Category: Help Net Security

Kyndryl has expanded technology partnership with Cisco to deliver services focused on cyber resilience. Through this partnership, Kyndryl will utilize Cisco’s comprehensive portfolio of network software, hardware and equipment with Kyndryl’s cyber resilience framework to help customers proactively address and…

Read more →

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address…

Read more →

New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration of sensitive data more difficult. Some of these options are already available in preview and others…

Read more →

Cybersecurity insurance is a rapidly growing market, swelling from approximately $13B in 2022 to an estimated $84B in 2030 (26% CAGR), but insurers are struggling with quantifying the potential risks of offering this type of insurance. The traditional actuary models…

Read more →

Median attacker dwell time—the time from when an attack starts to when it’s detected—shrunk from 10 to eight days for all attacks, and to five days for ransomware attacks during the first half of 2023, according to Sophos. In 2022,…

Read more →

In this Help Net Security interview, Jonathan Segev, IEEE 802.11 Task Group (TG) Chair of next-generation positioning (TGaz) at IEEE, discusses IEEE 802.11az. The new standard will enable accuracy to less than 0.1 meters, which is a significant improvement from…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Security Onion, OffSec, ImmuniWeb, LOKKER, Kingston Digital and Bitwarden. Security Onion 2.4: Free, open platform for defenders gets huge update Security Onion is a free…

Read more →

Consumers believe today’s cybersecurity talent shortage is in large part due to limited exposure to the profession and a lack of cybersecurity education and training at a younger age within school systems, according to ThreatX. 90% of consumers polled say…

Read more →

Kingston Digital Europe has launched the Kingston IronKey Keypad 200C, a hardware-encrypted USB Type-C drive that ensures both security and convenience at your fingertips. Now, users can achieve seamless data protection and effortless compatibility without the use of adapters when…

Read more →

NETGEAR has launched the NETGEAR 10G/Multi-Gigabit Dual WAN Pro Router (PR60X) making it the latest addition to their total networking solution platform, Insight. NETGEAR’s line of Smart Switches, Pro WiFi Access Points, Insight cloud-based management platform, and now the PR60X…

Read more →

New Relic has further enhanced its AIOps capabilities with recommended alerts. This provides the ability to detect and resolve alert coverage gaps by using AI to identify anomalous behavior, determine areas of the technology stack that aren’t being monitored, and…

Read more →

Danish cloud hosting firms CloudNordic and Azero – both owned by Certiqa Holding – have suffered a ransomware attack that resulted in most customer data being stolen and systems and servers rendered inaccessible. The CloudNordic and Azero ransomware attack In…

Read more →

Talon Cyber Security has released new digital experience capabilities available in the Talon Enterprise Browser. The capabilities arm IT teams with advanced metrics on device, application, and network performance to ensure that issues can be proactively resolved, and employees have…

Read more →

Ermetic has unveiled that the Ermetic cloud native application protection platform (CNAPP) is now available on Google Cloud Marketplace. “The availability of the Ermetic CNAPP on Google Cloud Marketplace makes it fast and easy for customers to pay for and…

Read more →

Bitwarden, a popular open-source password management service, has released Bitwarden Secrets Manager, an open-source, end-to-end encrypted solution that helps development, IT and DevOps teams store, manage, automate, and share secrets. About Bitwarden Secrets Manager Bitwarden Secrets Manager stores unlimited secrets…

Read more →

ImmuniWeb has introduced ImmuniWeb Neuron Mobile – its 6th product available on the ImmuniWeb AI Platform that currently covers over 20 cybersecurity, privacy and compliance use cases. ImmuniWeb Neuron Mobile Dashboard ImmuniWeb Neuron Mobile is a fully automated, AI-enabled mobile…

Read more →

Offensive Security has released Kali Linux 2023.3, the latest version of its penetration testing and digital forensics platform. New tools in Kali Linux 2023.3 Besides updates to current tools, new versions of Kali typically introduce fresh tools. On this occasion,…

Read more →

As security vulnerabilities are reported to you time and again, you may ask yourself: “Why don’t these developers learn the lesson?” The next thing you may think is: “We should train developers, so they stop making these mistakes.” For many…

Read more →

In this Help Net Security video, Eve Maler, CTO at ForgeRock, discusses how digital identity can help create a more secure connected car experience and what car manufacturers should consider regarding data privacy regulation. The post How digital identity protects…

Read more →

In this Help Net Security interview, Gerwin van der Lugt, CTO at Oddity, discusses the future of surveillance and AI’s influence. He also delves into how organizations can prevent their systems from perpetuating biases or violating individual rights. What precautions…

Read more →

The enterprise perimeter is now a massively decentralized IT landscape characterized by large-scale adoption of cloud platforms, digital services, and an increasingly tangled digital supply chain. Regulators are on the march as new threat actors emerge, exploiting increasingly sophisticated attack…

Read more →

Fragmented access policies are top security concern in multi-cloud environments, with more than 75% of enterprises reporting they do not know where applications are deployed and who has access to them, according to Strata Identity. Cloud security concerns According to…

Read more →

Financially-motivated attackers have exploited a zero-day vulnerability in WinRAR (CVE-2023-38831) to trick traders into installing malware that would allow them to steal money from broker accounts. “This vulnerability has been exploited since April 2023,” says Group-IB malware analyst Andrey Polovinkin.…

Read more →

SpyCloud has closed a $110 million growth round commitment of primary and secondary capital led by Riverwood Capital, a global investor in high-growth technology companies. More than 500 market leaders across every industry – including half of the Fortune 10…

Read more →

Seclore has announced in partnership with Nagarro, the general availability of the Nagarro-Seclore Secure Collaboration Solution. This joint solution offers businesses safe, effective, and compliant collaboration, bridging the divide between organizations and their external partners for more efficient and secure…

Read more →

Malwarebytes is revolutionizing endpoint protection for IT constrained businesses with EDR Extra Strength, a new solution that combines the company’s deep historical threat intelligence knowledge with endpoint detection and response (EDR) and AI-driven tools for attack surface reduction and accelerated…

Read more →

LOKKER has revealed the availability of the new On-demand Website Privacy Audit, a feature within its Privacy Edge software suite, geared toward healthcare organizations. This audit summarizes the highest priority privacy risks on an organization’s website. Healthcare marketers, web teams,…

Read more →

A new macOS-specific variant of the well known XLoader malware is being delivered disguised as the “OfficeNote” app. “Multiple submissions of this sample have appeared on VirusTotal throughout July, indicating that the malware has been widely distributed in the wild,”…

Read more →

Identity theft can have great financial impact on the victims, but the experienced emotional, physical and psychological impact can be even more devastating, according to the 2023 Consumer Impact Report from the Identity Theft Resource Center (ITRC) and Experian. The…

Read more →

BeyondID has released the BeyondID Security Operations Center (SOC). This 24/7/365 security monitoring and threat detection service is designed to help organizations maintain the security of their systems in real-time. The BeyondID SOC offers a comprehensive range of benefits that…

Read more →

Phishing attacks using open redirect flaws are on the rise again, according to Kroll’s Cyber Threat Intelligence (CTI) team, which means organizations should consider refreshing employees’ awareness and knowledge on how to spot them. Malicious URL redirection Open redirect vulnerabilities…

Read more →

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It has been downloaded over 2 million times and is being used by security teams worldwide. Security Onion 2.4 comes with many updates,…

Read more →

In this Help Net Security interview, Roland Atoui, Managing Director at Red Alert Labs, discusses the intricacies of transitioning from isolated IoT setups to interconnected environments, examining the broadening attack surface and the nuanced complexities this evolution imposes. Atoui also…

Read more →

Belts have tightened, and that ROI and cost reduction are now driving CISO decision-making more than ever. In this Help Net Security video, Sara Behar, Content Manager at YL Ventures, discusses how enterprise cybersecurity budgets have been impacted by the…

Read more →

While H1 2023 saw an encouraging decrease in the overall number of data breaches impacting healthcare organizations, it was overshadowed by large-scale breaches resulting in a significant increase in the number of individuals affected, which reached record levels, according to…

Read more →

Cybercriminals employ artificial intelligence (AI) to create complex email threats like phishing and business email compromise (BEC) attacks, while modern email security systems use AI to counter these attacks, according to Perception Point and Osterman Research. AI’s role in email…

Read more →

Kyndryl has become a VMware Cross-Cloud managed services provider. Kyndryl has achieved the VMware Managed Services Specialization and has completed a Validated Service Offering (VSO) for VMware Cloud on AWS. Through this expanded collaboration, both organizations are committed to providing…

Read more →

VMware has enhanced VMware Cloud, empowering customers with new editions and capabilities that will help them modernize, optimize, and better protect their organizations. With VMware Cloud, customers innovate faster, operate more efficiently, improve threat defenses, and more quickly recover from…

Read more →

MITRE has named Deborah Youmans as its new chief information officer (CIO). Youmans will oversee more than 400 IT professionals in MITRE’s Enterprise Computing and Information Systems division in areas including innovation and experimentation, information security, enterprise information technology, business…

Read more →

Grip Security is raising $41 million in Series B funding led by Third Point Ventures, with participation from YL Ventures, Intel Capital and The Syndicate Group. The investment would bring Grip Security’s total funding to $66 million and marks a…

Read more →

Ivanti is urging administrators of Ivanti Sentry (formerly MobileIron Sentry) gateways to patch a newly discovered vulnerability (CVE-2023-38035) that could be exploited to change configuration, run system commands, or write files onto the vulnerable system. “As of now, we are…

Read more →

Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company’s SRX firewalls and EX switches. The fixed Junos OS vulnerabilities Junos…

Read more →

Japanese watchmaker Seiko has been added to ALPHV (BlackCat) ransomware group’s victim list, following a data breach occurring in early August. The Seiko data breach The company published a data breach and response notice on August 10, 2023, stating that…

Read more →

As cloud infrastructures become increasingly API-driven and dynamically spread across expansive attack surfaces, achieving clarity proves difficult. Compounding this challenge is the integration of DevOps practices, microservices, and container technologies, which, while fostering agility and scalability, introduce additional layers of…

Read more →

As the adoption of cloud-based and mobile-access security systems continues to increase among both new and established businesses, the lines between traditional physical security personnel and IT staff are beginning to blur. Traditionally, the common approach towards organizational security has…

Read more →

Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free. Amass The OWASP Amass project performs network mapping of attack surfaces and external asset discovery…

Read more →

In this Help Net Security video, Andy Hornegold, Product Lead at Intruder, dives into API security and explores how several recent high-profile breaches were caused by simple failings – which didn’t require sophisticated security to prevent. The number of APIs…

Read more →

Versa Networks has released a set of enhancements to VersaAI that includes new embedded generative AI capabilities to identify malicious behaviors in real time, secure generative AI tools, and enhance network and security operational excellence. These capabilities are powered by…

Read more →

RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZIP, CAB, ARJ, LZH, TAR, GZip,…

Read more →

Google will be extending the Safety check feature within the Chrome browser to alert users when a previously installed extension is no longer available in the Chrome Web Store. A safety check for Chrome extensions The Safety check scan can…

Read more →

In this Help Net Security interview, David Gugelmann, CEO at Exeon, sheds light on the current cyber threats and their challenges for network security. He discusses the role of Network Detection and Response (NDR) solutions that leverage machine learning algorithms…

Read more →

There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the benefit…

Read more →

A Chief Information Security Officer (CISO) plays a crucial role in protecting an organization’s digital assets. They are responsible for ensuring the security of sensitive information, defending against cyber threats, and maintaining data integrity. Their work involves creating security strategies,…

Read more →

To counteract new and emerging threat methods enhanced by artificial intelligence, specialized email security vendors are leveraging a synergy of AI and human insights to enhance email security, according to IRONSCALES and Osterman Research. Cybercriminals are already using AI in…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Deception technology and breach anticipation strategies In this Help Net Security interview, Xavier Bellekens, CEO of Lupovis, explains how the implementation of deception-as-a-service offers an…

Read more →

Burnout is endemic in the cybersecurity industry, damaging the mental and physical health of cyber professionals and leaving organizations underskilled, understaffed, and overexposed to cyber risk as security leaders and team members leave for more promising career opportunities elsewhere or…

Read more →

ESET researchers have uncovered a mass-spreading phishing campaign aimed at collecting Zimbra account users’ credentials. Zimbra Collaboration is an open-core collaborative software platform, a popular alternative to enterprise email solutions. About the Zimbra phishing campaign The campaign has been active…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Action1, MongoDB, Bitdefender, SentinelOne and Netskope. Action1 platform update bridges the gap between vulnerability discovery and remediation Action1 Corporation has released a new version of…

Read more →

From understanding the challenges of disparate OT protocols and the increasing convergence with IT to grappling with the monumental role of human error, our latest interview with Rohit Bohara, CTO at asvin, delves deep into the landscape of OT security.…

Read more →

Phishing remains the most dominant and fastest growing internet crime, largely due to the ubiquity of email and the ceaseless issue of human error that is preyed upon by today’s threat actors, according to Cloudflare. While business email compromise (BEC)…

Read more →

The TSA has announced updates to its Security Directive (SD) to strengthen the operational resilience of oil and natural gas pipeline owners and operators against cyber-attacks. In this Help Net Security video, Chris Warner, OT Senior Security Consultant at GuidePoint…

Read more →

Federal agencies are prepared to meet the zero trust executive order requirements from the Biden Administration with just over a year until the deadline, according to Swimlane. The research investigated the confidence level of these agencies in meeting the memorandum’s…

Read more →

CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the Cybersecurity and…

Read more →

A phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials. “The most notable target, a major Energy company based in the US, saw about 29% of the over 1000 emails containing…

Read more →

In this Help Net Security video, Assaf Morag, Lead Threat Intelligence Analyst at Aqua Security, discusses research that discovered openly accessible and unprotected Kubernetes clusters belonging to more than 350 organizations, open-source projects, and individuals. At least 60% of these…

Read more →

Ecommerce platforms are incorporating sophisticated fraud detection measures, but fraudsters, too, are refining their strategies. In this Help Net Security interview, Eduardo Mônaco, CEO at ClearSale, explains the complexities of ecommerce fraud, discussing the evolution of fraudster tactics, the effectiveness…

Read more →

Findlargedir is a tool written to help quickly identify “black hole” directories on any filesystem having more than 100k entries in a single flat structure. When a directory has many entries (directories or files), getting a directory listing gets slower…

Read more →

A quarter of IT professionals are seriously contemplating leaving their current jobs within the next six months, potentially costing US companies upwards of 145 billion dollars, according to Ivanti. These statistics highlight the pressing need for organizations to relieve the…

Read more →

Beyond Identity has launched The Passkey Journey – a free, GDPR-compliant tool built to help development and user experience (UX) teams understand, plan, and optimize different end user authentication experiences. The tool solves key challenges around passkey adoption and offers…

Read more →

LinkedIn users are being targeted in an ongoing account hijacking campaign, are getting locked out of their accounts; the hacked accounts are held for ransom. Users discussing their compromised LinkedIn accounts. (Source: Cyberint) The LinkedIn account hijacking campaign The Cyberint…

Read more →

Stellar Cyber has unveiled that the Stellar Cyber Open XDR platform is available on Oracle Cloud Infrastructure (OCI) to help users manage their security operations. Joint customers of Oracle and Stellar Cyber can expect to reduce cyber risk and improve…

Read more →

Bitdefender has launched an advanced security feature for iOS users, Scam Alert. The new technology protects users from phishing scams delivered through SMS/MMS messages and calendar invites. Layered on top of existing protection in Bitdefender Mobile Security for iOS, Scam…

Read more →

Employees today want the freedom to work where and how they perform best. SentinelOne and Netskope are joining forces to help customers deliver it in a secure way. The technology partners today announced the launch of the SentinelOne Singularity App…

Read more →

Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A recent internet scan by Fox-IT researchers has revealed over 1,800 backdoored NetScaler devices, 69% of which…

Read more →

Two stack-based buffer overflow bugs (collectively designated as CVE-2023-32560) have been discovered in Ivanti Avalanche, an enterprise mobility management solution. A buffer overflow arises when the data in a buffer surpasses its storage capacity. This surplus data spills into nearby…

Read more →

The role of the CISO has evolved into a critical position that encompasses many responsibilities aimed at safeguarding digital assets, preserving data integrity, and mitigating cyber threats. In essence, the role of the CISO is a complex and ever-evolving one…

Read more →

Representatives from Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI recently convened at the White House for a meeting with President Biden with the stated mission of “ensuring the responsible development and distribution of artificial intelligence (AI) technologies”. The climate…

Read more →

Last week, on August 1-2, 2023, Cybertech arrived at the Kigali Convention Center in Kigali, Rwanda, in partnership with the Rwanda Ministry of ICT, Rwanda’s National Cyber Security Authority, the Rwanda Convention Bureau, and Smart Africa. Over a hundred speakers,…

Read more →

Password security remains highly relevant even as cybersecurity strategies move toward a passwordless future. Of the 100 Black Hat USA 2023 attendees Delinea polled, 54% said passwordless is a viable concept, while 79% agreed that passwords are evolving or becoming…

Read more →

The SEC adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules requiring foreign private issuers to…

Read more →

MongoDB Queryable Encryption helps organizations protect sensitive data when it is queried and in-use on MongoDB. It reduces the risk of data exposure for organizations and improves developer productivity by providing built-in encryption capabilities for sensitive application workflows—such as searching…

Read more →

In this Help Net Security interview, Mark O’Neill, CTO at BlackDice Cyber, talks about collaboration, transparent policies, and a security-first mindset. As 5G and IoT emerge, robust measures and AI will navigate challenges and shape the telecom industry’s future. Considering…

Read more →

Comprehensive security plans and programs must focus on defense, but also on answering these key question: “How will the organization respond to a ransomware attack?”, and “At what point will the option of paying the ransom be on the table?”…

Read more →

In this Help Net Security video, Paul Cragg, CTO at NormCyber, discusses how organizations grapple with many cyber threats. For smaller in-house IT teams, distinguishing between minor events and genuine threats becomes an overwhelming challenge since even a single overlooked…

Read more →

Cybertech Africa 2023 was held August 1-2, 2023 at the Kigali Convention Center in Kigali, Rwanda, in partnership with the Rwanda Ministry of ICT, Rwanda’s National Cyber Security Authority, the Rwanda Convention Bureau, and Smart Africa. Help Net Security is…

Read more →

Artificial intelligence (AI) is no longer a fragment of futuristic imagination – it’s redefining the fabric of our daily experiences and corporate strategies. The world’s tech giants are making assertive strides in AI. The TED Talks listed below explore how…

Read more →

IDC has introduced its Future of X Scorecards, designed to address the need for improved benchmarking in the development and execution of digital business strategies. As enterprises continue to invest in digital technologies and services and these digital transformation initiatives…

Read more →

Action1 Corporation has released a new version of its solution. The updated Action1 patch management platform brings together vulnerability discovery and remediation, helping enterprises fortify their defenses against threats such as ransomware infections and security breaches. The real-time detection of…

Read more →

Several vulnerabilities that affect most VPN products out there can be exploited by attackers to read user traffic, steal user information, or even attack user devices, researchers have discovered. “Our attacks are not computationally expensive, meaning anyone with the appropriate…

Read more →

Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). “An attacker could chain these vulnerabilities together to gain full access…

Read more →

AdLoad, well-known malware that has been targeting systems running macOS for over half a decade, has been observed delivering a new payload that – unbeknown to the owners – enlisted their systems into a residential proxy botnet. According to AT&T…

Read more →

The National Institute of Standards and Technology (NIST) released a discussion draft for possible Cybersecurity Framework (CSF) changes earlier this year. The proposed changes aim to help increase the CSF’s clarity and bring the updated version closer to national and…

Read more →

Cybersecurity is undergoing a paradigm shift. Previously, defenses were built on the assumption of keeping adversaries out; now, strategies are formed with the idea that they might already be within the network. This modern approach has given rise to advanced…

Read more →

APT (advanced persistent threat) attacks were once considered to be primarily a problem for large corporations, but the number of these (often state-sponsored) attacks against small- and medium-sized businesses has increased significantly. Everyone is fair game, and the ever-evolving nature…

Read more →

The mass availability of generative AI, such as OpenAI’s ChatGPT and Google Bard, became a top concern for enterprise risk executives in the second quarter of 2023, according to Gartner. A benchmarked view of emerging risks “Generative AI was the…

Read more →

According to an FBI report, in 2022, global losses from business email compromise (BEC) and email account compromise (EAC) attacks attained $43 billion, hitting a historic anti-record. Multiple cybersecurity vendors, including Microsoft and Trend Micro, reported a rapid growth of…

Read more →

As organizations try to fortify their defenses against an increasingly sophisticated threat landscape, traditional password-based systems reveal their limitations. This is where passwordless authentication steps in – a concept that simplifies access without compromising security. Passwordless authentication eliminates the need…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Zoom CISO Michael Adams discusses cybersecurity threats, solutions, and the future In this Help Net Security interview, we delve into the world of cybersecurity with…

Read more →

BigID launched Access Intelligence Remediation, empowering organizations to find and fix access rights violations at scale within their Data Security Posture Management (DSPM) workflows. With this latest innovation, BigID continues to enhance its DSPM platform, providing organizations with the tools…

Read more →

Help Net Security is in Las Vegas this week for Black Hat USA 2023, and this video provides a closer look at the event. The exhibitors featured in this video are: 1Password, Aqua Security, CISA, Cisco, CyberFOX, Darktrace, Dasera, Fortanix,…

Read more →