Category: Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Advanced ransomware campaigns expose need for AI-powered cyber defense In this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in…

Read more →

Trustmi released Trustmi Certify, a critical innovation in its new solution for bank account validation. Businesses can now benefit from Trustmi’s holistic approach to bank account validation that accurately verifies the account and provides full protection against business payment fraud.…

Read more →

The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution (CVE-2023-50164). About CVE-2023-50164 CVE-2023-50164 may allow an attacker to manipulate file upload parameters…

Read more →

NuHarbor Security has partnered with Zscaler to deliver a new level of cybersecurity capability and business value based on the proven effectiveness of the largest security cloud on the planet. Combining NuHarbor’s nationally recognized leadership and security insight with Zscaler’s…

Read more →

Meta is introducing default end-to-end encryption (E2EE) for chats and calls across Messenger and Facebook, the company revealed on Wednesday. Rolling out E2EE for Messenger and Facebook E2EE ensures that messages content is only visible to the person sending the…

Read more →

Delve Risk and ThreatNG Security has unveiled a transformative partnership aimed at delivering intelligence solutions for security vendors. Strategic alliance for advanced intelligence The collaboration between Delve Risk and ThreatNG Security represents a strategic alliance aimed at revolutionizing intelligence solutions…

Read more →

The final Patch Tuesday of the year is almost upon us! This is the time of year when we want to relax and enjoy the holidays, but we need to be extra vigilant to detect and respond to suspicious activity.…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Atsign, Daon, Global Integrity, Living Security, Panther Labs, Searchlight Cyber, and Varonis. Varonis enhances DSPM capabilities with Azure and AWS support Varonis Systems has expanded…

Read more →

Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Many organizations no longer feel it’s adequate to secure data…

Read more →

Security practitioners are under a tremendous amount of pressure to secure today’s applications, according to Cycode. The research found that AppSec chaos reigns, with 78% of CISOs responding that today’s AppSec attack surfaces are unmanageable and 90% of responders confirmed…

Read more →

Even as organizations accelerate AI adoption, the majority don’t understand the AI skills their employees possess, if any, or have an upskilling strategy to develop them, according to Pluralsight. “AI is transforming the way that business is done, but many…

Read more →

33% of Americans have used a sports-related term in a password, according to Bitwarden. Those who have are twice as likely to have used one inspired by a professional sports team (46%) versus a college sports team (22%). 49% of…

Read more →

Phylum announced the availability of the Phylum Threat Feed and its partnership with Sumo Logic. With the Phylum App for Sumo Logic, users can know if their organization has been impacted by software supply chain risks, including: Zero-day attacks Credential…

Read more →

HireRight launched its new global identity verification solution, Global ID. With identity theft and fraud on the rise—and many employees being onboarded and working remotely—it is arguably more important than ever to verify candidates’ identities. HireRight’s new digital Global ID…

Read more →

Netskope has unveiled the completion of the rollout of Localization Zones to its NewEdge security private cloud offering a localized experience for 220 countries and territories, including every non-embargoed UN member state. While a move to a cloud web proxy…

Read more →

Attackers usually gain access to an organization’s cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them in public code repositories. These are long-term access tokens associated with an AWS IAM or…

Read more →

Cybersixgill announced new features and capabilities that take security teams’ threat detection and mitigation efforts to new levels, helping them identify and mitigate vulnerabilities and detect and stop threats more quickly and effectively. Cybersixgill’s new Identity Intelligence module enables centralized…

Read more →

Malwarebytes announced its comprehensive vulnerability assessment module is now included in every ThreatDown bundle at no additional cost via its integrated console. Many IT organizations are struggling with rising cybersecurity costs associated with annual vendor price increases and the necessity…

Read more →

Daon announced the addition of xSentinel, an expansion of its AI.X technology. xSentinel provides adaptive synthetic voice protection to create a layer of defense within any voice communication channel and enhance the identity verification technologies suite on Daon IdentityX and…

Read more →

1Kosmos announced it has completed the integration of its 1Kosmos BlockID platform with Amazon Cognito. As an AWS Advanced Technology Partner, 1Kosmos enables Amazon customers to seamlessly add passwordless multi-factor authentication (MFA) to their customer-facing web and mobile application journeys.…

Read more →

AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an automated fashion. “The method, known as the Tree of Attacks with Pruning (TAP), can be…

Read more →

As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. This will put organizations at higher risk if they don’t adopt a more…

Read more →

Despite advanced security protocols, many cybersecurity incidents are still caused by employee actions. In this Help Net Security video, John Scott, Lead Cybersecurity Researcher at CultureAI, discusses how integrating AI and automation into your cybersecurity strategy can improve employee behaviors…

Read more →

90% of the world’s largest energy companies experienced a third-party breach in the past 12 months, according to SecurityScorecard. Powering the global economy and everyday activities, the energy sector’s significance makes it a key focus for cyber threats. The urgency…

Read more →

OpenTofu is an open-source alternative to Terraform’s widely used Infrastructure as Code provisioning tool. Previously named OpenTF, OpenTofu is an open and community-driven response to Terraform’s recently announced license change from a Mozilla Public License v2.0 (MPLv2) to a Business…

Read more →

Panther Labs launched its new Security Data Lake Search and Splunk Integration capabilities. These offerings mark a critical leap forward in managing security risks in today’s cloud-first landscape. As organizations race to implement machine learning capabilities, they’re increasingly reliant on…

Read more →

Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data vulnerability…

Read more →

Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that…

Read more →

Data Theorem has introduced the API Attack Path Visualization capabilities for the protection of APIs and the software supply chain. This latest enhancement of its API Secure solution empowers organizations with a comprehensive understanding of the attack chain, traversing all…

Read more →

Atsign has unveiled the release of SSH No Ports 4.0. SSH No Ports is a system administration tool used to access remote systems (gateways, industrial PCs, and many other devices) via SSH from anywhere, without the need for network configuration,…

Read more →

Living Security announced Unify Go, a free tool for Living Security training customers that surfaces security vulnerabilities across the workforce by aggregating and correlating employee behavior across security training, phishing, and email security tools. Unify Go is accessible to any…

Read more →

With the rapidly evolving threat landscape and complexity of interconnected applications, identifying real, business-critical application risks is more challenging than ever. Application security teams need a better solution than their current siloed tools and ad hoc processes can provide. Application…

Read more →

Searchlight Cyber has launched a new Exposure Data view in DarkIQ, collating 450+ billion dark web data points from data breaches and malware infection to help organizations spot threats related to their business long before they trigger detection systems or…

Read more →

Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support (EOS) on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates (ESU), but will have to pay…

Read more →

Lenovo and Microsoft are working together to help organizations operate more securely across their devices, users, apps, data, networks, and cloud services through a subscription-based Cyber Resiliency as a Service (CRaaS) offering. The offering enables Lenovo to build next generation…

Read more →

Cisco unveiled the Cisco AI Assistant for Security. This marks a major step in making AI pervasive in the Security Cloud, Cisco’s unified, AI-driven, cross-domain security platform. The AI Assistant will help customers make informed decisions, augment their tool capabilities…

Read more →

Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The “SIERRA:21 – Living on the Edge” report features research into Sierra Wireless AirLink cellular routers and some open-source components, such as TinyXML and OpenNDS.…

Read more →

How do companies protect their digital environments in a world where everything is growing more complex, quickly – data, customer expectations, cyber threats and more? It’s difficult: Adversaries are adopting and using AI and even generative AI-based technologies against enterprises.…

Read more →

Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications. Kubernetes has become a critical part of the infrastructure for many organizations. However, with its widespread adoption, Kubernetes environments have also…

Read more →

Nearly all organizations rely on the cloud to store sensitive data and run critical systems. But for many, cloud security hasn’t kept up. 93% agree that zero-trust segmentation is essential to their cloud security strategy. In this Help Net Security…

Read more →

Firms that actively harness generative AI to enhance experiences, offerings, and productivity will realize outsized growth and will outpace their competition, according to Forrester. Between July and September 2023, the number of enterprises that are in the experimentation and expansion…

Read more →

OffSec (previously Offensive Security) has released Kali Linux 2023.4, the latest version of its penetration testing and digital forensics platform. New tools in Kali Linux 2023.4 The list of tools freshly added to Kali Linux includes: cabby – a TAXII…

Read more →

Varonis Systems has expanded capabilities for cloud databases and object storage in AWS and Azure. This release accelerates customers’ data security posture management (DSPM) initiatives with deeper risk visibility, advanced threat detection, and automated remediation for multi-cloud environments. Varonis’ cloud-native…

Read more →

Vanta announced a number of new and upcoming product launches enabling customers to accelerate innovation and strengthen security. The new offerings include advanced Reporting to help security professionals measure the success of their security program and report the impact to…

Read more →

Securiti announced its strategic partnership with Databricks. This new partnership will enhance the way enterprises manage their data and AI across all data systems, addressing the growing need for contextual data intelligence and a data command center that consolidates governance,…

Read more →

CellTrust introduces SL2 Moderator AI for financial advisors and compliance officers to stop data leakage and block risky mobile messages before they are sent to clients. “It is no longer enough to just capture and provide data to compliance departments…

Read more →

Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining access to…

Read more →

Stytch announced its Passkeys offering, giving developers the easiest way to build, customize and maintain passkey-based authentication in their applications. Stytch’s new solution offers a flexible, API-first approach to passkeys that abstracts the complexity of cross-platform implementation while maintaining guardrails…

Read more →

MixMode announced its quarterly product release. This release gives customers greater visibility into their digital attack surface, improved investigation capabilities, and increased customization options. Key features and enhancements include: Alert enrichment enhancements: MixMode’s alert enrichments have been significantly enhanced to…

Read more →

Veeam Software released new Veeam Data Platform 23H2 update, including Veeam Backup & Replicationv12.1 release as well as Veeam ONE v12.1 and Veeam Recovery Orchestrator v7. This latest release from Veeam, with a focus on radical resilience, includes hundreds of…

Read more →

Global Integrity announced the newest version of the company’s secure communications solution, QTel, which offers advanced features and stronger encryption. Formerly Qphone, the new QTel provides a unique approach that ensures security and privacy of all voice, messaging, and video…

Read more →

Rambus has unveiled the availability of a Quantum Safe Engine (QSE) for integration into hardware security elements in ASICs, SoCs and FPGAs. Quantum computers will enable adversaries to break current asymmetric encryption, placing important data and assets at risk. The…

Read more →

Resecurity and ICS Technologies IRAQ, a well-established ICT System Integration Company with HQ in Baghdad, Iraq, have joined forces to fortify cybersecurity, fraud prevention and risk intelligence measures nationwide. This strategic partnership is poised to bring intelligence-driven defensive solutions to…

Read more →

Catching coding errors in API preproduction, before they are spun up and go live is critical in preventing exploitable vulnerabilities. It’s why we’ve seen “shift left” become a significant focus in API development, whereby DevOps takes responsibility for incorporating security…

Read more →

SessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications. It takes a user’s session token and checks for a list of URLs if access is possible, highlighting potential authorization issues. It deduplicates URL lists and…

Read more →

In this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in ransomware attacks, emphasizing the need for businesses to use advanced AI technologies, such as deep learning (DL), for prevention rather than just detection and…

Read more →

2024 is a presidential election year in the US. 2016 and 2020 both saw impressive increases in attempts to influence voters through crafty propaganda and social media campaigns run by bots and expert social engineers, along with attempts to influence…

Read more →

Enterprises’ increasing digital reliance has fueled an array of cybersecurity threats. One rapidly growing area is information-stealing malware known as infostealers, which is malicious software designed to steal data. Unlike ransomware, where information is held hostage, infostealer attacks happen covertly,…

Read more →

2024 will be a revolutionary year for the data security landscape as Data Security Posture Management (DSPM) technology rapidly evolves to keep pace with the colossal amount of data being created, stored and shared within organizations and across business sectors,…

Read more →

ArmorCode announced it closed a pre-emptive $40 million Series B round to advance its mission of helping companies ship secure software fast and at scale. Premier venture firm HighlandX led the round, joined by NGP Capital, along with participation from…

Read more →

Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers (PLCs), US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series…

Read more →

Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. “Customers of multiple properties received email or in-app messages from Booking.com that purported to…

Read more →

Artificial intelligence (AI) is a topic that’s currently on everyone’s minds. While in some industries there is concern it could replace workers, other industries have embraced it as a game-changer for streamlining processes, automating repetitive tasks, and saving time. But…

Read more →

According to Cisco, only 14% of organizations worldwide are ready to implement and utilize AI technologies. The report found that 61% of respondents indicated they have a maximum of one year to deploy their AI strategy before there’s a negative…

Read more →

In their 2024 cybersecurity outlook, WatchGuard researchers forecast headline-stealing hacks involving LLMs, AI-based voice chatbots, modern VR/MR headsets, and more in the coming year. Companies and individuals are experimenting with LLMs to increase operational efficiency. But threat actors are learning…

Read more →

A cybersecurity budget is an allocation of resources, both financial and otherwise, dedicated to protecting an organization’s digital assets from cyber threats. This includes funds for security software, hardware, training, and personnel. A well-structured cybersecurity budget ensures that an organization…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerability disclosure: Legal risks and ethical considerations for researchers In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex…

Read more →

Voltron Data introduced Theseus, a distributed execution engine built to solve today’s data processing challenges at a scale beyond the capabilities of CPU-based analytics systems like Apache Spark. Theseus is available to enterprises and government agencies as well as through…

Read more →

Cable launched Transaction Assurance, pioneering a new wave of financial crime compliance and transaction testing. “In recent years, we’ve witnessed a surge in compliance lapses, highlighted by billions in fines levied against major institutions for financial crime failures. These cases…

Read more →

Hitachi Vantara announced Pentaho+, an integrated platform from the Pentaho software business designed to help organizations connect, enrich, and transform operations with refined, reliable data necessary for AI and generative AI accuracy. Automating the work of complex data management with…

Read more →

Attackers are exploiting three critical vulnerabilities in internet-facing Qlik Sense instances to deliver Cactus ransomware to target organizations, Arctic Wolf researchers have warned. The exploited vulnerabilities Qlik Sense is a business intelligence and data analytics solution popular with governmental organizations…

Read more →

Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by unauthenticated attackers. The vulnerabilities in Zyxel NAS devices One of the six plugged security holes is…

Read more →

With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-42916, CVE-2023-42917) CVE-2023-42916 is a out-of-bounds read flaw, while…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Amazon, Datadog, Entrust, Fortanix, GitHub, Nitrokey, and Paladin Cloud. Amazon One Enterprise palm-based identity service improves security of physical spaces, digital assets Amazon One Enterprise…

Read more →

With the proliferation of SaaS applications, remote work and shadow IT, organizations feel obliged to embrace cloud-based cybersecurity. And rightly so, because the corporate resources, traffic, and threats are no longer confined within the office premises. Cloud-based security initiatives, such…

Read more →

Nearly 72% of applications in the financial services sector contain security flaws, according to Veracode. Despite the alarming figure, this rate of software vulnerability was the lowest of all industries analyzed and has improved since last year. The research also…

Read more →

97% of US-based CIOs expressed serious concerns about at least one cybersecurity threat, according to Opengear. Failing to have the correct human oversight over the network can open up opportunities for cybercriminals to find vulnerabilities in underserved setups. It’s perhaps…

Read more →

Flow Security announced its extension to GenAI Security with the launch of a new GenAI DLP module. The widespread use of Generative AI, while leading to advancements across the enterprise and fueling exceptional innovation, has led to increasing concern over…

Read more →

Secret Double Octopus (SDO) has enhanced its Passwordless MFA platform to offer government- caliber identity verification to enterprises who need high-assurance login for privileged business and technical users. SDO’s new Proximity Assurance feature uses familiar mobile push notifications to cryptographically…

Read more →

Dremio has unveiled AI-powered data discovery capabilities that accelerate and simplify data contextualization and description for analytics, along with improved capabilities that extend its leadership as the analytics engine for Apache Iceberg. Expanding on previously announced Generative AI text-to-SQL capabilities,…

Read more →

News that Iran-affiliated attackers have taken over a programmable logic controller (PLC) at a water system facility in Pennsylvania has been followed by a public alert urging other water authorities to immediately secure their own PLCs. “The cyber threat actors…

Read more →

Egress has launched a highly accurate graymail solution, with full end-user control, dedicated to improving employee productivity and reducing the time administrators spend reviewing incorrectly reported phishing emails. The graymail feature is architected into Egress’ inbound threat detection product, Egress…

Read more →

ThreatNG Security launched its new Ransomware Susceptibility Assessment, Reporting, and Monitoring Solution. The new solution helps organizations assess their ransomware susceptibility externally and monitor their networks for potential threats. According to the FBI, ransomware attacks increased by 13% in 2022,…

Read more →

German company Nitrokey has released NetHSM 1.0, an open-source hardware security module (HSM). Nitrokey NetHSM 1.0 features The module can be used for storing and managing a variety of cryptographic keys (e.g., keys to enable HTTPS, DNSSEC, secure blockchain transactions,…

Read more →

SAS has signed a strategic collaboration agreement (SCA) with AWS with plans to help customers extract maximum value and performance from their data in the cloud. SAS now offers SAS Customer Intelligence 360, a highly intelligent customer experience solution, in…

Read more →

OpenAI is putting more power into the hands of users of GenAI, allowing them to create their custom AI agents without writing code. These custom GPTs are the latest leap forward in the rapidly evolving AI landscape, but this highly…

Read more →

Mosint is an automated email OSINT tool written in Go designed to facilitate quick and efficient investigations of target emails. It integrates multiple services, providing security researchers with rapid access to a broad range of information. “In my previous job,…

Read more →

In this Help Net Security interview, Richard Chambers, Senior Internal Audit Advisor at AuditBoard, discusses the transformational role of the internal audit function and risk management in helping organizations bridge the gap in risk exposure. He talks about how a…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Amazon, Aqua Security, ARMO, Datadog, Devo Technology, Druva, Entrust, Enzoic, Fortanix, GitHub, Illumio, Immuta, IRONSCALES, Kasada, Lacework, Malwarebytes, OneSpan, Paladin Cloud, Snappt, ThreatModeler, and…

Read more →

Despite the rising adoption of collaboration and instant messaging software, email remains a significant area of concern regarding cyber attacks, particularly the increasing threat of cybercriminals employing harmful web links in emails, according to Hornetsecurity. Attack techniques used in email…

Read more →

ManageEngine has unveiled the dual-layered threat detection system in its security information and event management (SIEM) solution, Log360. The new feature, available in Log360’s threat detection, investigation and response (TDIR) component, Vigil IQ, empowers security operations center (SOC) teams in…

Read more →

1Kosmos announced the 1Kosmos BlockID platform now enables organizations to seamlessly extend web-based identity proofing sessions to a user’s mobile device for scanning government issued documents. This new capability does not require a mobile application, and creates a frictionless web…

Read more →

FileCloud announced a partnership with Votiro to provide customers with options to enhance their security posture. FileCloud is used by leading government and private sector organizations worldwide for secure, compliant file sharing and content collaboration. This partnership shows FileCloud’s commitment…

Read more →

Arcserve has fixed critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, PoCs for which have been published by Tenable researchers on Monday. The vulnerabilities Arcserve UDP is a popular enterprise data protection, backup and disaster…

Read more →

BlueVoyant announced the acquisition of Conquest Cyber, a cyber defense company renowned for its innovative SaaS technology that streamlines risk management across an organization’s entire cyber program. Conquest Cyber has proven successful within high-security environments, including the U.S. Defense Industrial…

Read more →

GuidePoint Security launched Compliance Management as a Service, which will help organizations stay on top of required activities and maintain the necessary data to support future compliance assessments. “While organizations may work intensely to meet certain compliance standards, they are…

Read more →

Cisco announced new business metrics in Cisco Cloud Observability. Powered by the Cisco Observability Platform to enhance business context for modern applications running on AWS. This latest release also supports integration with AWS services and application performance monitoring (APM) correlation…

Read more →

Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability (CVE-2023-6345) that is being actively exploited in the wild. About CVE-2023-6345 CVE-2023-6345, reported by Benoît Sevens and Clément Lecigne of…

Read more →

The scope of the recent breach of the Okta customer support system is much wider than initially established, the company has admitted on Tuesday: the attackers downloaded a report that contained the names and email addresses of all Okta customer…

Read more →

For more than four years, SentinelOne and Pax8 have been teaming to provide SMBs with next-generation cybersecurity solutions that enable them to protect their most critical infrastructure and assets from end to end. The strategic partners announced a significant expansion…

Read more →