Category: Help Net Security

LogicMonitor announced the extension of its LM Envision platform for CloudOps, optimizing how teams monitor hybrid and multi cloud environments. With leaders recently describing their monitoring tools as “chaotic,” the latest capabilities empower CloudOps teams to quickly identify problems, prevent…

Read more →

NodeSource has launched the N|Solid Copilot, an AI assistant integrated into the Console of N|Solid Pro. Leveraging the N|Solid Pro platform to capture the telemetry for applications and paired with the company’s Node.js experts and OpenAI, the N|Solid Copilot creates…

Read more →

IRISSCON, the annual cybercrime-themed conference organized by the Irish Reporting and Information Security Service (IRISS), was held in Dublin, Ireland, on November 16, 2023. Here’s a peak on what went down: Deryck Mitchelson, Check Point Rik Ferguson, Forescout Networking Dave…

Read more →

42Crunch has unveiled the integration of 42Crunch’s API security audit and vulnerability testing solution with Microsoft Defender for Cloud to provide Microsoft customers continuous API protection from design to runtime. Cloud applications are increasingly API-centric, with APIs at the core…

Read more →

Cohesity announced it has deepened its relationship with Microsoft to help organizations more quickly respond to and recover from data loss within Microsoft 365 environments. For years, Cohesity and Microsoft have offered solutions for high-speed backup and recovery. This includes…

Read more →

Crunchy Data in collaboration with the Center for Internet Security, announced the publication of the PostgreSQL CIS Benchmark for PostgreSQL 16. Crunchy Data worked with the Defense Information Systems Agency (DISA) to make PostgreSQL the first open source database to…

Read more →

Telemetry logs are missing in nearly 42% of the attack cases studied, according to Sophos. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks. Gaps in telemetry decrease much-needed visibility into organizations’ networks…

Read more →

Quantum computers capable of breaking currently used encryption algorithms are an inevitability. And since the US, China and Europe are sprinting to win that arms race, we know that day is coming sooner rather than later. Will organizations be ready…

Read more →

Written and directed by Kilian Lieb and Max Rainer, Cyberbunker is a Netflix documentary about a group of hackers that enabled the proliferation of dark web forums where illegal materials were bought and sold. Cyberbunker: The Criminal Underworld The documentary…

Read more →

In this Help Net Security video, Dara Gibson, Senior Cyber Insurance Manager at Optiv, discusses cyber insurance and what we should expect to see in 2024: Ransomware, BEC, and pixel privacy claims will remain at the forefront of cyber insurance…

Read more →

AI is dominating the mindshare of IT leaders this year and next, as 72% believe their organization will be using more AI in the next two to three years, according to Snow Software. While AI may be the top priority…

Read more →

Of the 239 vulnerabilities, 33% (79 out of 239) were associated with authentication, authorization and access control (AAA) — foundational pillars of API security, according to Wallarm. Prioritizing AAA principles Open authentication (OAuth), single-sign on (SSO) and JSON Web Token…

Read more →

Next DLP has unveiled a strategic partnership with Torq designed to combat insider risk through heightened detection and automated response actions. Electric adventure vehicle company Rivian will leverage the deep visibility provided by the joint solution to shine a light…

Read more →

AppViewX launched AppViewX SIGN+, a flexible and secure code signing solution that enables DevOps teams to secure their software supply chain. With multiple deployment options, including code signing as a service, AppViewX SIGN+ seamlessly integrates into DevOps processes to enable…

Read more →

Devo Technology has launched Devo Collective Defense, a threat intelligence feed within the Devo Security Data Platform that provides community-based intelligence sharing of threat activity and trends. Devo is also unveiling updates to Devo Exchange and its MITRE ATT&CK Adviser…

Read more →

Entrust has introduced Entrust Verified Signing, a comprehensive solution designed to raise the level of trust and assurance in vital digital transactions and agreements. The Entrust Verified Signing solution integrates identity verification and identity and access management (IAM) with digital…

Read more →

Tanium and ServiceNow partnership provides complete asset visibility by combining Tanium’s real-time endpoint data and remediation with ServiceNow IT operations and security workflows. These two platforms empower automation across the entire estate, providing customers with a complete and accurate Configuration…

Read more →

LastPass announced the rollout of a new vault user interface (UI) on its iOS and Android mobile applications providing all users with easier, more streamlined access to data in their vaults. These changes unify the user experience with a modernized…

Read more →

Keysight Technologies has introduced a first in its class advancement in network testing with the new Keysight Elastic Network Generator (KENG) software – an agile, composable network test platform based on open vendor-neutral API and designed for continuous integration (CI).…

Read more →

Viavi Solutions announced the expansion of its NITRO Wireless portfolio with the addition of XhaulAdvisor, a scalable software solution offering real-time data for fronthaul verification, analysis, emulation and channel utilization. XhaulAdvisor enables Open RAN vendors, operators and OTIC labs to…

Read more →

Veeam Software has launched Veeam Backup for Salesforce v2, available on Salesforce AppExchange. Veeam Backup for Salesforce eliminates the risks of Salesforce data and metadata loss from human, integration, and corruption errors. This newest version from Veeam extends support for…

Read more →

Living Security announced a new partnership and technology integration with Zscaler. Joint customers will realize the benefits of secure internet and SaaS access, secure private access, and human risk quantification, enabling them to reduce risk. The majority of cybersecurity incidents…

Read more →

TrustArc announced significant enhancements across its portfolio of products within the TrustArc Privacy Management Platform designed to enable organizations to implement accountable AI data privacy governance. As AI and machine learning continue to drive innovation and reshape numerous businesses, operations,…

Read more →

ThreatModeler released ThreatModeler, Version 7.0, bringing several new capabilities, including ThreatModeler WingMan (AI assistant), to help streamline the threat modeling process for software security and DevOps teams. ThreatModeler 7.0 enables faster and more consistent threat modeling with features such as…

Read more →

In a significant stride towards fortifying the cybersecurity landscape in the Middle East, Resecurity introduced its Digital Identity Protection (IDP) solution. This strategic move aligns with Resecurity’s commitment to creating a safer digital society and empowering individuals and businesses in…

Read more →

Radiant Security announced the successful closure of a $15 million Series A funding round. This strategic financing, led by Next47, reaffirms the soaring demand for AI-based solutions that address the longstanding challenges faced by Security Operations Centers (SOCs). In addition…

Read more →

HARmor is an open-source tool that sanitizes HTTP Archive files. Easy to install and run, it enables the safe handling and sharing of HAR files. What are HAR files? HAR files are critical for support teams working to debug and…

Read more →

Quantum computing is reshaping our world and will revolutionize many industries, including materials science, life sciences, transportation, and energy. Google recently demonstrated the power of quantum computers by solving a problem in seconds that today’s supercomputers require nearly 50 years…

Read more →

Mainframe systems have served as the bedrock of enterprise networks for years, standing unmatched in terms of reliability, scalability, and data protection. However, security risks have become a pressing concern as the digital landscape evolves, emerging practices like DevOps, the…

Read more →

Funded by the National Security Agency, MITRE’s D3FEND framework is helping to provide standardization, specificity, and repeatability needed by cybersecurity engineers. As the framework moves from the beta version to version 1.0 in 2024, we asked D3FEND creator Peter Kaloroumakis…

Read more →

Organizations reliance on technology has contributed to the fact that their attack surface has grown in size and complexity, according to Armis. Global organizations are facing an unprecedented level of cyber risk due to blind spots in their environment and…

Read more →

Persistent challenges in adhering to established incident management processes pose a significant risk to organizations, amplifying potential downtime costs amidst a surge in service incidents, according to Transposit. Despite a majority of respondents (59.4%) who have a defined incident management…

Read more →

In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the…

Read more →

The Danish energy sector has suffered what is believed to be the most extensive cyberattack in Danish history, according to SektorCERT. Danish energy sector under attack SektorCERT, an organization owned and funded by Danish critical infrastructure (CI) companies, uses a…

Read more →

DirectDefense launched ThreatAdvisor 3.0, its proprietary security orchestration, automation and response (SOAR) platform. Designed to improve the speed, efficiency, and accuracy of DirectDefense’s Security Operations Center (SOC), ThreatAdvisor 3.0 offers continuous security monitoring and management, automates manual processes, and includes…

Read more →

Illumio has expanded its Zero Trust Segmentation Platform with Illumio CloudSecure, enhancing its segmentation portfolio to address attacks across hybrid and multi-cloud environments. Now through a single console, organizations can more quickly reduce the impact of cyberattacks, ransomware, and increase…

Read more →

Kasada announced KasadaIQ, its new suite of attack prediction services. The first service in this suite — KasadaIQ for Fraud — supplies actionable signals, collected across millions of points across the Internet, for businesses who need insight into how bots…

Read more →

Lacework announced its release of code security, which provides Lacework customers full visibility throughout the complete application development lifecycle. Lacework code security helps prevent security issues from getting into the wild by identifying them before code is deployed, and helps…

Read more →

SolarWinds announced major enhancements in its Database Observability capability within the cloud-based SolarWinds Observability platform. SolarWinds Database Observability provides full visibility into open-source, cloud-enabled, and NoSQL databases to identify and address costly and critical threats to their systems and business.…

Read more →

OneSpan introduced its latest innovation to the Digipass Authenticators product line, with DIGIPASS FX1 BIO. This physical passkey with fingerprint scan empowers organizations to embrace passwordless authentication while providing the utmost security against social engineering and account takeover attacks. This…

Read more →

CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday. Most of these bugs are not particularly severe by themselves, but they can be – and…

Read more →

IBM announced that watsonx.governance will be generally available in early December to help businesses shine a light on AI models and eliminate the mystery around the data going in, and the answers coming out. While generative AI, powered by LLM…

Read more →

6clicks announced that it has added SEC Form 8-K content required for event tracking to its incident management module in its GRC platform to help organizations meet new SEC disclosure requirements for qualified cybersecurity events. The new content support empowers…

Read more →

Low code platforms have democratized development in the enterprise. They improve efficiency and enable companies to do more with less. But as you begin to do more you will start hitting speed bumps that eventually become roadblocks. If your releases…

Read more →

In this article, we’ve curated a list of insightful corporate cybersecurity blogs that provide analysis and actionable advice to help you keep your company’s digital assets secure. This list is not meant to be exhaustive since thousands of companies have…

Read more →

In this Help Net Security interview, Marko Gulan, Cyber Security Consultant at Schneider Electric, discusses the complexities of safeguarding industrial control systems (ICS). Our conversation will explore the importance of cross-departmental collaboration, balancing security with system functionality, and the dynamic…

Read more →

Open-source solution k0smotron is enterprise-ready for production-grade Kubernetes cluster management with two support options. Kubernetes cluster management Management and worker planes do not have to run on the same infrastructure provider, making k0smotron ideal for consolidating Kubernetes control planes for…

Read more →

From identifying unusual behavior patterns to detecting unauthorized access, real-time monitoring provides a view of your digital environment, ensuring that threats are spotted and dealt with before they can cause harm. In this Help Net Security video, Costa Tsaousis, CEO…

Read more →

98% of organizations globally are facing a cloud skills gap, specifically in trying to find people with general cloud skills, cloud architecture knowledge, and adapting, monitoring, and troubleshooting for the cloud, according to a report by SoftwareOne. This is causing…

Read more →

It used to take an attacker 44 days on average to exfiltrate data from an organization once it was compromised — now it’s a matter of hours — and with companies taking an average of 5.5 days to initially contain…

Read more →

PCI Pal has joined forces with Zoom Video Communications to deliver an improved customer experience through the integration of PCI Pal Agent Assist and Digital Payments solutions into Zoom Contact Center and Zoom Phone. PCI Pal’s PCI Compliance solutions will…

Read more →

Impinj announced the Impinj R720 RAIN RFID reader. With more processing power and memory than Impinj’s prior-generation reader, the Impinj R720 speeds edge processing and reduces network load and latency, allowing on-reader applications to meet the most demanding requirements of…

Read more →

Qohash introduces data remediation features to bolster organizations’ security and risk management. With this addition, the Qostodian platform now offers end-to-end security workflows, encompassing data discovery, monitoring, and remediation, to significantly enhance organizations’ security posture and risk management capabilities. Qostodian…

Read more →

Network Perception announced a technology integration with Claroty to provide OT network auditors with a comprehensive, independent audit platform to track and verify system changes and enhance network visibility. The combined technology enables auditors to establish an accurate baseline view…

Read more →

Resecurity announced its integration with the Palo Alto Networks Cortex XSOAR Marketplace, a platform for security orchestration, automation, and response (SOAR). This integration allows Resecurity to offer three of its flagship products, Resecurity Context, Resecurity Risk, and Resecurity IDProtect, to…

Read more →

Elliptic Labs has launched its latest product, the AI Virtual Seamless Sensor. Elliptic Labs’ AI Virtual Seamless Sensor enables cross-device user experiences across different operating systems and chipset platforms, using a multi-modal approach to create interoperability between PCs, smartphones, peripheral…

Read more →

In this Help Net Security interview, Sumedh Thakar, President and CEO of Qualys explores the vision behind the Qualys Enterprise TruRisk Platform, a strategic move aimed at redefining how enterprises measure, communicate, and eliminate cyber risk. We delve into how…

Read more →

With each step towards digitalization, from cloud computing to electronic records, the healthcare sector faces mounting risks that threaten not just the privacy but the very wellbeing of patients. In this Help Net Security interview, Taylor Lehmann, Director, Office of…

Read more →

A swing and a miss by the 50 member countries of the International Counter Ransomware Initiative (CRI), headlined by the US, who have confirmed a commitment to collectively address ransomware. Ransomware, as predicted, is growing at tremendous rates and focusing…

Read more →

A majority of both developers and CISOs view software supply chain security as a top priority in their roles (70% and 52% respectively), according to Chainguard. However, there is a clear disconnect and even some distrust between CISOs and developers…

Read more →

Digital transformation projects are top of mind for enterprises. 91% of businesses are currently engaged in some form of digital initiative. Yet, the average cost of a failed, delayed, or scaled-back digital transformation project is more than $4 million dollars.…

Read more →

The risk of personal and professional data being stolen by nefarious actors looms larger than ever, according to Trend Micro. Understanding the risks associated with data theft, which include identity theft, financial loss, reputational harm, and the potential misuse of…

Read more →

Often overlooked but critically essential, backup lies at the core of data security and business continuity. However, data is also susceptible to a myriad of threats, ranging from hardware failures and accidental deletions to malicious cyberattacks. Whether you’re an individual…

Read more →

To maintain a competitive edge, modern organizations are evolving toward highly scalable, flexible and resilient applications – leading to the widespread adoption of cloud native technologies like Kubernetes, according to Venafi. Security challenges in cloud native environments In fact, 84%…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Exploring the global shift towards AI-specific legislation In this Help Net Security interview, Sarah Pearce, Partner at Hunton Andrews Kurth, offers insights into the evolving…

Read more →

SentinelOne has partnered with Snyk to unveil the integration of SentinelOne’s Singularity Cloud Workload Security with the Snyk Developer Security Platform. The integration will correlate the cloud runtime threat detections identified by SentinelOne with vulnerabilities found by Snyk in container…

Read more →

D2iQ released DKP Insights, an automated troubleshooting and diagnostic tool. DKP Insights, along with the newly released DKP AI Navigator, enables enterprise organizations to manage Kubernetes with ease and overcome the industry-wide skills gap that has presented the biggest barrier…

Read more →

The state-owned Industrial and Commercial Bank of China (ICBC), which is one of the largest banks in the world, has been hit by a ransomware attack that led to disrupted trades in the US Treasury market. The attack “On November…

Read more →

Picus Security announced the addition of Picus Attack Surface Validation and AI-driven threat profiling to the Picus Security Validation Platform. The new capabilities give security teams full context of their attack surface so they can accurately prioritize threat exposure based…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Aqua Security, ARMO, Druva, IRONSCALES, Malwarebytes, and Varonis. Varonis enhances its Microsoft 365 offering to prevent sensitive email exposure Varonis announced major enhancements to its…

Read more →

The October forecast for large numbers of CVEs addressed in Windows 10 and 11 and the recent record on the number fixed in Windows Server 2012 was spot on! Microsoft addressed 75 CVEs in Windows 11, 80 in Windows 10,…

Read more →

Adoption and use of AI tools is high across organizations, however many are concerned about the impacts AI will have on their larger data security strategy, according to Immuta. Only half of the respondents say their organization’s data security strategy…

Read more →

“We brought a shovel to fight an avalanche.” That’s the sentiment shared by many business leaders, especially CISOs, CIOs and IT leaders as they face the current cybersecurity threat landscape. Like an avalanche, it’s constantly shifting and changing, moving quickly…

Read more →

In this Help Net Security video, Christina Hoefer, VP of Global Industrial Enterprise at Forescout, discusses why it is time for manufacturers/OT security leaders to “toss the spreadsheet” regarding their traditional methods of tracking data for cyber risk assessments. She…

Read more →

The Kubernetes industry is undergoing rapid change and evolution due to the growth of edge computing, the acceleration of AI, and the pressing need to modernize Kubernetes management in response to increasing technology scale and complexity, according to Spectro Cloud.…

Read more →

Arista Networks announced an expanded zero trust networking architecture that uses the underlying network infrastructure to break down security silos, streamline workflows and enable an integrated zero trust program. Through a combination of Arista-developed technologies and strategic alliances with key…

Read more →

Netskope unveiled the Next Gen SASE Branch: a major step forward in infrastructure that uses Netskope’s Borderless SD-WAN to transform how organizations manage their most critical networking and security functions and optimize enterprise branches everywhere. Information technology teams today seek…

Read more →

Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant. About Sandworm “Sandworm is a threat actor that has carried out cyber operations in support of…

Read more →

Akamai and Deloitte have announced a strategic alliance to provide zero trust microsegmentation and incident response services to Deloitte customers worldwide. This alliance will combine Deloitte’s expertise in cybersecurity, network forensics, and security with the Akamai Guardicore Segmentation solution. This…

Read more →

YesWeHack has unveiled an Attack Surface Management (ASM) product that enables clients to orchestrate their offensive security and vulnerability remediation strategy through a risk-based approach. The new product continuously maps an organisation’s internet-exposed assets, detects their possible exposure to known…

Read more →

GitLab has unveiled updates to GitLab Duo, the company’s suite of AI capabilities, including the beta of GitLab Duo Chat available in the GitLab 16.6 November product release, and the general availability of GitLab Duo Code Suggestions in the GitLab…

Read more →

A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day vulnerability (CVE-2023-34362) in Progress Software’s MOVEit…

Read more →

NetRise has released Trace in the NetRise platform. This new solution allows users to identify and validate compromised and vulnerable third-party and proprietary software assets using AI-powered semantic search for the first time. Trace revolutionizes vulnerability detection and validation by…

Read more →

ManageEngine launched Endpoint Central MSP Cloud, which brings the advantages of the cloud’s scalability, flexibility, and efficiency to the remote monitoring and management (RMM) of endpoints for MSPs. The launch also completes the first stage of the company’s vision for…

Read more →

Ivanti announced its partnership with a provider of tech-enabled cybersecurity solutions, Securin. Fueled by data from Securin’s Vulnerability Intelligence (VI), Ivanti Neurons for Vulnerability Knowledge Base provides authoritative, near-real-time vulnerability threat intelligence so security experts can expedite vulnerability assessments and…

Read more →

SnapAttack announced an expanded partnership with Mandiant, part of Google Cloud, to extend operationalized threat intelligence to organizations of all sizes. Building on its current API integrations, the new endeavor will bring Mandiant’s threat intelligence to customers directly in the…

Read more →

Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “half-day” and “0.75-day” vulnerabilities “Half-day”…

Read more →

Tidal Cyber raised $5 million, led by Squadra Ventures with participation from existing investors, in seed funding to accelerate the growth of its platform that enables security operations teams to proactively focus on critical threats, and take action to improve…

Read more →

Orange Business and VMware are strengthening their partnership to deliver Flexible SD-WAN with VMware as the first fully embedded SD-WAN offering in Evolution Platform. The Orange Business Evolution Platform combines a secured digital infrastructure with an agile, cloud approach to…

Read more →

Quantum computing is poised to be one of the most important technologies of the 21st century. With global governments having collectively pledged more than $38 billion in public funds for quantum technologies and $2.1 billion of new private capital flowing…

Read more →

When managing anti-money laundering (AML) obligations, many challenger banks turn to basic or unproven in-house risk management solutions. Although these solutions can, in some ways, be innovative, they are often built quickly and lack thorough testing, leading to potential vulnerabilities.…

Read more →

Red Piranha has released the latest Crystal Eye consolidated security platform officially in global collaboration with Intel on the 12th of October and more details on the Network Builders Panel with Intel later that month. Crystal Eye 5.0 features best…

Read more →

While organizations are slashing budgets across other departments, IT and security budgets are growing to address evolving IT infrastructure and rising threats from new tactics such as AI-based attacks, according to Axonius. Budget growth in IT and security In fact,…

Read more →

New data reveals artificial intelligence is challenging organizations in significant ways, with only 15% of global tech leaders reporting they are prepared for the demands of generative AI and 88% saying stronger regulation of AI is essential, according to Harvey…

Read more →

Commvault announced Commvault Cloud, powered by Metallic AI – a new platform that is changing the game in how IT and security teams can radically improve cyber resilience in an era of non-stop ransomware and malicious cyberattacks. Commvault Cloud unifies…

Read more →

Phosphorus has integrated with Check Point to provide the asset-centric xIoT visibility at the network level. Phosphorus’s Intelligent Active Discovery (IAD) engine and device posture assessment capabilities are able to enrich network-centric technologies with previously unseen levels of high-resolution xIoT…

Read more →

Palo Alto Networks introduced Strata Cloud Manager, a AI-powered zero trust management and operations solution. With these innovations and over 4,400 machine learning models, Palo Alto Networks is well-positioned to prove the combination of AI and zero trust can best…

Read more →

Entrust has unveiled a technology alliance partnership with NEDAP to deliver interoperability between credential issuance and ID program management capabilities. Managing physical access for people, visitors and assets is complex and ever-evolving. Organizations seek access control programs that can provide…

Read more →

Symmetrium has unveiled its Instant messaging (IM) and SMS data protection solution, which eliminates the corporate security and compliance risks associated with IM usage by employees. With messaging apps now part of daily life in many workplaces, Hackers can exploit…

Read more →

Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious (and annoying) push notifications triggered by attackers. Preventing attacks relying on MFA fatigue When faced with MFA-protected accounts, threat actors repeatedly try…

Read more →