Category: Help Net Security

ClearFake, a recently documented threat leveraging compromised WordPress sites to push malicious fake browser updates, is likely operated by the threat group behind the SocGholish “malware delivery via fake browser updates” campaigns, Sekoia researchers have concluded. About ClearFake ClearFake is…

Read more →

Organizations trying to cope with securing their expanding attack surfaces eventually find themselves at a crossroads: they need to move beyond finding risks to effectively mitigating risk. Making that transition starts with a shift from using “risks found” as the…

Read more →

In this Help Net Security interview, Phil Venables, CISO at Google Cloud, discusses the results of a recent Google report on board collaboration with the C-suite — particularly the CIO, CTO, and CISO to stay current with trends and prioritize…

Read more →

88% of organizations experienced an average of 40 attacks in the past 12 months, according to a survey conducted by the Proofpoint and Ponemon Institute. Supply chain attacks: Leading patient care risk The average total cost of a cyberattack experienced…

Read more →

The CISO role was partially shielded from the macroeconomic challenges of 2023, according to a new research from IANS and Artico Search. 20% of CISOs did not receive a raise The most recent average CISO total compensation increase was 11%,…

Read more →

Businesses are actively moving to eradicate passwords from employees’ lives, with 89% of IT leaders expecting passwords to represent less than a quarter of their organization’s logins within five years or less, according to a FIDO Alliance and LastPass report.…

Read more →

Cyber entities continue to show a persistent interest in targeting critical infrastructure by taking advantage of vulnerable OT assets. To counter this threat, NSA has released a repository for OT Intrusion Detection Signatures and Analytics to the NSA Cyber GitHub.…

Read more →

Strengthening your cyber defenses can be a daunting task. Where do you start? Which tools do you use? How much will it cost? And, what do you risk losing if you do nothing? It’s not always easy to answer these…

Read more →

A previously unknown vulnerability (CVE-2023-20198) affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today. About CVE-2023-20198 CVE-2023-20198 is…

Read more →

A threat actor is using compromised Skype accounts to deliver the DarkGate malware to target organizations, Trend Micro researchers have warned. “Versions of DarkGate have been advertised on Russian language forum eCrime since May 2023. Since then, an increase in…

Read more →

Zyxel Networks launched its first WiFi 7 access point for managed service providers (MSPs) and small- to medium-sized businesses (SMBs). Zyxel’s WBE660S WiFi 7 BE22000 Triple-Radio NebulaFlex Pro Access Point provides enterprise-grade technology, exceptional performance, and seamless cloud-based management and…

Read more →

BlackBerry announced its new Generative AI powered assistant for Security Operations Center (SOC) teams. The enterprise-grade solution acts as a SOC Analyst providing Generative AI based cyberthreat analysis and support to enhance CISO operations. It leverages private LLMs for greater…

Read more →

Microsoft is offering up to $15,000 to bug hunters that pinpoint vulnerabilities of Critical or Important severity in its AI-powered “Bing experience”. “The new Microsoft AI bounty program comes as a result of key investments and learnings over the last…

Read more →

Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only to be…

Read more →

86% of CISOs believe generative AI will alleviate skills gaps and talent shortages on the security team, filling labor-intensive and time-consuming security functions and freeing up security professionals to be more strategic, according to Splunk. 35% report using generative AI…

Read more →

When it comes to the cloud, many organizations prioritize speed over spend. In fact, spending on public cloud services is forecasted to grow 21.7% to a total of $597.3 billion in 2023, according to Gartner. How can organizations spend more…

Read more →

Modern compliance programs represent a strategic shift in how companies approach regulatory and ethical obligations. They are designed to not only mitigate risks and avoid legal repercussions but also to enhance an organization’s reputation, foster a culture of integrity, and…

Read more →

97% of organizations are struggling to secure their IoT and connected products to some degree, according to Keyfactor. The research survey also found that 98% of organizations experienced certificate outages in the last 12 months, costing an average of over…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Turning military veterans into cybersecurity experts In this Help Net Security interview, James Murphy, the Director of the TechVets Programme at the Forces Employment Charity…

Read more →

DigiCert announced its next generation Discovery, a set of key capabilities in DigiCert Trust Lifecycle Manager that enable customers to build a centralized book of record of their cryptographic keys and certificates. This centralized view, when coupled with management and…

Read more →

IDEMIA announced the development of a secure, standards-based converged access card for the enterprise access market, in collaboration with HYPR and Wavelynx. The creation of this smart credential will help organizations meet compliance and regulatory requirements and security best practices.…

Read more →

60% of companies are ‘very’ to ‘extremely’ concerned about ransomware attacks, according to latest research from Hornetsecurity. Businesses acknowledge ransomware risk Hornetsecurity revealed that 92.5% businesses are aware of ransomware’s potential for negative impact. Still, just 54% of respondents said…

Read more →

In an era where data security is paramount, the recent revelations about firmware backdoors implanted by Chinese government-backed hackers serve as a stark reminder of the evolving threat landscape. BlackTech is infiltrating routers to gain undetectable backdoor access to the…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Flexxon, Fortanix, Fortinet, SailPoint, and Vanta. Flexxon Xsign protects sensitive data reserved only for authorized personnel With the use of the Xsign hardware security…

Read more →

In this Help Net Security video interview, David Hunt, CTO at Prelude, discusses his book – Irreducibly Complex Systems: An Introduction to Continuous Security Testing. Continuous security testing (CST) is a new strategy for validating cyber defenses. We buy security…

Read more →

Companies are losing revenue in the fight against malicious bot attacks, according to survey by Kasada. Despite spending millions of dollars on traditional bot management solutions, companies are still financially impacted by bot attacks. 38% of respondents estimate that a…

Read more →

Snow Software released new innovations available on Snow Atlas to empower customers with the intelligence to optimize growing SaaS and cloud infrastructure spend and reduce data leakage in the enterprise. The breadth of new offerings includes agentless optimization of Azure…

Read more →

CyberArk has released new capabilities for securing access to cloud services and modern infrastructure for all users, based on the company’s risk-based intelligent privilege controls. Included are major enhancements to the CyberArk Secure Cloud Access solution, which provides just-in-time access…

Read more →

Druva has formed a strategic partnership with NEXTGEN to expand Druva’s footprint in Australia, New Zealand, and the Philippines, delivering data protection solutions to an even broader range of businesses across the Asia-Pacific region. As organizations in the Asia-Pacific region…

Read more →

HashiCorp has unveiled product updates across the HashiCorp Cloud Platform (HCP). Announcements are focused on enhancements to workflow automation for developers and infrastructure and security lifecycle management for cloud platform teams. Key enhancements include AI-generated tests for HashiCorp Terraform Cloud,…

Read more →

TuxCare has unveiled the addition of a new Extended Security Update (ESU) service for its Enterprise Support Service line up for AlmaLinux OS. The new ESU service enhances TuxCare’s comprehensive service portfolio for AlmaLinux OS, enabling organizations to achieve greater…

Read more →

Immuta unveiled its latest enhancements to its integration with Starburst to help joint customers meet increasing data mesh security and access demands. This update comes as Immuta continues to see strong customer adoption with Starburst users, including leading organizations like…

Read more →

Edgio introduced Protect and Perform Applications Bundles, a solution that combines Tier-1 web performance capabilities with a full-spectrum web security suite and enterprise-level SOC support services – all in a single, comprehensive package. The new offering eliminates complex billing structures…

Read more →

WithSecure has continued to evolve its Elements cloud-based security platform with the addition of several new capabilities and services that can help organizations manage risks associated with cyber attacks. WithSecure Elements, which can be managed by a trusted service provider…

Read more →

NetWitness has partnered with SDG to deliver comprehensive managed security services for effective threat detection and response capabilities, addressing cyber threats for even the most complex organizations. NetWitness offers organizations an extensive and highly scalable suite of capabilities for detecting…

Read more →

The “contain user” feature select Microsoft Defender for Endpoint customers have been trying out since November 2022 is now available to a wider pool of organizations, Microsoft has announced. The feature aims to help organizations disrupt human-operated attacks like ransomware,…

Read more →

Check Point launched Quantum SASE, integrating technologies from newly acquired Perimeter 81. This integrated offering addresses organizations’ needs for a unified user experience, simplified SASE management, and a fast, secure browsing experience. It enhances the company’s Infinity architecture with a…

Read more →

Semperis has expanded Forest Druid, its community-driven attack path management tool, to include support for Microsoft Entra ID (formerly Azure AD), saving time for cybersecurity teams in identifying and closing risky attack paths across hybrid identity systems. Closely following the…

Read more →

Wallarm today announced general availability of the seamless Application and API Security policy integration with MuleSoft AnyPoint Platform. In today’s digital landscape, business and technical leaders must ensure that their Apps and APIs remain shielded, regardless of the deployment avenue…

Read more →

Quantum announced new bundled offerings for organization-wide data protection based on Quantum DXi-Series Backup Appliances. With continued data growth, the increasing value of data, and the constant threat of ransomware, customers must be forever vigilant and adhere to backup and…

Read more →

Tidelift announced a broad new set of capabilities as part of the Tidelift Subscription that expand customers’ ability to utilize Tidelift’s maintainer-validated data to make more informed decisions about open source packages and minimize open source-related risk. These new capabilities…

Read more →

Permission Slip, an iPhone and Android app developed by Consumer Reports, helps users ask companies and data brokers to stop sharing their personal data and/or delete it. The Permission Slip app (Source: Consumer Reports) US consumer data privacy laws The…

Read more →

Can our bodies be hacked? The answer may be yes, in that anyone can implant a chip under the skin and these devices do not usually use secure technologies, according to Entelgy. However, despite more than a decade of talk…

Read more →

Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as domain resolution and IP geolocation, saving you the effort. With its user-friendly interface built on Bootstrap and a…

Read more →

In this Help Net Security interview, Charles d’Hondt, Head of Operations, Ambionics Security, talks about the necessity of implementing continuous penetration testing because yearly ones are not enough. They leave blind spots and cannot match the security needs of regular…

Read more →

Cyber insurance has been around longer than most of us think. When American International Group (AIG) launched the first cyber insurance policy in 1997, it stepped into completely unknown territory to gain market share. Now, 26 years later, cyber insurance…

Read more →

74% of CEOs are concerned about their organizations’ ability to avert or minimize damage to the business from a cyberattack – even though 96% of CEOs said that cybersecurity is critical to organizational growth and stability, according to Accenture. CEOs…

Read more →

DAT Freight & Analytics introduced an innovative new risk assessment engine that uses artificial intelligence and DAT’s extensive proprietary data to give customers an insight into a potential partner’s risk profile and performance. DAT’s new risk assessment engine uses machine…

Read more →

Honeywell launched Cyber Watch, an enterprise solution designed to help organizations better identify, mitigate and manage the latest OT cyber threats. “Everyone from the plant manager to the CISO is a line of defense against the next cyberattack. No company…

Read more →

Appdome released new threat evaluation tools inside ThreatScope Mobile XDR to deliver enhanced monitoring, investigation and threat evaluation for mobile apps and brands globally. Among the new tools is Threat-Inspect, a powerful new ability to investigate, drill down, share and…

Read more →

BT and Google Cloud announced a new partnership focusing on an enhanced commitment to cybersecurity innovation. Serving customers in more than 180 countries and with a team of 3,000 security professionals, BT works with the security industry’s leading vendors to…

Read more →

OpenText introduced OpenText Aviator AI capabilities in Cloud Editions 23.4. For over a decade, OpenText has been helping organizations manage and secure large complex data sets from IoT and robotics, to natural language processing, to complex systems and generative AI.…

Read more →

Egnyte has launched Egnyte Document Room, a new solution powered by Egnyte’s secure platform for content collaboration and governance. With Egnyte Document Rooms, Egnyte customers can now create highly controlled, custom-branded environments for sharing information with, and collecting documents from,…

Read more →

Ashade Tech launched TrustPattern, a technology that facilitates storing information on any surface using image pattern recognition. The technology encodes data using advanced computer algorithms, generating image patterns that can be printed on top of any surface using generic document…

Read more →

Veza launched its Next-Gen IGA (Identity Governance and Administration) solution. The solution comprises the Veza Access Control Platform and new products for provisioning and deprovisioning, access reviews, access visibility, and access intelligence. By approaching governance with a focus on permissions…

Read more →

Pure Storage has unveiled critical new data resilience offerings, including the introduction of Pure Protect//DRaaS, a unique Disaster Recovery as a Service (DRaaS) solution, new energy efficiency guarantees for its Evergreen portfolio, and scalable AI-powered storage services via its Pure1…

Read more →

Blackpoint Cyber launched a brand-new Cloud Response feature, Identity Response for Azure AD. In light of the surge in identity-based attacks, where threat actors exploit victims’ login credentials from compromised services or successful phishing campaigns, Blackpoint Cyber is taking a…

Read more →

BlackBerry announced two major new Unified Endpoint Management (UEM) innovations – BlackBerry UEM at the edge and BlackBerry UEM for the IoT. BlackBerry UEM software is used for managing, monitoring, and securing all of an organization’s end-user devices. Taking BlackBerry…

Read more →

A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data…

Read more →

Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a week…

Read more →

Fortinet announced two new campus switches, the FortiSwitch 600 and 2000. These switches support the growing connectivity and security needs of the campus with high performance, embedded intelligence, and seamless integration with Fortinet’s AIOps management tool and FortiGuard AI-Powered Security…

Read more →

Hackuity launched a Version 2.0 of its next generation platform, featuring major enhancements to bring further support to organisations in prioritising risks. Hackuity’s intelligent Risk-Based Vulnerability Management combines threat intelligence, vulnerability severity, and unique business context, providing organisations with a…

Read more →

Flexxon launched its latest security product, Xsign. Now available globally, the Xsign provides enhanced security through an innovative approach to unlocking sensitive data reserved only for authorized personnel. With the use of the Xsign hardware security key, organizations will be…

Read more →

In the wake of Google’s announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication methods. “These Domain Name Service (DNS) email authentication records verify that you are…

Read more →

Scams originating on social media have accounted for $2.7 billion in reported losses since 2021, more than any other contact method, according to the Federal Trade Commission. Social media gives scammers an edge in several ways. They can easily manufacture…

Read more →

Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome’s V8 JavaScript engine and Google Cloud’s Kernel-based Virtual Machine (KVM). “We want to learn from the security community to understand how they will approach…

Read more →

Name, date of birth, address, email address, passwords, tax records, or payroll – all this sensitive user data is stored by companies in huge databases to identify individuals for digital services. Although companies have long applied limits to employees’ access…

Read more →

Cyber insurance is a type of insurance policy that provides financial protection and support to individuals and organizations in the event of cyber incidents, including data breaches, hacking, ransomware attacks, and other cyber threats. It typically covers expenses such as…

Read more →

While the threat landscape is evolving for most on the front lines, little has changed in recent years, according to ISACA. The research finds that of the cybersecurity professionals who said they were experiencing an increase or decrease in cybersecurity…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Photos: Cybertech Europe 2023 The Cybertech Europe conference and exhibition takes place at La Nuvola Convention Center in Rome, and features the latest innovative solutions…

Read more →

In an era dominated by increasingly complex cybersecurity threats and the undeniable importance of meticulous data management, iboss unveils a new feature – the Splunk Enterprise Security capability. This latest addition will redefine the paradigms of data log collection, visibility,…

Read more →

In an era dominated by increasingly complex cybersecurity threats and the undeniable importance of meticulous data management, iboss unveils a new feature – the Splunk Enterprise Security capability. This latest addition will redefine the paradigms of data log collection, visibility,…

Read more →

Sym has launched a platform for dynamic authorization. Their secure access platform builds on their Slack app and SDK which was designed for platform engineers and practitioners. Now, with the launch of Sym’s platform, security teams can manage dynamic authorization…

Read more →

American Express announced it is adding facial and fingerprint recognition to SafeKey to help prevent fraud and create a simple and intuitive online checkout process. The company will roll out these biometric features through a new pilot program. Now, when…

Read more →

Cybellum announced the launch of its Cybellum Academy. This academy is aimed at providing professional content, guidance, and training surrounding product security and creating common practices and methodologies to combat the rise of cyber-attacks against mission-critical devices. Product security is…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Cloaked, ComplyCube, LogicMonitor, ManageEngine, Nutanix, and Veriff. Veriff unveils fraud mitigation solutions Veriff launched its new Fraud Protect & Fraud Intelligence packages. Both packages use…

Read more →

September has been a packed month of continuous updates. New operating systems were released from Apple and Microsoft, and several vulnerabilities exploited in web services resulted in a domino effect of zero-day releases for many vendors. If you haven’t rolled…

Read more →

92% of AI team leaders at leading-edge organizations felt that their AI initiatives are generating value, according to Wallaroo.AI. Having found a successful formula, most of those surveyed plan to dramatically increase their spend on ML and use of ML…

Read more →

One in three employees believe their actions do not impact their organization’s security, according to Ivanti. Unsafe cybersecurity habits among office workers The research also shows that Millennial and Gen Z office workers are more likely to have unsafe cybersecurity…

Read more →

Today, individual citizens, rather than businesses or governmental bodies, are the main entry points for cyberattacks. However, security solutions haven’t evolved sufficiently to guard public figures and leaders as they do for large corporate entities. In this Help Net Security…

Read more →

IBM unveiled the next evolution of its managed detection and response service offerings with new AI technologies, including the ability to automatically escalate or close up to 85% of alerts, helping to accelerate security response timelines for clients. The new…

Read more →

IBM has unveiled the next evolution of its managed detection and response service offerings with new AI technologies, including the ability to automatically escalate or close up to 85% of alerts, helping to accelerate security response timelines for clients. The…

Read more →

Protect AI announced a set of open-source software (OSS) tools designed to help organizations protect their AI and ML environments from security threats. The company is leading security for AI/ML by developing and maintaining three OSS tools — NB Defense,…

Read more →

Cobalt Iron has unveiled Isolated Vault Services, a new enhancement available in the Cobalt Iron Compass enterprise SaaS backup platform. Isolated Vault Services makes it possible to transition normal backup operations into isolated vault recovery services. It is intended for…

Read more →

Arcserve announced it is partnering with Wasabi Technologies to introduce an integrated total unified data solution package. Exclusively available through Climb Distribution, this offering combines Arcserve’s Unified Data Protection UDP 9.0 and above with Wasabi’s immutable cloud storage, ensuring a…

Read more →

Elevate Security announced out-of-the-box integration with the SailPoint Identity Security Platform. By embedding Elevate Security’s user risk intelligence into SailPoint identity and access governance workstreams, defenders enable smarter access decision-making, strengthen defense of valuable assets against attacks on high-risk users,…

Read more →

OneTrust has introduced OneTrust Compliance Automation to optimize the compliance lifecycle. Built on the same guidance, content, and proprietary shared evidence framework that allows OneTrust Certification Automation customers to reduce certification costs and accelerate the compliance process, Compliance Automation now…

Read more →

Devo Technology is announcing that it’s deepened its partnership with CyberMaxx to deliver managed detection and response (MDR) services to enterprises. In Q2 of 2023, CyberMaxx’s threat research team identified over 1,147 successful ransomware attacks, a 26% increase from Q1.…

Read more →

A vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability in…

Read more →

Okta announced Okta AI, a suite of AI-powered capabilities that empowers organizations to harness the power of AI to build better experiences and protect against cyberattacks. Embedded across both Workforce Identity Cloud and Customer Identity Cloud, Okta AI powers real-time…

Read more →

Veeam Software announced two new offerings which combine the confidence and reliability of Veeam’s backup and restore capabilities with the ease-of-use of Backup-as-a-Service (BaaS). Cirrus by Veeam, which is available now for Microsoft 365 and Microsoft Azure customers, provides a…

Read more →

Atlassian has fixed a critical zero-day vulnerability (CVE-2023-22515) in Confluence Data Center and Server that is being exploited in the wild. “Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have…

Read more →

Apple has released a security update for iOS and iPadOS to fix another zero-day vulnerability (CVE-2023-42824) exploited in the wild. About CVE-2023-42824 CVE-2023-42824 is a kernel vulnerability that could allow a local threat actor to elevate its privileges on affected…

Read more →

Robust Intelligence announced a partnership with MongoDB to help customers secure generative AI models enhanced with enterprise data. The offering combines Robust Intelligence’s real-time AI Firewall with MongoDB Atlas Vector Search for an enterprise-ready solution that enables responsible innovation. Recent…

Read more →

Cameras are coming to a connected device near you. Cheap image sensors from old mobile phones are flooding the market and bringing video to the Internet of Things (IoT). Vacuum cleaners, bird feeders, connected cars and even smart ovens now…

Read more →

In this Help Net Security video, Peter Pezaris, Chief Strategy and Design Officer at New Relic, discusses observability adoption and how full-stack observability leads to better service-level metrics, such as fewer, shorter outages and lower outage costs. 32% of respondents…

Read more →

Cybercriminals employ evolving attack methodologies designed to breach traditional perimeter security, including secure email gateways, according to Egress. “Without a doubt chatbots or large language models (LLM) lower the barrier for entry to cybercrime, making it possible to create well-written…

Read more →

New cybersecurity findings pinpoint areas where cybersecurity experts are lacking, with interpersonal skills, cloud computing, and security measures standing out as the most prominent skill deficiencies in cybersecurity specialists, according to a new ISACA report. 59 percent of cybersecurity leaders…

Read more →

2023 saw twice as many software supply chain attacks as 2019-2022 combined. Sonatype logged 245,032 malicious packages in 2023. One in eight open-source downloads today poses known and avoidable risks. Vulnerabilities can still be prevented Nearly all (96%) vulnerabilities are…

Read more →

A key monetization mechanism of a sophisticated series of cybercriminal operations involving backdoored off-brand mobile and CTV Android devices has been disrupted, Human Security has announced. The company’s Satori Threat Intelligence and Research Team observed more than 74,000 Android-based mobile…

Read more →