Category: Help Net Security

Pynt released its autopilot platform for API security used by developers and security experts, as well as $6 million in Seed funding led by Joule Ventures with the participation of Dallas VC and Honeystone VC. The use of APIs is…

Read more →

A newer version of the Atomic Stealer macOS malware has a new trick that allows it to bypass the operating system’s Gatekeeper, Malwarebytes researchers have discovered. Mac malware delivered through Google ads The malware, which was first advertised in April…

Read more →

Tenable Holdings has signed a definitive agreement to acquire Ermetic. Tenable intends to integrate Ermetic’s capabilities into its Tenable One Exposure Management Platform to deliver contextual risk visibility, prioritization, and remediation across infrastructure and identities, both on-premise and in the…

Read more →

SafeBase announced that it is acquiring Stacksi, the A.I.-powered security questionnaire automation platform. The acquisition advances the two companies’ shared vision to eliminate the time-consuming, cumbersome task of responding to security questionnaires in the B2B buying process. With a SafeBase…

Read more →

To find the sweet spot where innovation doesn’t mean sacrificing your security posture, organizations should consider the following three best practices when leveraging AI. Implement role-based access control In the context of generative AI, having properly defined user roles to…

Read more →

LibreOffice, the most widely used open-source office productivity suite, has plenty to recommend it: it’s feature-rich, user-friendly, well-documented, reliable, has an active community of developers working on improving it, and it’s free. The suite includes Writer (word processor), Calc (a…

Read more →

In this Help Net Security interview, Slava Bronfman, CEO at Cybellum, discusses approaches for achieving product security throughout a device’s entire lifecycle, fostering collaboration across business units and product lines, ensuring transparency and security in the supply chain, and meeting…

Read more →

Cybercriminals create hundreds of thousands of counterfeit domains that mimic well-known brands for financial gain. These fake domains serve multiple malicious purposes, such as sending phishing emails, hosting fraudulent websites, rerouting web traffic, and distributing malware. In this Help Net…

Read more →

49% of enterprises across Europe currently have no formal Bring-Your-Own-Device (BYOD) policy in place, meaning they have no visibility into or control over if and how employees are connecting personal devices to corporate resources, according to a Jamf survey. With…

Read more →

The cybersecurity skills crisis continues in a multi-year freefall that has impacted 71% of organizations and left two-thirds of cybersecurity professionals stating that the job has become more difficult over the past two years—while 60% of organizations continue to deflect…

Read more →

Insight Enterprises has expanded its services portfolio with a new global managed cloud offering to simplify how enterprises scale their cloud use. Insight Managed Cloud Services enable a fully managed experience that lifts the burden of cloud management from IT…

Read more →

A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote code execution. “Despite fixes for CVE-2017-11882/CVE-2018-0802 being released by Microsoft in November, 2017 and…

Read more →

Netskope has acquired Kadiska. The news follows the announcement last week of enhancements to Netskope’s Digital Experience Management (DEM) capabilities with the introduction of Netskope Proactive DEM (P-DEM), and cements Netskope’s advances in the ability to monitor and proactively remediate…

Read more →

D2iQ announced the newest updates to its multi-cluster Kubernetes management platform, D2iQ Kubernetes Platform (DKP). DKP 2.6 features the new DKP AI Navigator, an AI assistant that enables enterprise organizations to overcome the skills gap, one of the biggest challenges…

Read more →

CyberSaint has launched the Remediation Suite within the CyberStrong platform. With the Remediation Suite, CISOs and cyber risk professionals gain access to a toolkit to efficiently prioritize, quantify, track and communicate remediation efforts across controls and risks, leading to optimized…

Read more →

A cyberattack campaign is targeting exposed Microsoft SQL (MS SQL) databases, aiming to deliver ransomware and Cobalt Strike payloads. The attack campaign The attackers target exposed MS SQL servers by brute-forcing access credentials. After having successfully authenticated, they start enumerating…

Read more →

TXOne Networks announced the second generation of its Edge engine for eliminating the spread of operational technology (OT) network infections and safeguarding reliable operations. Edge V2 delivers automatic rule generation, enabling effortless network segmentation in complex, large-scale OT environments. Our…

Read more →

Fasoo and Egnyte announced a partnership that will allow organizations to encrypt any Egnyte-managed file and inject Egnyte permissions directly into the protected file, ensuring that governance is maintained wherever the file goes. Colter Carambio, EVP and CRO at Fasoo,…

Read more →

NTT Security Holdings launched Samurai XDR SaaS, making their threat detection and response system accessible to organizations of all sizes for just $40 per endpoint per year. The cloud-hosted solution requires no infrastructure deployment, providing SMBs an affordable way to…

Read more →

Cloudera announced that it has signed a Strategic Collaboration Agreement (SCA) with AWS. This agreement strengthens Cloudera’s relationship with AWS and demonstrates their commitment to accelerate and scale cloud native data management and data analytics on AWS. Through this agreement,…

Read more →

MITRE Caldera for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology (OT). The first Caldera for OT…

Read more →

Compliance leaders are facing pressure to make the most of existing resources despite economic challenges and increased workload volume and complexity, according to Gartner. To face these challenges, leaders must address three crucial compliance function trends this year: tighter budgets,…

Read more →

90% of consumers across the US and UK are concerned about cybersecurity’s future if students aren’t exposed to the field at an earlier age, according to ThreatX. 88% are worried that today’s talent shortage will negatively impact protection of their…

Read more →

Social engineering is a sophisticated form of manipulation but, thanks to AI advancements, malicious groups have gained access to highly sophisticated tools, suggesting that we might be facing more elaborate social engineering attacks in the future. It is becoming increasingly…

Read more →

Have you ever wondered how technology hardening guidelines are developed? Some are determined by a particular vendor or driven by a bottom-line perspective. That’s not the case with the CIS Benchmarks. They’re the only consensus-developed security configuration recommendations both created…

Read more →

Phishing is a pervasive and ever-evolving cyber threat that has become a primary concern for individuals, organizations, and cybersecurity experts worldwide. This deceptive practice involves cybercriminals using various tactics to trick individuals into divulging sensitive information, such as passwords, financial…

Read more →

Among organizations that have suffered data breaches 58% were caused by issues related to digital certificates, according to a report by AppViewX and Forrester Consulting. As a result of service outages, 57% said their organizations have incurred costs upwards of…

Read more →

Atlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users’ real IP address. Details about this zero-day vulnerability as well as exploit code have been publicly released on Reddit several days…

Read more →

Reflectiz, a cybersecurity company specializing in continuous web threat management, offers a remote solution to battle Magecart web-skimming attacks, a cyberattack involving injecting malicious code into the checkout pages. As the holiday season approaches, online retailers face the challenge of…

Read more →

LiveAction announces that users can now leverage LiveWire in concert with Artificial Intelligence (AI) to better refine network operations. LiveWire will now allow users to export their network packet data for use in AIs to find patterns that human operators…

Read more →

Hornetsecurity has launched its Plan 4 “Compliance & Awareness” solution of 365 Total Protection Suite, offering a higher level of defence and compliance with new AI tools, security awareness service, and permission management for Microsoft 365. This new plan covers…

Read more →

The LockBit ransomware group has breached Zaun, a UK-based manufacturer of fencing systems for military sites and critical utilities, by compromising a legacy computer running Windows 7 and using it as an initial point of access to the wider company…

Read more →

Kingston Digital announced the XS1000 External SSD, a small and sleek file backup solution. XS1000 joins XS2000 as a new product offering in Kingston’s external SSD product portfolio. Both drives are extremely compact and under 29 grams to provide pocket-sized…

Read more →

8×8 announced the 8×8 Omni Shield solution, allowing enterprises to proactively safeguard their customers from fraudulent SMS activity. The new SMS fraud prevention communication API is part of the 8×8 CPaaS portfolio, which helps enterprises drive business growth by integrating…

Read more →

LiveAction announces that users can now leverage LiveWire in concert with Artificial Intelligence (AI) to better refine network operations. LiveWire will now allow users to export their network packet data for use in AIs to find patterns that human operators…

Read more →

In this Help Net Security video, Kayne McGladrey, IEEE Senior Member and Field CISO at Hyperproof, discusses end-to-end encryption (E2EE). E2EE ensures that only two parties – a sender and a receiver – can access data, and helps to protect…

Read more →

In this Help Net Security interview, Thorsten Hau, CEO at fidentity, discusses the legal validity of qualified digital signatures, demonstrating their equivalence to handwritten signatures when backed by robust identity verification. Opting for certified providers that adhere to standards like…

Read more →

Original equipment suppliers (OEMs) and their suppliers who are weighing how to invest their budgets might be inclined to slow pedal investment in addressing cyberthreats. To date, the attacks that they have encountered have remained relatively unsophisticated and not especially…

Read more →

Reaper is an open-source reconnaissance and attack proxy, built to be a modern, lightweight, and efficient equivalent to Burp Suite/ZAP. It focuses on automation, collaboration, and building universally distributable workflows. Reaper is a work in progress, but it’s already capable…

Read more →

Cybersecurity is not just a career field on the rise – it’s a calling that’s increasingly vital to the infrastructure of our world. But stepping into the universe of threat vectors and intrusion detection systems might sound like a journey…

Read more →

Blockchain technology has gained significant traction due to its decentralized nature and immutability, providing transparency and security for various applications, especially in finance. Having gained notoriety during the 2010s with the boom of cryptocurrencies such as Bitcoin, skilled observers quickly…

Read more →

65% of organizations confirmed that ransomware is one of the top three threats to their viability, and for 13%, it is the biggest threat, according to a report by Enterprise Strategy Group (ESG) and Keepit. Organizations’ strategies against ransomware According…

Read more →

85% of phishing emails utilized malicious links in the content of the email, and spam emails increased by 30% from Q1 to Q2 2023, according to a VIPRE report. Information technology organizations also overtook financial institutions (9%) as the most…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Adaptive Shield, Bitdefender, Bitwarden, Forescout, ImmuniWeb, Kingston Digital, LastPass, Lineaje, LOKKER, Menlo Security, MongoDB, Netskope, NetSPI, OffSec, Qualys, SentinelOne, Solvo, SonarSource, SpecterOps, Synopsys, ThreatConnect,…

Read more →

Losses from global roaming fraud are anticipated to exceed $8 billion by 2028; driven by the increase in bilateral roaming agreements for data-intensive use cases over 5G networks, according to Juniper Research. In turn, it predicts fraudulent data traffic will…

Read more →

Nidhi Gani is a seasoned regulatory affairs professional with over a decade of experience in cybersecurity, medical devices, and digital health. She’s worked with devices ranging from heart and lung machines to rehabilitation devices. Nidhi works at Embecta as a…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Adapting authentication to a cloud-centric landscape In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication…

Read more →

Quite some money can be made from selling compromised business and ad accounts on social media platforms, and the Ducktail threat actor has specialized in just that. “We observed that an account deemed ‘low-grade’ sells for around 350,000 Vietnamese dong…

Read more →

A significant gap is emerging between insurance providers, as organizations skip the fine print and seek affordable and comprehensive coverage, potentially putting them in a tough place when they need to use this safety net, according to a Delinea report.…

Read more →

Adversary-sponsored research contests on cybercriminal forums focus on new methods of attack and evasion, according to Sophos. The contests mirror legitimate security conference ‘Call For Papers’ and provide the winners considerable financial rewards and recognition from peers and also potential…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Ciphertex Data Security, ComplyCube, Fortinet, and MixMode. Ciphertex strengthens data security with SecureNAS CX-160KSSD-X The SecureNAS CX-160KSSD-X storage unit is powered by an Intel Xeon…

Read more →

Chief audit executives (CAEs) have identified risk orientation, stakeholder management, and team leadership as the top three characteristics of the most effective individuals, according to Gartner. In April 2023, Gartner surveyed 114 CAEs across 180 areas to identify the most…

Read more →

PagerDuty introduced AI-generated runbooks in early access, as well as new analytics capabilities for the PagerDuty Operations Cloud. Using PagerDuty Runbook Automation from the Operations Cloud, customers replace manual procedures with automated self-service workflows, potentially saving hundreds of working days…

Read more →

IBM and Salesforce announced a collaboration to help businesses worldwide across industries accelerate their adoption of AI for CRM. Together, the two companies support clients to revolutionize customer, partner and employee experiences, while helping safeguard their data. IBM Consulting and…

Read more →

Since March 2023 (and possibly even earlier), affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. “In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default passwords;…

Read more →

Axio announced a new joint initiative with Cyentia Institute, a research and data science firm with a mission to advance knowledge in the cybersecurity industry. Together, Axio and Cyentia will deliver Cyentia’s cyber incident analysis to Axio customers. Cyentia’s research…

Read more →

ESET researchers have identified two active campaigns targeting Android users, where the threat actors behind the tools for Telegram and Signal are attributed to the China-aligned APT group GREF. Most likely active since July 2020 and since July 2022, respectively…

Read more →

Apple is inviting security researchers to apply for the Apple Security Research Device Program (SRDP) again, to discover vulnerabilities and earn bug bounties. Apple started the Apple SRDP in 2019. In the intervening years, participating researchers have identified 130 security-critical…

Read more →

In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. He explains how these tools can complement human knowledge to enhance software security analysis and emphasizes the…

Read more →

The number of IoT devices in enterprise networks and across the internet is projected to reach 29 billion by the year 2030. This exponential growth has inadvertently increased the attack surface. Each interconnected device can potentially create new avenues for…

Read more →

ChatGPT has attracted hundreds of millions of users and was initially praised for its transformative potential. However, concerns for safety controls and unpredictability have landed it on IT leaders’ list of apps to ban in the workplace. In this Help…

Read more →

69% of top-performing CISOs dedicate recurring time on their calendars for personal professional development, according to Gartner. This is compared with just 36% of bottom-performing CISOs who do so. “As the CISO role continues to rapidly evolve, it becomes even…

Read more →

Tenable has unveiled web application and API scanning in Tenable Nessus Expert, new features that provide simple and comprehensive vulnerability scanning for modern web applications and APIs. Web application and API scanning in Nessus Expert are dynamic application security testing…

Read more →

Exabeam announced it is expanding its partnership with Google Cloud in the development of generative AI models in its cloud-native New-Scale SIEM product portfolio. As a Google Cloud partner, the collaborative development process on Google Cloud generative AI products will…

Read more →

ComplyCube enhanced its Document Checks solution with automated Field Redaction capabilities. This feature systematically masks sensitive Personal Identifiable Information (PII) fields, such as the Dutch BSN, to assist businesses with global data privacy regulations compliance while maintaining their frictionless user…

Read more →

Netskope launched Proactive Digital Experience Management (DEM) for SASE, elevating best practice from the current reactive monitoring tools to proactive user experience management. Proactive DEM provides experience management capabilities across the entire SASE architecture, including Netskope Intelligent SSE, Netskope Borderless…

Read more →

VMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-34039, CVE-2023-20890) CVE-2023-34039 is a network bypass vulnerability arising as a result of a lack…

Read more →

MixMode has released its quarterly update for the Generative AI Platform. Continuing to innovate with new features that drive threat detection and response capabilities in large data environments, the latest updates include expanded cloud data ingestion capabilities, including support for…

Read more →

The Qakbot botnet has been disrupted by an international law enforcement operation that culminated last weekend, when infected computers started getting untethered from it by specially crafted FBI software. Arranging a widespread Qakbot removal The Qakbot administrators use a system…

Read more →

Meter announced DNS Security, built in partnership with Cloudflare. Meter DNS Security is now widely available for all Meter Network customers, expanding Meter’s existing NaaS offering and saving teams both time and money, while also improving overall network performance and…

Read more →

Google is launching a beta version of SynthID, a tool that identifies and watermarks AI-generated images. The tool will initially be available to a limited number of customers that use Imagen, Google’s cloud-based AI model for generating images from text.…

Read more →

The OWASP Foundation’s Top Ten lists have helped defenders focus their efforts with respect to specific technologies and the OWASP API (Application Programming Interface) Security Top 10 2023 is no exception. First drafted five years ago and updated this year,…

Read more →

Velociraptor is a sophisticated digital forensics and incident response tool designed to improve your insight into endpoint activities. Velociraptor enables you to conduct precise and rapid collection of digital forensic data across multiple endpoints simultaneously. Persistently gather events from endpoints,…

Read more →

The U.S. Office of the National Cyber Director (ONCD) released a request for information (RFI) entitled Open-Source Software Security: Areas of Long-Term Focus and Prioritization, which indicates that the U.S. Government’s effort to invest in open-source software and security continues…

Read more →

Healthcare organizations are facing many cybersecurity challenges that require them to increasingly prioritize cybersecurity and compliance, according to Claroty. Threat actors are not only targeting IT systems, but have now set their sights on cyber-physical systems – from IoMT devices,…

Read more →

The Qakbot botnet has been crippled by the US Department of Justice (DOJ): 52 of its servers have been seized and the popular malware loader has been removed from over 700,000 victim computers around the world. “To disrupt the botnet,…

Read more →

Okta announced Okta for Global 2000, a solution designed to give the world’s largest organizations choice in how they run their technology infrastructure with flexible and automated identity management. Okta for Global 2000 enables the technical agility executives need to…

Read more →

Tanium announced Tanium Vulnerability Risk and Compliance for ServiceNow – a new solution enabling ServiceNow customers to identify security risks from vulnerabilities and non-compliant configurations and remediate all from within the ServiceNow platform. The integrated offering allows customers to accelerate…

Read more →

Descope has unveiled the availability of third-party connectors that enable app developers to create and customize entire user journeys using no-code tools. Available connectors include Google reCAPTCHA Enterprise, Traceable, Segment, HubSpot, Amazon Rekognition, Google Cloud Translation, Amazon Translate, SendGrid, Datadog,…

Read more →

SAP and Google Cloud announced an expanded partnership to help enterprises harness the power of data and generative AI. The companies will combine their integrated open data cloud using SAP Datasphere with Vertex AI to launch new generative AI-powered industry…

Read more →

Fortinet announced new enhancements to its single-vendor SASE offering. FortiSASE already protects the hybrid workforce via a unified agent and includes SD-WAN integration for the branch. SASE for microbranches and IoT/OT devices FortiSASE now includes expanded integrations within the Fortinet…

Read more →

LogRhythm and Cimcor have joined forces to help organizations around the globe increase visibility and protect against modern cyberattacks. This partnership leverages LogRhythm’s comprehensive security information and event management (SIEM) platform and Cimcor’s file integrity monitoring (FIM) solution, CimTrak. LogRhythm’s…

Read more →

Swissbit launched its latest PCIe SSD specifically designed for data center applications. The new D1200 SSD is optimized for workloads demanded by applications including databases, cloud computing, media streaming or artificial intelligence (AI). It combines outstanding performance values, reliability and…

Read more →

A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as an initial foothold into enterprise networks. “Our data indicates strong similarity between attacks using…

Read more →

Ciphertex Data Security introduces the new durable SecureNAS CX-160KSSD-X to contribute to the advancement of data security for national defense. The SecureNAS CX-160KSSD-X storage unit is powered by an Intel Xeon D processor (4, 8, or 16 Core) and supports…

Read more →

A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose physical security depends on their general location remaining secret. The vulnerability The security…

Read more →

Cisco and Nutanix announced a global strategic partnership to accelerate hybrid multicloud deployments by offering complete hyperconverged solution for IT modernization and business transformation. IT organizations continue to face significant operational hurdles and urgent sustainability and security concerns as a…

Read more →

Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below. DNSdumpster DNSdumpster is a free domain research tool that can discover hosts related to a domain. Finding visible hosts from…

Read more →

Does anyone think the chances of surviving a plane crash increase if our tray tables are locked and our carry-on bags are completely stowed under our seats? That we’ll be OK if the plane hits a mountain if we have…

Read more →

In this Help Net Security interview, Patrice Auffret, CTO at Onyphe, explains how the traditional perimeter-based security view is becoming obsolete. He suggests that organizations should redefine their attack surface concept and discusses proactive measures they can take to strengthen…

Read more →

IT leaders are grappling with anxiety over the risks of generative AI despite continued confidence in their software-as-a-service (SaaS) security posture, according to Snow Software. 96% of respondents indicated they were still ‘confident or very confident’ in their organization’s SaaS…

Read more →

Financial and risk advisory firm Kroll has suffered a SIM-swapping attack that allowed a threat actor to access files containing personal information of clients of bankrupt cryptocurrency platforms FTX, BlockFi and Genesis. The Kroll SIM-swapping attack On Saturday, August 19,…

Read more →

Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Junos OS vulnerabilities and fixes Earlier this…

Read more →

Cloud Native Application Protection Platforms (CNAPPs) have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively securing multi-cloud environments, according to Cloud Security Alliance. Secure cloud computing environment Much of CNAPPs popularity…

Read more →

In this Help Net Security video, Larry Whiteside, Jr., CISO at RegScale and President of Cyversity, discusses how, now more than ever, the cybersecurity industry needs the diversity of thought to address the increasingly complex and technology-driven challenges organizations face.…

Read more →

In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication…

Read more →

In the era of data-driven decision making, businesses are harnessing the power of machine learning (ML) to unlock valuable insights, gain operational efficiencies, and solidify competitive advantage. Although recent developments in generative artificial intelligence (AI) have raised unprecedented awareness around…

Read more →

The expansion of large language models (LLMs) in recent times has brought about a revolutionary change in machine learning processes and has introduced fresh perspectives on the potential of AI, according to Predibase. Based on survey data from organizations experimenting…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Network detection and response in the modern era In this Help Net Security interview, David Gugelmann, CEO at Exeon, sheds light on the current cyber…

Read more →

ClearSale has released its new Client Portal. Used by ClearSale customers to view and manage their fraud prevention data, orders, and chargebacks, the portal offers enhanced functionality and a streamlined interface. The ClearSale Client Portal offers the ability to see…

Read more →