Category: Help Net Security

Software development firm JetBrains has fixed a critical vulnerability (CVE-2023-42793) in its TeamCity continuous integration and continuous delivery (CI/CD) solution, which may allow authenticated attackers to achieve remote code execution and gain control of the server. “As of September 25,…

Read more →

Transposit announced new on-call capabilities in its end-to-end incident management platform. Transposit On-Call reimagines how platform teams, SREs, on-call engineers, and customer support teams handle incidents from alert to resolution — whether they’re seasoned pros or just getting started. Effective…

Read more →

Immersive Labs unveiled the expansion of its AI-ready platform, now with coverage across the entire organization through its new Workforce Exercising solution. With comprehensive cyber skills development for all roles, leaders can confidently build and prove organization-wide cyber resilience against…

Read more →

Crypto Quantique has released QuarkLink Ignite, a Software-as-a-Service (SaaS) platform that enables developers and engineers to achieve secure connectivity management free-of-charge for up to 50 ESP32 devices. QuarkLink Ignite is a toolset that allows developers and engineers to explore chip-to-cloud…

Read more →

Censys announced the Censys Internet Map. As the data foundation that powers the Censys Internet Intelligence Platform, the Censys Internet Map provides users with the most comprehensive, up-to-date collection of global internet infrastructure to empower security and intelligence teams. In…

Read more →

The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million. The victim organizations are overwhelmingly based in the US. “The most heavily impacted sectors…

Read more →

Siren announced details of a new patent and the release of Siren 13.4. Dr. Renaud Delbru, Chief Scientific Officer at Siren, said: “Our most recent patent stands out as a one-of-a-kind offering in the market, reaffirming our commitment to innovation.…

Read more →

Ransomed.vc, a relatively new ransomware / cyber extortion group, claims to have hacked Sony and made off with valuable data. Sony allegedly hacked and its data held for ransom “We have successfully compromissed all of sony systems. We wont ransom…

Read more →

Stratascale, an SHI company, announced the acquisition of Vector0, an Attack Surface Management (ASM) provider. Through the acquisition, Stratascale professionals and their customers gain visibility of attack vectors and points of vulnerability, enhancing Stratascale’s ability to deliver proactive cybersecurity services.…

Read more →

Vulnerability scanners delve into systems to uncover security gaps. The primary mission? To fortify organizations against breaches and shield sensitive data from exposure. Beyond merely pinpointing weaknesses, vulnerability scanning is a proactive measure to anticipate potential attacker entry points. The…

Read more →

With National Coding Week behind us, the development community has had its annual moment of collective reflection and focus on emerging technologies that are shaping the industry. Among these, large language models (LLMs) and “generative AI” have become a cornerstone…

Read more →

The surge in digital economic growth and our increasing dependence on it make cybersecurity a critical profession. In this Help Net Security video, Aaron Rosenmund, Director of Security Research and Curriculum, Pluralsight, discusses the most sought-after cybersecurity skills in today’s…

Read more →

MITRE ATT&CK, a common language for cybersecurity professionals to communicate with each other and better understand real-world adversary behaviors, celebrates its 10th anniversary this fall. In this Help Net Security interview, project leader Adam Pennington discusses the framework, how defenders…

Read more →

While many IT workers see the productivity benefits of AI, 56% believe it benefits employers more than employees, according to Ivanti. Additionally, 63% are concerned generative AI tools might take their job in the next five years compared to 44%…

Read more →

The risk of falling victim to fraud is a constant concern for individuals, businesses, and organizations alike. As technology evolves, so too do the methods employed by fraudsters, making fraud prevention an increasingly critical and complex endeavor. In this Help…

Read more →

Zyxel Networks announced the addition of WiFi 6-enabled security firewalls to its ZyWALL USG FLEX 100 firewall series. Zyxel’s new USG FLEX 100AX Firewall supports WiFi 6 (802.11ax) to provide wired and wireless solutions that deliver holistic security and protection…

Read more →

Thunder Shield Security announced Custos, its next-generation scanning platform equipped with artificial intelligence and machine learning to proactively combat cyber threats and safeguard organizations. Custos streamlines cybersecurity with a comprehensive toolkit, including a URL fuzzer, website, network, TCP, UDP, SSL,…

Read more →

US educational nonprofit organization National Student Clearinghouse (NSC) has revealed that the breach of its MOVEit server ended up affecting almost 900 colleges and universities, and resulted in the theft of personal information of their students. The National Student Clearinghouse…

Read more →

Allegro Packets is providing network professionals with enhanced functionality with its new Release 4.1. More than 100 new features, improvements and bug fixes are included in the update, which is now available to all customers. “With Release 4.1, we continue…

Read more →

Amazon and Anthropic announced a strategic collaboration that will bring together their respective technology and expertise in safer generative AI to accelerate the development of Anthropic’s future foundation models and make them widely accessible to AWS customers. As part of…

Read more →

Security processes are increasingly automated which has led some businesses to deprioritize developing their security teams’ defense skills. While antivirus and non-human generated threat detections efficiently identify vulnerabilities, they cannot detect every single threat. With the rising number of cyber-attacks,…

Read more →

BinDiff is a binary file comparison tool to find differences and similarities in disassembled code quickly. It was made open source today. With BinDiff, you can identify and isolate fixes for vulnerabilities in vendor-supplied patches. You can also port symbols…

Read more →

Security processes are increasingly automated which has led some businesses to deprioritize developing their security teams’ defense skills. While antivirus and non-human generated threat detections efficiently identify vulnerabilities, they cannot detect every single threat. With the rising number of cyber-attacks,…

Read more →

Changing approaches to cybersecurity have led to slow but steady progress in defense and protection. Still, competing interests create a growing challenge for cybersecurity decision makers and practitioners, according to CompTIA. The state of cybersecurity Most business and technology professionals…

Read more →

In this Help Net Security interview, Evelyn de Souza, Head of Privacy Compliance, Oracle SaaS Cloud, talks about the constant efforts required to keep up with privacy laws in each country, and ensuring compliance across the entire organization. She also…

Read more →

The cost of an insider risk is the highest it’s ever been, as organizations spend more time than ever trying to contain insider incidents, according to DTEX Systems. The average annual cost of an insider risk has increased to $16.2…

Read more →

Despite some positive developments, the impact of ransomware attacks remains high, according to SpyCloud. Infostealer infections preceded 22% of ransomware events for North American and European ransomware victim companies in 2023 – with common infostealers such as Raccoon, Vidar, and…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: LLM Guard: Open-source toolkit for securing Large Language Models LLM Guard is a toolkit designed to fortify the security of Large Language Models (LLMs). It…

Read more →

Keysight Technologies and Synopsys are partnering to provide internet of things (IoT) device makers with a comprehensive cybersecurity assessment solution to ensure consumers are protected when devices are shipped to market. Under the arrangement, the Synopsys Defensics fuzzing tool will…

Read more →

To help protect consumers from browser-based security, privacy and identity threats, Norton, a consumer Cyber Safety brand of Gen, has released Norton Secure Browser. Just as a passport is essential for travel, web browsers are essential for exploring the internet,…

Read more →

DAT Freight & Analytics introduced an AI-powered identity fraud detection and prevention platform through a partnership with Verosint, to help prevent the unauthorized use of customer login credentials and combat the growing threat of identity theft in trucking and logistics.…

Read more →

Mitek announced a strategic partnership with Equifax, a global data, analytics and technology company. The agreement will add Mitek’s biometric-based identity verification and liveness detection technology to Equifax’s digital identity software, further strengthening Equifax’s ability to help companies prevent identity…

Read more →

Anviz introduced an all-in-one intelligent security solution for the education industry – Anviz One – bolstering the security infrastructure of public and private educational institutions from K-12 to university with lower upfront investment, stronger analytics, and simplified management. A one-stop…

Read more →

Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited “against versions of iOS before iOS 16.7.” Bill Marczak of The Citizen Lab at The University of Toronto’s Munk…

Read more →

GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. They flaw may allow a threat actor to abuse scan execution policies to run pipelines as another user.…

Read more →

Contrast Security, the code security platform built for developers and trusted by security, today announced its integration with Amazon Web Services (AWS) Security Hub to offer full-spectrum security visibility, from infrastructure to applications. AWS Security Hub is a cloud security…

Read more →

Financial institutions have always been a valuable target for cyberattacks. That’s partly why banking and financial institutions are heavily regulated and have more compliance requirements than those in most other industries. A slew of new rules have been put in…

Read more →

57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) apps facing the highest risk, according to Digital.ai. The study found no correlation between an app’s popularity and likelihood of being attacked but found Android apps…

Read more →

Overall cyber insurance claims frequency increased by 12% in the first half of 2023, according to Coalition. Increase in ransomware claims frequency Coalition found that both claims frequency and severity rose for businesses in early 2023 across all revenue bands.…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Dig Security, Laiyer.ai, Viavi Solutions, and Wing Security. 1Password introduces mobile support for passkeys 1Password customers can now create, manage, and sign in with…

Read more →

57% of SMEs have fallen victim to at least one cybersecurity breach, among whom 31% reported that their business experienced a breach within the past 12 months alone, according to Guardz. The increasing number of evolving cyber threats poses a…

Read more →

The vast majority of IT security professionals admit stress has led them and peers to make errors that have caused data breaches, according to Devo Technology. Recent estimates put the shortage of cybersecurity professionals at 3.5 million. The survey demonstrates…

Read more →

OneLayer announced the expansion of its private cellular network security solutions to encompass the areas of operations and asset management, leveraging the same cyber-related capabilities to provide more value for additional stakeholders in the organization. Following several deployments of their…

Read more →

Cisco and Splunk announced a definitive agreement under which Cisco intends to acquire Splunk for $157 per share in cash, representing approximately $28 billion in equity value. Upon close of the acquisition, Splunk President and CEO Gary Steele will join…

Read more →

Dig has expanded the Dig Data Security Platform to protect data anywhere enterprises store sensitive information, including public cloud, software as a service (SaaS), database as a service (DBaaS) and on-premise environments. Dig’s data security posture management (DSPM) and data…

Read more →

BlueVoyant released new Supply Chain Defense (SCD) product offerings and services. BlueVoyant now provides a comprehensive solution to reduce cyber risk in organizations’ third-party ecosystems. BlueVoyant has added more options for continuous monitoring of vendors, a fully configurable questionnaire management…

Read more →

Viavi Solutions unveiled Observer Sentry, Software-as-a-Service-based Threat Exposure Management providing SecOps, DevOps, and cloud architects much-needed threat visibility into ever-changing AWS environments. The 2023 State of the Network study from VIAVI revealed increases in enterprises’ dependence on the cloud, dissatisfaction…

Read more →

CyberArk announced that Accenture has expanded its deployment of the CyberArk Identity Security Platform to include CyberArk Privilege Cloud. The solution enables Accenture to control and monitor privileged access across on-premises, cloud and hybrid infrastructures for clients as well as…

Read more →

Juniper Networks announced new Juniper Apstra capabilities that enhance operator experiences to facilitate the deployment and operations of private data center infrastructures. With the introduction of new experience-first data center features, including simplified data collection and visualization via graph databases,…

Read more →

An unknown threat actor has released a fake proof of concept (PoC) exploit for CVE-2023-4047, a recently fixed remote code execution (RCE) vulnerability in WinRAR, to spread the VenomRAT malware. The fake WinRAR PoC On August 17, 2023, Trend Micro’s…

Read more →

Fortress Information Security and NetRise partnered to offer a new, innovative Software Bill of Materials (SBOM) transparency solution to secure software supply chains and meet evolving regulatory requirements for software transparency. Fortress’ cybersecurity experts partner with public sector organizations and…

Read more →

Trend Micro has fixed a critical zero-day vulnerability (CVE-2023-41179) in several of its endpoint security products for enterprises that has been spotted being exploited in the wild. About CVE-2023-41179 The nature of the flaw hasn’t been revealed, but we know…

Read more →

50% of companies lack a dedicated security function for control systems and devices within their organizational structure, according to Cybellum. Security incidents involving industrial organizations have seen a sharp rise in recent years, with notable cases highlighting the vulnerabilities in…

Read more →

In this Help Net Security interview, Baya Lonqueux, CEO at Reciproc-IT, discusses the evolving cybersecurity landscape and the essential skillsets needed for teams working in this field. The interview highlights the shift from technical expertise to a focus on organizational…

Read more →

Amazon S3 is a simple cloud storage solution enabling effortless storage and retrieval of large amounts of data from different geographies. It’s engineered for scalability, durability, and security, making it a popular option for data storage and distribution. In addition,…

Read more →

To embark on the GenAI technology adoption journey for business success, organizations require foundational activities related to GenAI investment, guidance in prioritizing use cases, and identification of key stakeholders essential for building and implementing successful initiatives, according to IDC. Essential…

Read more →

More than 97% of the world’s internet traffic passes through subsea cables at some point, according to ENISA. Subsea cables are a vital component of the global internet infrastructure, and it is critical to protect them from cyberattacks, physical attacks…

Read more →

Wing Security launched its new SSPM for Compliance tier, enabling midmarket companies to adopt SaaS solutions while meeting a base level of security required by compliance frameworks. Customers who are seeking a comprehensive 24×7 posture management solution can upgrade their…

Read more →

NordVPN launched its first experimental project under the NordLabs platform. The AI-enabled browser extension Sonar aims to help internet users detect phishing emails and protect themselves from cybercrimes. “AI tools have facilitated the automation of a significant portion of phishing…

Read more →

McAfee launched McAfee Scam Protection to address the rise in AI-generated phishing scams. The latest feature in McAfee’s product suite draws on patented AI technology to turn the tables on cybercriminals using AI to turbocharge scams and deceive people out…

Read more →

1Password customers can now create, manage, and sign in with passkeys on a growing number of websites and apps, providing cross-platform access on iOS 17 and Android 14, as well as all major web browsers on Mac, Windows, and Linux.…

Read more →

Akamai announced a global partnership with Corero Network Security, the specialists in distributed denial-of-service (DDoS) protection solutions. Akamai is now offering Corero’s on-premises DDoS protection to extend Akamai Prolexic, Akamai’s own comprehensive portfolio of DDoS security solutions. DDoS attacks continue…

Read more →

Cybellum launched new Product Security Synergy Services, augmenting its platform with a broad set of expert services, covering the entire product lifecycle. Device manufacturers and their suppliers, across all safety-critical industries, including automotive, medical, and industrial equipment, are facing increased…

Read more →

Legit Security has successfully closed a $40 million venture capital round investment led by CRV with participation from existing investors Cyberstarts, Bessemer Venture Partners, and TCV. Legit Security’s ASPM platform continuously reduces application risk through discovery, analysis, correlation, and remediation…

Read more →

Oracle announced the Fusion Data Intelligence Platform, a next-generation data, analytics, and AI platform that will help Oracle Fusion Cloud Applications customers achieve better business outcomes by combining data-driven insights with intelligent decisions and actions. This new platform, an evolution…

Read more →

Mirantis launched Lens AppIQ, available directly to the 50,000 organizations who use Lens today directly in Lens Desktop and as (Software as a Service) SaaS. Lens AppIQ provides application intelligence – collecting information from many different configuration files and sources…

Read more →

Privacera announced its integration with Collibra, the Data Intelligence company, which enables seamless end-to-end data security and data governance. From data cataloging and data classification to enforcement of data access policies, the integration automates data governance and streamlines compliance and…

Read more →

NETGEAR has introduced the Orbi 970 Series, leveraging innovative antenna design and patented technology to optimize WiFi 7 performance. The Orbi 970 Series delivers speeds of up to 27 Gbps, a slim, elegant design and high-performance antennas for 360-degree coverage…

Read more →

VectorZero announced the newest release of its Active Data Vault, version 2.0, which introduces new cybersecurity features. This highly secure and isolated environment is designed for storage plus secure and easy use of extremely sensitive data. Active Data Vault 2.0…

Read more →

Egnyte announced an enhanced relationship with Microsoft that provides customers with additional real-time document collaboration and sharing features through Microsoft 365 and a Microsoft Teams integration that makes it easy for customers to share and upload files directly within Teams…

Read more →

Red Hat announced a new industrial edge platform, designed in collaboration with Intel, that will provide a modern approach to building and operating industrial controls. By transforming the way manufacturers operate, scale and innovate with standard IT technologies delivered to…

Read more →

60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time), according to Rockwell Automation. This corroborates other industry research showing OT/ICS (Industrial Control Systems) cybersecurity incidents…

Read more →

Far exceeding a traditional public cloud platform, Azure is a comprehensive suite of over 200 products and cloud services engineered to solve current challenges and pave the way for the future. Whether you’re looking to build, run, or manage applications,…

Read more →

All enterprise organizations are, in essence, software publishers, regardless of their industry. This is because every enterprise relies on custom software applications for managing internal processes, interacting with customers, or analyzing data, making them creators and distributors of software to…

Read more →

3 out of 4 workers use personal (and often unmanaged) phones and laptops for work and nearly half of companies let unmanaged devices access protected resources, a recent report by Kolide and Dimensional Research has revealed. When asked why they…

Read more →

72% of banks and credit unions are prioritizing compliance when evaluating fintechs, citing it as their top criteria in the due diligence process, according to Ncontracts. As banks and credit unions evaluate fintech partnerships, cybersecurity (62%) is also a critical…

Read more →

Enterprises that leverage observability increase operational efficiency and grow revenue, according to SolarWinds. The report explores how enterprises can act proactively to maximise the advantages of their observability solutions, integrate best practices into implementations, and mitigate common adoption challenges. The…

Read more →

Deepwatch announced new enhancements to the Deepwatch Managed Security Platform that improve the ability for companies to anticipate, respond, recover, and withstand future cyber threats while continuously improving business resiliency. The new platform enhancements are designed to move Deepwatch and…

Read more →

Ping Identity released PingOne for Customers Passwordless, a cloud solution that helps enterprises accelerate their passwordless initiatives and make the digital experiences for customers more convenient and seamless. PingOne for Customers Passwordless allows administrators to design, test, and deploy secure…

Read more →

Entrust announced new capabilities to help organizations enhance their security posture and advance their zero trust maturity journey. The new features extend protections, visibility, and governance over virtual infrastructures, code and application development, and cryptographic key management. “IT and security…

Read more →

Open Systems introduced OT firewall service to secure critical infrastructures. The Open Systems OT Firewall provides organizations with a dedicated appliance at the center of operational technology (OT) networks for better visibility and control of Industrial Internet of Things (IIoT)…

Read more →

OneTrust unveiled innovations to help organizations manage the complexity of their trust programs, better understand their data to activate and use it, be more resilient against emerging threats, and unlock productivity when navigating compliance. These innovations include new capabilities across…

Read more →

LogRhythm announced its partnership with Novacoast, a cybersecurity, identity and access company specializing in managed security, engineering, development, and advisory services. This partnership marks a significant milestone as Novacoast becomes the first LogRhythm Axon service provider to provide level one…

Read more →

Egnyte announced vertical AI solutions for the Architecture, Engineering, and Construction (AEC) industries. The new solutions will simplify AI deployment and improve model accuracy for customers in AEC industries. Egnyte customers can use the new AI models to label jobsite…

Read more →

NightDragon announced a new strategic partnership with CyberKnight to continue the international expansion capabilities of its portfolio companies and bring the latest CSSP innovations to customers in the Middle East, Turkey, Africa (META) and other regions. CyberKnight has rapidly grown…

Read more →

In this Help Net Security interview, Scott Sutherland, VP of Research at NetSPI, delves into the intricacies of their Breach and Attack Simulation (BAS) platform and discusses how it offers unique features – from customizable procedures to advanced plays –…

Read more →

Data breaches are a dime a dozen. Although it’s easy to look at that statement negatively, the positive viewpoint is that, as a result, cybersecurity professionals have plenty of learning moments. Learning what went wrong and why can be a…

Read more →

One in three Americans now use password managers, up from one in five in 2022, according to an online poll by Security.org that quizzed 1,051 American adults on how they use passwords and password managers. How users choose and use…

Read more →

Energized by the hype around generative AI, enterprises are aggressively pursuing practical applications of this new technology while remaining cautious about the risks, according to ISG. ISG research shows 85% of companies surveyed believe investments in generative AI within the…

Read more →

Unfortunately, as available domain extensions increase in variety (and uniqueness), so do security risks. In this Help Net Security video, Prudence Malinki, Head of Industry Relations at Markmonitor, discusses best practices enterprises should abide by when kickstarting their online business…

Read more →

LLM Guard is a toolkit designed to fortify the security of Large Language Models (LLMs). It is designed for easy integration and deployment in production environments. It provides extensive evaluators for both inputs and outputs of LLMs, offering sanitization, detection…

Read more →

Payment data security concerns remain widespread as organizations undertake significant lift to meet the PCI DSS 4.0 deadline, according to Bluefin. 94% of survey respondents said they have significant or very significant concerns pertaining to payment data security. Additionally, only…

Read more →

Venafi launched a suite of innovations within its Control Plane for Machine Identities. These innovations expand Venafi’s software-as-a-service (SaaS) machine identity management platform, equipping security and platform teams to accelerate modernization and safeguard their organizations against the challenges of cloud…

Read more →

SentiLink launched Facets, a new intelligent attributes solution that enables U.S. financial institutions to improve fraud models and implement more sophisticated onboarding flows. The solution provides feature-specific intelligence derived from SentiLink’s proprietary identity data and from its broad consortium of…

Read more →

Wipro has partnered with ServiceNow to create Wipro CyberTransform – Intelligent ServiceNow Risk and Security Solutions, a solution that enables organisations to integrate their risk, compliance, and security postures more effectively. In the current climate, organizations are increasingly having to…

Read more →

Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. About the vulnerabilities CVE-2023-3676, discovered by Akamai researcher Tomer Peled, is a command injection vulnerability…

Read more →

Resecurity has appointed Mohammed Alghamdi as the Managing Director for its operations in the Kingdom of Saudi Arabia (KSA). With a distinguished professional career spanning government relations management and successful collaborations with both private and public sector organizations, Mr. Alghamdi…

Read more →

Today, Dragos revealed that it has secured a $74 million Series D extension funding round, spearheaded by the strategic operating and investment firm WestCap. The funding extension comes when global governments and infrastructure providers increasingly acknowledge the critical role of…

Read more →

In this Help Net Security video, Terry Ray, SVP Data Security and Field CTO at Imperva, warns organizations to stop ignoring low-value data – as criminals use it as a place to live, watch, and wait for the perfect moment…

Read more →

PostgreSQL is an open-source object-relational database platform with a track record of over 25 years of ongoing development. Its reputation is solid for its reliability, extensive features, and high performance. PostgreSQL 16 enhances its performance through significant upgrades in query…

Read more →