthcare sector faces mounting risks that threaten not just the privacy but the very wellbeing of patients. In this Help Net Security interview, Taylor Lehmann, Director, Office of…

Read more →

A swing and a miss by the 50 member countries of the International Counter Ransomware Initiative (CRI), headlined by the US, who have confirmed a commitment to collectively address ransomware. Ransomware, as predicted, is growing at tremendous rates and focusing…

Read more →

A majority of both developers and CISOs view software supply chain security as a top priority in their roles (70% and 52% respectively), according to Chainguard. However, there is a clear disconnect and even some distrust between CISOs and developers…

Read more →

Digital transformation projects are top of mind for enterprises. 91% of businesses are currently engaged in some form of digital initiative. Yet, the average cost of a failed, delayed, or scaled-back digital transformation project is more than $4 million dollars.…

Read more →

The risk of personal and professional data being stolen by nefarious actors looms larger than ever, according to Trend Micro. Understanding the risks associated with data theft, which include identity theft, financial loss, reputational harm, and the potential misuse of…

Read more →

Often overlooked but critically essential, backup lies at the core of data security and business continuity. However, data is also susceptible to a myriad of threats, ranging from hardware failures and accidental deletions to malicious cyberattacks. Whether you’re an individual…

Read more →

To maintain a competitive edge, modern organizations are evolving toward highly scalable, flexible and resilient applications – leading to the widespread adoption of cloud native technologies like Kubernetes, according to Venafi. Security challenges in cloud native environments In fact, 84%…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Exploring the global shift towards AI-specific legislation In this Help Net Security interview, Sarah Pearce, Partner at Hunton Andrews Kurth, offers insights into the evolving…

Read more →

SentinelOne has partnered with Snyk to unveil the integration of SentinelOne’s Singularity Cloud Workload Security with the Snyk Developer Security Platform. The integration will correlate the cloud runtime threat detections identified by SentinelOne with vulnerabilities found by Snyk in container…

Read more →

D2iQ released DKP Insights, an automated troubleshooting and diagnostic tool. DKP Insights, along with the newly released DKP AI Navigator, enables enterprise organizations to manage Kubernetes with ease and overcome the industry-wide skills gap that has presented the biggest barrier…

Read more →

The state-owned Industrial and Commercial Bank of China (ICBC), which is one of the largest banks in the world, has been hit by a ransomware attack that led to disrupted trades in the US Treasury market. The attack “On November…

Read more →

Picus Security announced the addition of Picus Attack Surface Validation and AI-driven threat profiling to the Picus Security Validation Platform. The new capabilities give security teams full context of their attack surface so they can accurately prioritize threat exposure based…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Aqua Security, ARMO, Druva, IRONSCALES, Malwarebytes, and Varonis. Varonis enhances its Microsoft 365 offering to prevent sensitive email exposure Varonis announced major enhancements to its…

Read more →

The October forecast for large numbers of CVEs addressed in Windows 10 and 11 and the recent record on the number fixed in Windows Server 2012 was spot on! Microsoft addressed 75 CVEs in Windows 11, 80 in Windows 10,…

Read more →

Adoption and use of AI tools is high across organizations, however many are concerned about the impacts AI will have on their larger data security strategy, according to Immuta. Only half of the respondents say their organization’s data security strategy…

Read more →

“We brought a shovel to fight an avalanche.” That’s the sentiment shared by many business leaders, especially CISOs, CIOs and IT leaders as they face the current cybersecurity threat landscape. Like an avalanche, it’s constantly shifting and changing, moving quickly…

Read more →

In this Help Net Security video, Christina Hoefer, VP of Global Industrial Enterprise at Forescout, discusses why it is time for manufacturers/OT security leaders to “toss the spreadsheet” regarding their traditional methods of tracking data for cyber risk assessments. She…

Read more →

The Kubernetes industry is undergoing rapid change and evolution due to the growth of edge computing, the acceleration of AI, and the pressing need to modernize Kubernetes management in response to increasing technology scale and complexity, according to Spectro Cloud.…

Read more →

Arista Networks announced an expanded zero trust networking architecture that uses the underlying network infrastructure to break down security silos, streamline workflows and enable an integrated zero trust program. Through a combination of Arista-developed technologies and strategic alliances with key…

Read more →

Netskope unveiled the Next Gen SASE Branch: a major step forward in infrastructure that uses Netskope’s Borderless SD-WAN to transform how organizations manage their most critical networking and security functions and optimize enterprise branches everywhere. Information technology teams today seek…

Read more →

Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant. About Sandworm “Sandworm is a threat actor that has carried out cyber operations in support of…

Read more →

Akamai and Deloitte have announced a strategic alliance to provide zero trust microsegmentation and incident response services to Deloitte customers worldwide. This alliance will combine Deloitte’s expertise in cybersecurity, network forensics, and security with the Akamai Guardicore Segmentation solution. This…

Read more →

YesWeHack has unveiled an Attack Surface Management (ASM) product that enables clients to orchestrate their offensive security and vulnerability remediation strategy through a risk-based approach. The new product continuously maps an organisation’s internet-exposed assets, detects their possible exposure to known…

Read more →

GitLab has unveiled updates to GitLab Duo, the company’s suite of AI capabilities, including the beta of GitLab Duo Chat available in the GitLab 16.6 November product release, and the general availability of GitLab Duo Code Suggestions in the GitLab…

Read more →

A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day vulnerability (CVE-2023-34362) in Progress Software’s MOVEit…

Read more →

NetRise has released Trace in the NetRise platform. This new solution allows users to identify and validate compromised and vulnerable third-party and proprietary software assets using AI-powered semantic search for the first time. Trace revolutionizes vulnerability detection and validation by…

Read more →

ManageEngine launched Endpoint Central MSP Cloud, which brings the advantages of the cloud’s scalability, flexibility, and efficiency to the remote monitoring and management (RMM) of endpoints for MSPs. The launch also completes the first stage of the company’s vision for…

Read more →

Ivanti announced its partnership with a provider of tech-enabled cybersecurity solutions, Securin. Fueled by data from Securin’s Vulnerability Intelligence (VI), Ivanti Neurons for Vulnerability Knowledge Base provides authoritative, near-real-time vulnerability threat intelligence so security experts can expedite vulnerability assessments and…

Read more →

SnapAttack announced an expanded partnership with Mandiant, part of Google Cloud, to extend operationalized threat intelligence to organizations of all sizes. Building on its current API integrations, the new endeavor will bring Mandiant’s threat intelligence to customers directly in the…

Read more →

Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “half-day” and “0.75-day” vulnerabilities “Half-day”…

Read more →

Tidal Cyber raised $5 million, led by Squadra Ventures with participation from existing investors, in seed funding to accelerate the growth of its platform that enables security operations teams to proactively focus on critical threats, and take action to improve…

Read more →

Orange Business and VMware are strengthening their partnership to deliver Flexible SD-WAN with VMware as the first fully embedded SD-WAN offering in Evolution Platform. The Orange Business Evolution Platform combines a secured digital infrastructure with an agile, cloud approach to…

Read more →

Quantum computing is poised to be one of the most important technologies of the 21st century. With global governments having collectively pledged more than $38 billion in public funds for quantum technologies and $2.1 billion of new private capital flowing…

Read more →

When managing anti-money laundering (AML) obligations, many challenger banks turn to basic or unproven in-house risk management solutions. Although these solutions can, in some ways, be innovative, they are often built quickly and lack thorough testing, leading to potential vulnerabilities.…

Read more →

Red Piranha has released the latest Crystal Eye consolidated security platform officially in global collaboration with Intel on the 12th of October and more details on the Network Builders Panel with Intel later that month. Crystal Eye 5.0 features best…

Read more →

While organizations are slashing budgets across other departments, IT and security budgets are growing to address evolving IT infrastructure and rising threats from new tactics such as AI-based attacks, according to Axonius. Budget growth in IT and security In fact,…

Read more →

New data reveals artificial intelligence is challenging organizations in significant ways, with only 15% of global tech leaders reporting they are prepared for the demands of generative AI and 88% saying stronger regulation of AI is essential, according to Harvey…

Read more →

Commvault announced Commvault Cloud, powered by Metallic AI – a new platform that is changing the game in how IT and security teams can radically improve cyber resilience in an era of non-stop ransomware and malicious cyberattacks. Commvault Cloud unifies…

Read more →

Phosphorus has integrated with Check Point to provide the asset-centric xIoT visibility at the network level. Phosphorus’s Intelligent Active Discovery (IAD) engine and device posture assessment capabilities are able to enrich network-centric technologies with previously unseen levels of high-resolution xIoT…

Read more →

Palo Alto Networks introduced Strata Cloud Manager, a AI-powered zero trust management and operations solution. With these innovations and over 4,400 machine learning models, Palo Alto Networks is well-positioned to prove the combination of AI and zero trust can best…

Read more →

Entrust has unveiled a technology alliance partnership with NEDAP to deliver interoperability between credential issuance and ID program management capabilities. Managing physical access for people, visitors and assets is complex and ever-evolving. Organizations seek access control programs that can provide…

Read more →

Symmetrium has unveiled its Instant messaging (IM) and SMS data protection solution, which eliminates the corporate security and compliance risks associated with IM usage by employees. With messaging apps now part of daily life in many workplaces, Hackers can exploit…

Read more →

Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious (and annoying) push notifications triggered by attackers. Preventing attacks relying on MFA fatigue When faced with MFA-protected accounts, threat actors repeatedly try…

Read more →

Cybellum and Hitachi Solutions announced its partnership to provide PLM security solutions in Japan. The PLM Security Solutions service provides one-stop support for uncovering and managing cybersecurity vulnerabilities from the design to manufacturing and operation of IoT devices. As devices…

Read more →

Kasten by Veeam has announced the release of its new Kasten K10 V6.5 platform for Kubernetes. The new release introduces trusted container environments, enhanced ransomware protection and data protection support for large-scale Kubernetes environments. As part of the new cloud…

Read more →

Elastic has unveiled Elasticsearch Query Language (ES|QL), its new piped query language designed to transform, enrich and simplify data investigation with concurrent processing. ES|QL enables site reliability engineers (SREs), developers and security professionals to perform data aggregation and analysis across…

Read more →

Protecto announced the close of a $4 million seed funding round. Together Fund led the round with participation from Better Capital, FortyTwo VC, Arali Ventures and Speciale Invest. The latest round brings the total raised to $5 million after Protecto…

Read more →

ThreatX has unveiled new capabilities for its Runtime API and Application Protection (RAAP) solution. ThreatX RAAP helps CISOs and security teams extend APIs and app protection to containerized environments. ThreatX delivers this capability through a unified solution that protects against…

Read more →

Druva announced cloud-native protection for Azure backups, enabling customers to leverage the simplicity and value of SaaS across their cloud deployments. Druva’s 100% agentless, cloud-native SaaS solution provides air-gapped backups for Azure VMs and reduces total cost of ownership by…

Read more →

SUSE released Rancher Prime 2.0, enhancing customers’ ability to manage heterogeneous, multi-cloud Kubernetes deployments securely and at scale. SUSE also revealed updates to Rancher community edition, SLE Micro 5.5 and the future of SUSE Edge. The latest updates continue to…

Read more →

Cloud-native big data and security analytics firm Sumo Logic is investigating a potential security incident within their platform, the company revealed on Tuesday. The Sumo Logic incident “On Friday, November 3rd, 2023, Sumo Logic discovered evidence of a potential security…

Read more →

LastPass and Acronis announced a partnership to provide password management integration for managed service providers (MSPs) using Acronis Cyber Protect Cloud, an all-in-one data and cybersecurity protection platform. The integration, accessible from the Acronis Cyber Protect Cloud marketplace, will enable…

Read more →

Singapore-based luxury resort and casino Marina Bay Sands has suffered a data breach that exposed data of 665,000 non-casino rewards program members. The Marina Bay Sands data breach “Marina Bay Sands became aware of a data security incident on 20…

Read more →

For SOC teams to be able to defend their organization against ransomware attacks, they need to have the right security toolset, but also an understanding of the three primary ransomware attack stages. In this article, we will dive into those…

Read more →

The Aqua Trivy open-source scanner now supports vulnerability scanning for Kubernetes components and Kubernetes Bill of Materials (KBOM) generation. Now, companies can better understand the components within their Kubernetes environment and how secure they are to reduce risk. “Aqua Trivy…

Read more →

The emergence of AI has put into question the roles of software developers everywhere. In this Help Net Security video, Cat Hicks, VP of Research Insights at Pluralsight, discusses pressing questions that engineering organizations face regarding the rapidly-changing possibilities of…

Read more →

Companies need help to get visibility into the operations of their AI programs, potentially reducing productivity while creating significant risks around governance, data security, and more, according to Portal26. Two-thirds of respondents admitted to a Generative AI security or misuse…

Read more →

Cloud computing carries many benefits for your business… as long as you can ensure the performance and availability of your cloud environments. Let’s take the following three cloud computing benefits as examples. Rapidly scale cloud services: In the absence of…

Read more →

Uptycs has unveiled new automated code and runtime protections to help security and development teams align on policies, enforce them anywhere, and define remediation workflows — all from a single console. DevSecOps teams can now automate shift-left security controls using…

Read more →

Bitwarden has launched passkey management, enabling every user to create, manage, and store passkeys in their vaults. Users can now quickly and securely log into passkey-enabled websites through the Bitwarden web extension. The synchronized passkeys are encrypted in users’ vaults…

Read more →

Varonis announced major enhancements to its Microsoft 365 offering, adding more robust capabilities to continuously detect and prevent exposures in the world’s top cloud-based email service. With this release, Varonis extends its patented data classification technology to email messages, attachments,…

Read more →

NETSCOUT launched Adaptive DDoS Protection for Arbor Edge Defense (AED) to protect ISPs and enterprises from DNS water torture attacks. According to the NETSCOUT DDoS Threat Intelligence Report, Domain Name System (DNS) water torture attacks increased 353% in the first…

Read more →

IRONSCALES announced its Fall ’23 Release, strengthening its foundational behavioral analysis with deep image-based detection capabilities to stop email attacks that bypass text analysis such as QR code phishing attacks (or quishing). Additionally, IRONSCALES released phishing simulation testing enhancements with…

Read more →