Category: Help Net Security

Legal and compliance department investment in GRC (governance, risk, and compliance) tools will increase 50% by 2026, according to Gartner. Assurance leaders are seeking out technology solutions to help them address increasing regulatory attention on executive risk oversight and monitoring.…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The blueprint for a highly effective EASM solution In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can…

Read more →

Concordium unveils Web3 ID: an edge identification platform offering age-verification capacities designed to prioritize user privacy for both individuals and businesses. Concordium’s age verification tooling works to protect minors online amidst growing global privacy concerns and explicit data-harvesting from technology…

Read more →

The number of digital transactions has skyrocketed. As consumers continue to spend and interact online, they have growing expectations for security and identity verification. As fraudsters become savvier and more opportunistic, there’s an increased need for businesses to protect customers…

Read more →

Despite authentication being a cornerstone of cybersecurity, risk mitigation strategies remain outdated, according to new research from Enzoic. With the attack surface expanding and the increasing sophistication of cyber threats, organizations are struggling to deliver secure and user-friendly authentication. The…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Armis, Cisco, CTERA, Kingston Digital, Purism, and Swissbit. Librem 11 tablet sets new standard for privacy and security with Linux-based PureOS Purism introduced the new…

Read more →

64% of IT leaders believe that cybersecurity concerns are negatively impacting their organization’s willingness to invest in innovative tech, according to a report by HPE Aruba Networking. This is perhaps unsurprising as 91% either consider emerging tech a danger or…

Read more →

The once far-off vision of remotely updating software without needing to bring it into a service center was initially designed for bug fixes and cybersecurity updates. Today, over-the-air updates (OTA) are used to activate new functionality and upgrade a vehicle–…

Read more →

Application security leaders are more optimistic than developer leaders on generative AI, though both agree it will lead to more pervasive security vulnerabilities in software development, according to Sonatype. According to the surveyed DevOps and SecOps leaders, 97% are using…

Read more →

Diligent announced Diligent One, a platform that provides leadership, boards and practitioners with a single source for all their governance, risk and compliance (GRC) needs. Over the last six months Diligent has launched board and leadership reporting dashboards for ESG,…

Read more →

Designed to address the pressing crypto compliance and risk management demands of Web3 firms and stakeholders, SkyInsights emphasizes CertiK’s commitment to raising the standard of security and transparency across the industry. Coming at a time when the global trend of…

Read more →

Retool, the company behind the popular development platform for building internal business software, has suffered a breach that allowed attackers to access and take over accounts of 27 cloud customers, all in the crypto industry. According to a CoinDesk report,…

Read more →

CloudBees has unveiled a new cloud native DevSecOps platform that places platform engineers and developer experience front and center. The platform is built on Tekton, uses a GitHub Actions style domain-specific language (DSL), and adds feature flagging, security, compliance, pipeline…

Read more →

Spectro Cloud announced Palette EdgeAI to simplify how organizations deploy and manage AI workloads at scale across simple to complex edge locations, such as retail, healthcare, industrial automation, oil and gas, automotive/connected cars, and more. Palette’s EdgeAI extends Spectro Cloud’s…

Read more →

AtData announced its partnership with Persona, a unified identity platform that helps businesses verify their users and fight fraud. This collaboration reflects an industry that is acknowledging the pressing need for stronger defenses against a myriad of online threats. With…

Read more →

Claroty announced enhancements to its SaaS platforms’ vulnerability and risk management (VRM) capabilities, further empowering security teams to evaluate and strengthen their organization’s CPS risk posture. The enhancements comprise a uniquely granular-yet-flexible risk scoring framework, features that enable vulnerability prioritization…

Read more →

Deduce has raised $9 million in funding led by Freestyle Capital, with additional investment by Foundry and True Ventures. The funding will launch Deduce’s GenAI Identity fraud solution out of stealth and help the company scale to prevent large-scale SuperSynthetic…

Read more →

Viavi Solutions announced the availability of NITRO AIOps on Google Cloud, creating an innovative solution that leverages VIAVI network analytics solutions and Google Cloud’s native service capabilities. The collaboration aims to address critical challenges faced by Communication Service Providers (CSPs)…

Read more →

SecurityScorecard announced an alliance with Measured Analytics and Insurance, the AI-powered cyber insurance provider. The initiative delivers a cyber insurance premium incentive (e.g., discounts) for Security Ratings. “Together with SecurityScorecard, Measured is reimagining how organizations manage cybersecurity as a business…

Read more →

Your security solutions might stave off a LockBit infection, but you might still end up with encrypted files: according to Symantec’s threat researchers, some affiliates are using the 3AM ransomware as a fallback option in case LockBit gets flagged and…

Read more →

Lacework and Snowflake announced an expanded partnership that advances the future of cloud infrastructure and further automates cloud security at scale. The extended partnership empowers security teams with direct access to their Lacework cloud security data through Snowflake’s secure data…

Read more →

Ivanti announced its strategic partnership with Catchpoint. The partnership expands the Digital Experience Score with application and network visibility to continuously detect and troubleshoot remote connectivity issues before they impact the workforce. Ivanti and Catchpoint will integrate their technologies, Ivanti…

Read more →

NIST released Special Publication (SP) 800-207A – “A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments.” Enterprise application environments consist of geographically distributed and loosely coupled microservices that span multiple cloud and on-premises environments. Users…

Read more →

Purism introduced the new Librem 11 tablet running secure PureBoot and Linux kernel-based PureOS. Librem 11 is made for individuals, organizations, government agencies, law enforcement agencies, and businesses that need security and privacy with powerful portability. Librem 11 security and…

Read more →

All employees need security training, yet it’s generally a resented afterthought. A variety of studies over years show that human error is generally felt to be the largest vulnerability in organizations. For technology companies like SaaS providers, who also need…

Read more →

Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. MVT supports using public indicators of compromise (IOCs) to scan…

Read more →

According to a recent Cost of Data Breach report, the financial industry has the second highest average cost for a data breach, making the value well worth financial institutions investing more into authorization. In this Help Net Security video, David…

Read more →

The ultimate guide covers everything you need to know about the entry-level Certified in Cybersecurity certification and how to get started with FREE training and exam through ISC2’s 1MCC program! No experience is required, just a passion for cybersecurity. It’s…

Read more →

60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time), according to Rockwell Automation. This corroborates other industry research showing OT/ICS (Industrial Control Systems) cybersecurity incidents…

Read more →

CISO Global is expanding its capabilities by deepening its threat intelligence feed and incorporating it into existing services. Named ‘Threat Informed’, this new data stream mines the DarkNet, an overlay of secret networks comprised of communication channels that can only…

Read more →

HCLSoftware launched HCL BigFix 11 featuring Gen AI integration for secure infrastructure and operations automation. With its hybrid multi-cloud offering, HCL BigFix enables the seamless integration of intelligent automation as a plug-and-play solution. HCL BigFix 11 introduced three new modules…

Read more →

Armis has launched Armis Centrix, the AI-powered cyber exposure management platform. Armis Centrix is a seamless, frictionless, cloud-based platform that proactively secures all your assets, remediates vulnerabilities, blocks threats and protects your entire attack surface. Armis Centrix enables organizations to…

Read more →

Torii has introduced its next generation SaaS Management Platform (SMP), featuring a series of product releases that set a new standard for innovation and extensibility in SMPs. The only SMP powered by generative AI, Torii’s enhanced platform equips bandwidth-strapped IT…

Read more →

Cyber breaches are on the rise, and when it comes to responding to them, time is of the essence. In order to drive swift conclusions, security teams need to identify relevant insights and extract actionable intelligence. It’s a daunting task,…

Read more →

Cisco has unveiled Cisco Secure Application (previously Security Insights for Cloud Native Application Observability) on the Cisco Full-Stack Observability Platform, enabling organizations to bring together application and security teams to securely develop and deploy applications. The latest release of Cisco…

Read more →

Skybox Security announced the next generation of its Continuous Exposure Management Platform. This 13.0 release introduces significant advancements to its Attack Surface and Vulnerability Management solutions, revolutionizing how enterprises manage and mitigate cyber exposure risk. “In today’s complex threat landscape,…

Read more →

SCYTHE has unveiled its latest version of the SCYTHE Core platform, introducing a number of new features designed to provide essential insight into the exploitability, impact, and prioritization of threats. SCYTHE 4.0 introduces dual-deployment options, supporting agentless and agent-based configurations.…

Read more →

Salesforce and Google have expanded their strategic partnership to bring together Salesforce and Google Workspace to drive productivity with AI. This partnership will deliver new bidirectional integrations that allow customers to bring together context from Salesforce and Google Workspace, including…

Read more →

Mirantis released Mirantis Kubernetes Engine (MKE) 3.7.0, that adds an automatic rollback feature along with fine-grained observability of components, which ensure maximum uptime and high performance, as part of Mirantis’ ZeroOps approach to streamline operations. “Our ZeroOps approach to cloud…

Read more →

Everbridge has launched Everbridge 360, which empowers organizations to manage critical events, minimize communication delays, and enhance overall operational resilience through a unified dashboard. “At Everbridge, our mission is to ensure the safety of people and continuity of organizations in…

Read more →

iProov and Cybernetica collaborate to create a MFA digital identity solution for government and financial services organizations across the EMEA, LATAM, and APAC regions. The Cybernetica and iProov partnership offers a frictionless process for individuals to use any smart device…

Read more →

Bitwarden delivers single sign-on integrations for businesses. With the recent addition of SSO with Trusted Devices, the company extends the security, flexibility, and convenience of its products. “Bitwarden provides businesses with the most effective and innovative credential management solutions that…

Read more →

Enterprise macOS users are being targeted by attackers slinging new information-stealing malware dubbed MetaStealer. The MetaStealer malware MetaStealer is delivered within malicious disk image format (.dmg) files. The names of the files – such as Advertising terms of reference (MacOS…

Read more →

A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams. “For this activity, Storm-0324 most likely relies on a publicly available tool called TeamsPhisher,” Microsoft threat researchers noted. About…

Read more →

A supply chain attack is a cyberattack that focuses on a third-party supplier providing essential services or software to the supply chain. In this Help Net Security video, Dick O’Brien, Principal Intelligence Analyst in the Symantec Threat Hunter team, discusses…

Read more →

“I didn’t really have a choice,” says Ben Bernstein, the former CEO and co-founder of Twistlock (acquired by Palo Alto Networks in 2019) and the CEO and co-founder of a new cybersecurity startup that is still in stealth. “Building a…

Read more →

In this Help Net Security interview, Pete Hoff, CISO at Wursta, offers advice to SMB security leaders and professionals on how to minimize the threat phishing presents to their organization’s operations and long-term success. What makes phishing attacks particularly challenging…

Read more →

Organizations are optimistic about AI, but AI adoption requires attention to privacy and security, productivity, and training, according to GitLab. “The transformational opportunity with AI goes way beyond creating code,” said David DeSanto, CPO, GitLab. “According to the GitLab Global…

Read more →

Threat actors continued to exploit technical misconfigurations through various fraud schemes, according to a new report from Visa. These include the use of malvertising and search engine optimization (SEO) techniques to cultivate compelling and effective phishing and social engineering campaigns,…

Read more →

September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of note Microsoft has delivered fixes for 61 CVE-numbered flaws: 5…

Read more →

Sentra has unveiled that large language models (LLMs) are now included in its data classification engine, enabling enterprises to accurately identify and understand sensitive unstructured data such as employee contracts, source code and user generated content. With LLMs now built…

Read more →

Kingston Digital has launched the Kingston IronKey D500S, a hardware-encrypted USB flash drive that provides military-grade security for classified data in transit. D500S is FIPS 140-3 Level 3 (Pending) certified with new enhancements from NIST requiring secure microprocessor upgrades for…

Read more →

Global Cloud Xchange (GCX) has launched GNSX, a managed solution that delivers global end-to-end, zero trust hybrid networking coupled with real-time visibility, security, and control, all backed by user experience metrics and Experience Level agreements (XLAs). A seamless integration of…

Read more →

Netskope has unveiled that its existing strategic alliance with Deloitte has expanded with the addition of Netskope to the Managed Extended Detection and Response (MXDR) by Deloitte platform. The new Netskope module on MXDR by Deloitte will include advanced cloud…

Read more →

GroupSense announced that it has made its security intelligence available to managed service providers (MSPs) and managed security service providers (MSSPs) through a new Tracelight Fuse security threat intelligence offering. GroupSense provides finished security intelligence about specific organizations that service…

Read more →

CTERA unveiled CTERA Vault, Write Once, Read Many (WORM) protection technology which provides regulatory compliant storage for the CTERA Enterprise Files Services Platform. CTERA Vault aids enterprises in guaranteeing the preservation and tamperproofing of their data, while also ensuring compliance…

Read more →

With ‘iShield Archive’, Swissbit introduces a new microSD card designed for encryption and access protection of video and image records, expanding the Swissbit iShield product line for plug-and-play security solutions. The card is intended particularly for manufacturers and users for…

Read more →

Wing Security has partnered with Drata to integrate SaaS security controls, robust insights, and automation in order to streamline and expedite user access reviews and vendor risk assessments for compliance frameworks and standards such as SOC 2 and ISO 27001.…

Read more →

Trua is integrating its Smart Wallet with the Apple Wallet, providing users an added way to securely share their verified digital identity. This seamless integration of Trua’s Smart Wallet with Apple Wallet opens up new avenues for people to manage…

Read more →

Netcraft announced the acquisition of FraudWatch, an Australian online brand protection provider focused on phishing, social media, brand infringement, and fake mobile apps. Netcraft and FraudWatch together are committed to providing global organizations cybersecurity products and services. With its global…

Read more →

Gigamon announced a series of cybersecurity innovations to the Gigamon Deep Observability Pipeline in its latest GigaVUE 6.4 software release. Leading the way, Gigamon Precryption technology enables IT and security organizations, for the first time with an automated solution, to…

Read more →

HPE announced new product innovations to enable small and medium-sized businesses (SMBs) improve customer networks with faster speeds, increased capacity, and strengthened security. HPE Aruba Networking is introducing the Aruba Instant On AP22D, a Wi-Fi 6 access point, and the…

Read more →

Endace announced a technical partnership with SIEM and observability platform provider Elastic. The partnership brings together the EndaceProbe Scalable Hybrid Cloud Packet Capture, Elastic Stack and Elastic Security, and provides the packet-level network visibility and detailed network metadata that Security…

Read more →

Hijackers of Facebook business accounts are relying on fake business inquiries and threats of page/account suspension to trick targets into downloading password-stealing malware. Examples of phishing messages. (Source: Guardio Labs) The campaign Hijacked Facebook business accounts a great way to…

Read more →

Entrust named Jordan Avnaim as its Chief Information Security Officer (CISO). With more than 20 years of experience leading information security functions and influencing change and enterprise digital transformation, Jordan will help scale and mature Entrust’s information security program for…

Read more →

Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. About the vulnerability (CVE-2023-4863) CVE-2023-4863 is a critical heap buffer overflow vulnerability in the component that handles WebP, a raster graphics file…

Read more →

More than 80% of organizations have experienced an identity-related breach that involved the use of compromised credentials, half of which happened in the past 12 months, according to Silverfort and Osterman Research. Lack of visibility into the identity attack surface…

Read more →

The same digital automation tools that have revolutionized workflows for developers are creating an uphill battle regarding security. From data breaches and cyberattacks to compliance concerns, the stakes have never been higher for enterprises to establish a robust and comprehensive…

Read more →

Amazon Web Services (AWS) is the most extensive and widely-used cloud platform in the world, providing more than 200 services through global data centers. It serves millions of clients, ranging from startups to major corporations and government organizations. AWS has…

Read more →

Whether you’re facing a security audit or interested in configuring systems securely, CIS SecureSuite Membership is here to help. CIS SecureSuite provides thousands of organizations with access to an effective and comprehensive set of cybersecurity resources and tools to implement…

Read more →

Bruschetta-Board is a device for all hardware hackers looking for a fairly-priced all-in-one debugger and programmer that supports UART, JTAG, I2C & SPI protocols and allows to interact with different targets’ voltages (i.e., 1.8, 2.5, 3.3 and 5 Volts!). A…

Read more →

Over 70% of CISOs feel that the importance of information security is not recognised by senior leadership, according to BSS. The CISOs said their top four highest investment priorities in 2023 are change management (35%), information security resilience (34%), data…

Read more →

Fortinet and Wiz announced that Wiz has joined the Fortinet Fabric-Ready Technology Alliance Partner Program and Fortinet has joined the Wiz Integration (WIN) Program. The two companies have jointly developed an integrated solution to help enterprises protect their cloud workload…

Read more →

SecuX revealed its latest creation, the Shield BIO card-type hardware wallet. The Shield BIO combines biometric fingerprint authentication with the handy format of a credit card. At the heart of this wallet is the military-grade Secure Element chip, synonymous with…

Read more →

A new phishing campaign taking advantage of an easily exploitable issue in Microsoft Teams to deliver malware has been flagged by researchers. Delivering malware to Microsoft Teams users Late last month, Truesec researchers spotted two compromised Microsoft 365 accounts sending…

Read more →

In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can derive from implementing external attack surface management (EASM) solutions, the essential capabilities an EASM solution should possess, and how it deals with uncovering…

Read more →

73% of board members believe they face the risk of a major cyber attack in the next 12 months, a notable increase from 65% in 2022, according to Proofpoint. Likewise, 53% feel unprepared to cope with a targeted attack, up…

Read more →

While APIs are essential to many operations and used extensively, a lack of prioritization and understanding is leading us towards a growing API security crisis, according to a report by Traceable AI and Ponemon Institute. The urgency for API security…

Read more →

Sending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by computer scientists at the University of California San Diego. The issues…

Read more →

Every online interaction hinges on the bedrock of network security. With cyber threats and data breaches making headlines daily, businesses must understand how network security safeguards consumer privacy. In this Help Net Security video, Shawn Edwards, CSO at Zayo Group,…

Read more →

Social engineering is a manipulative technique used by individuals or groups to deceive or manipulate others into divulging confidential or sensitive information, performing actions, or making decisions that are not in their best interest. It often involves exploiting human psychology…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The misconceptions preventing wider adoption of digital signatures In this Help Net Security interview, Thorsten Hau, CEO at fidentity, discusses the legal validity of qualified…

Read more →

PallyCon has introduced a new feature called PallyCon DRM License Cipher, designed to address vulnerabilities in software-level DRM solutions. In today’s digital era, the protection of digital content is more crucial than ever. Digital Rights Management (DRM) systems stand as…

Read more →

A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found during the resolution of a Cisco TAC support…

Read more →

Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The…

Read more →

North Korean threat actors are once again attempting to compromise security researchers’ machines by employing a zero-day exploit. The warning comes from Google’s own security researchers Clement Lecigne and Maddie Stone, who detailed the latest campaign mounted by government-backed attackers.…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from CyberSaint, Ghost Security, Hornetsecurity, NTT Security Holdings, and TXOne Networks. Reaper: Open-source reconnaissance and attack proxy workflow automation Reaper is an open-source reconnaissance and attack…

Read more →

Microsoft addressed 33 CVEs in Windows 10 and 11 last month after nearly 3x that number in July. But despite the lull in CVEs, they did provide new security updates for Microsoft Exchange Server, .NET Framework, and even SQL Server,…

Read more →

Digital information exchange can be safer, cheaper and more environmentally friendly with the help of a new type of random number generator for encryption developed at Linköping University. Experimental setup of the quantum random number generator. The yellow squares on…

Read more →

Two-thirds of organizations have not implemented environmental, social and governance (ESG) controls, and 60% do not currently perform internal ESG audits, according to a report by AuditBoard. Lack of ESG program readiness This lack of ESG program readiness raises the…

Read more →

69% of organizations in the education sector suffered a cyberattack within the last 12 months, according to Netwrix. Phishing and account compromise threaten the education sector Phishing and user account compromise were the most common attack paths for these organizations,…

Read more →

Implementing a robust backup strategy for safeguarding crucial business data is more essential than ever. Without such a plan, organizations risk paying ransoms and incurring expenses related to investigations and lost productivity. In this Help Net Security video, David Boland,…

Read more →

Perception Point unveiled new solution to address the escalating threat of QR code phishing, commonly referred to as “quishing”. With the recent influx in quishing campaigns, the need for a definitive solution has never been more pressing. The re-emergence of…

Read more →

OPSWAT has announced a collaboration with BlackBerry, that will see the company’s MetaDefender platform integrated with BlackBerry’s Cylance AI to deliver prevention-first, predictive security to combat the most advanced cyberattacks. Having recently announced an update to its patented AI engine…

Read more →

Cloudflare announced Cloudflare One Data Protection Suite, a unified set of advanced security solutions designed to protect data across every environment – web, SaaS, and private applications. Powered by Cloudflare’s Security Service Edge (SSE), customers can streamline compliance in the…

Read more →

Druva released its cyber resiliency offerings for Managed Service Providers (MSPs) globally. The Security Posture and Observability (SP&O) and Accelerated Ransomware Recovery (ARR) solutions enable Druva MSP partners to harness ransomware response and recovery capabilities to fortify their clients’ data…

Read more →

Sprinklr has unveiled the integration of the Sprinklr AI+ platform with Google Cloud’s Vertex AI for unified customer experience management. Sprinklr AI+ gives brands unified generative AI capabilities for customer service, insights, social media management, and marketing that is built…

Read more →

AUCloud has deployed SentinelOne’s Singularity Platform to keep its business operations and the critical digital infrastructure it supplies to some of the nation’s most trusted government agencies and enterprises safe. “As a growing cloud provider trusted by government agencies and…

Read more →

Accenture and Workday are expanding their partnership to help organizations reinvent their finance functions to be more agile, data-driven and customer-centric. The companies are collaborating to develop a suite of data-led, composable finance solutions that can be configured and reconfigured…

Read more →

The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere where it…

Read more →