Category: Help Net Security

CommScope launched SYSTIMAX Constellation edge-based platform for connecting and powering tomorrow’s hyperconnected enterprise. The system combines fault-managed power, hybrid power/data fiber and ceiling-based “Constellation Points” in a star topology to connect a vast number of network devices and systems. Compared…

Read more →

The proliferation of APIs has marked them as prime targets for malicious attackers. With recent reports indicating that API vulnerabilities are costing businesses billions of dollars annually, it’s no wonder they are at the top of mind of many cyber…

Read more →

With threats evolving and multiplying, it’s essential to understand how technological advancements can serve as both a challenge and an opportunity to safeguard digital content. In this Help Net Security interview, Rusty Cumpston, CEO at RKVST, discusses blockchain’s role in…

Read more →

Black Hat USA 2023 returned to the Mandalay Bay Convention Center in Las Vegas and Help Net Security was on-site. The conference featured over 100 selected Briefings, open-source tool demos in the Arsenal, a Business Hall, networking events, and more.…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Adaptive Shield, LastPass, NetSPI, Solvo, ThreatConnect, and Vicarius. NetSPI launches ML/AI Pentesting solution to help organizations build more secure models NetSPI has debuted its ML/AI…

Read more →

Malware, being one of the most prevalent and pervasive initial threat vectors, continues to adapt and become more sophisticated, according to OPSWAT. Crucial role of threat intelligence Threat actors leverage malware as an initial foothold to infiltrate targeted infrastructures and…

Read more →

Like many leaders in the cybersecurity space, the professional journey of Mihoko Matsubara did not necessarily begin with securing devices or technology. However, once she discovered it, she was hooked. Discussing her career path with the Left to Our Own…

Read more →

Today, individual people – not businesses or government entities as a whole – are the primary targets, or entry points, for all major cyberattacks, according to Agency. Yet, while the cyber threat landscape has seen this major shift, security software…

Read more →

As we entered 2023, the cybersecurity landscape witnessed an increase in sophisticated, high-volume attacks, according to Gcore. The maximum attack power rose from 600 to 800 Gbps. UDP flood attacks were most common and amounted to 52% of total attacks,…

Read more →

Detectify announced enhancements to its platform that can significantly help to elevate an organization’s visibility into its attack surface. Many organizations need help gaining visibility into the IP addresses across their whole environment. Detectify’s new capabilities enable organizations to uncover…

Read more →

Lumen is introducing Lumen Data Protect, a service for companies battling the growing risks associated with data corruption and security failure. Lumen Data Protect is an enterprise grade, fully managed data protection service built on the Lumen edge and backed…

Read more →

Calix expanded security measures in Calix SmartBiz to enable broadband service providers (BSPs) to seamlessly serve their small business markets. With 43% of all cyberattacks targeting businesses with fewer than 250 employees, small and medium business owners need powerful and…

Read more →

Fortra has released new integrations for its offensive security solutions that streamline capabilities for vulnerability management, penetration testing, and red teaming. Working together, the solutions apply the same techniques used by threat actors to identify and exploit gaps in an…

Read more →

Lookout launched Lookout SAIL, a new generative artificial intelligence (gen AI) assistant that will reshape the way cybersecurity professionals interact with Lookout Mobile Endpoint Security and Lookout Cloud Security solutions and conduct cybersecurity analysis and data protection. In the rapidly…

Read more →

Critical Start introduced Managed Cyber Risk Reduction (MCRR), a new approach to security designed to reshape the way businesses combat cyber risks. MCRR, the next evolution of MDR, provides a comprehensive managed solution to address risks, vulnerabilities, and threats. It’s…

Read more →

Exabeam and Cribl have announced a new strategic partnership. The partnership enables New-Scale SIEM to more quickly and securely ingest data for enterprises and accelerate deployment. With a shared mission to empower security teams to seamlessly integrate the right data…

Read more →

Appdome has unveiled that Bugcrowd joined its new Mobile App Defense Project, a community program aimed at improving mobile DevSecOps for everyone. This collaboration aims to create a more secure mobile app economy, raise the bar on mobile app defense,…

Read more →

Check Point signs a definitive agreement to acquire Perimeter 81, a Security Service Edge (SSE) company. With this acquisition, Check Point will help organizations accelerate the adoption of secure access across remote users, sites, cloud, datacentres, and the internet, all…

Read more →

Illumio released Illumio for Microsoft Azure Firewall. Illumio for Azure Firewall visualizes and secures traffic between Azure resources and simplifies firewall rule management with zero trust segmentation. Illumio for Azure Firewall builds resilience to ransomware and other cyberattacks while also…

Read more →

MITRE is collaborating with Robust Intelligence to enhance a free tool to help organizations assess the supply chain risks of publicly available artificial intelligence (AI) models online today. The collaboration also includes work with Indiana University to develop automated risk…

Read more →

Bionic has unveiled a series of new product innovations to help enterprises manage application risk in production. Bionic has introduced a new ServiceNow Service Graph Connector that provides engineering and security teams with a real-time configuration management database (CMDB) of…

Read more →

Adaptive Shield announced its Identity Threat Detection and Response (ITDR) capabilities to help organizations mitigate identity-related threats. When paired with its SaaS Security Posture Management (SSPM) solution, ITDR addresses the complete SaaS ecosystem security lifecycle. Adaptive Shield’s ITDR features security…

Read more →

Conceal introduced the ConcealSherpaAI engine, a secure browser extension powered by AI to identify potentially harmful webpages autonomously. By examining and evaluating metadata signals on a webpage, ConcealSherpaAI determines whether to quarantine, block, or permit access. The embedded artificial intelligence…

Read more →

A phishing campaign leveraging the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at over 100 organizations around the world. The rise of phishing-as-a-service As organizations increasingly employ multi-factor authentication (MFA),…

Read more →

SentinelOne has launched Singularity Ranger Insights. The solution removes the complexity from vulnerability management, enabling companies to continuously discover unmanaged assets, evaluate and prioritize threats and mitigate risk using a single console and agent. “Today’s work-from-anywhere world has opened the…

Read more →

The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the internet and critical infrastructure. The AI Cyber Challenge (AIxCC) will challenge competitors across the…

Read more →

LastPass announced the availability of FIDO2 authenticators, including biometrics, such as finger print or face ID, and hardware keys, for its Passwordless Login solution. This innovation allows LastPass customers to experience a seamless passwordless login to their vaults with the…

Read more →

Some ten years ago, the authors of The Second Machine Age wrote that “computers and other digital advances are doing for mental power—the ability to use our brains to understand and shape our environments—what the steam engine and its descendants…

Read more →

In this Help Net Security video, Kaus Phaltankar, CEO at Caveonix, discusses how the recent approval of the FedRAMP Rev. 5 Baselines is a significant step forward in the cloud security and compliance domain. The implications for CSPs and third-party…

Read more →

In the face of rising cyber threats, the healthcare sector has become a hotbed for cyberattacks. Given the gravity of this situation, we sat down with Shenny Sheth, Deputy CISO at Centura Health, who sheds light on the contributing factors…

Read more →

Email attacks have increased in both sophistication and volume since the start of the year, according to Abnormal Security. Examining data since 2013, Abnormal identified a massive increase in third-party applications (apps) integrated with email, underscoring the proliferation of an…

Read more →

Enterprises are turning to private networks to enhance security and resiliency, according to Spirent. “Private networks are emerging as a viable alternative to traditional enterprise networks, offering a wide range of benefits,” said Spirent’s principal strategist for private networks, Marc…

Read more →

Gurucul has launched its new generative AI capability called Sme (Subject Matter Expert) to accelerate threat detection, supercharge security investigations and automate responses. Sme AI empowers Security Operations Center (SOC) analysts with powerful insights into a rich, correlated dataset across…

Read more →

NetRise announced advanced capabilities for maintaining and working with Software Bill of Materials (SBOMs) and support for the CISA’s KEV Catalog for managing and understanding the risks associated with software components in the firmware of connected devices. As the security…

Read more →

Dynatrace introduced Security Analytics, a new Dynatrace platform solution designed to help organizations better defend against threats to their hybrid and multicloud environments. Dynatrace Security Analytics leverages Davis AI, which combines predictive and causal AI techniques to provide security analysts…

Read more →

eSentire has expanded its proprietary software and services portfolio with the introduction of its new MDR Agent. The eSentire Agent is the latest innovation of the firm’s SaaS-based Extended Detection and Response (XDR) Platform, developed specifically for small and medium…

Read more →

Whistic unveiled new artificial intelligence (AI) capabilities designed to transform the future of third-party risk management. The first in an ongoing rollout of leading-edge AI advancements, this announcement signals Whistic’s commitment to a unified assessment experience with artificial intelligence as…

Read more →

Vicarius launched vuln_GPT, an LLM model trained to generate remediation scripts for software vulnerabilities in the race to find and fix vulnerabilities faster than hackers. The vuln_GPT engine will be freely offered within vsociety, Vicarius’ social community for security researchers.…

Read more →

Kyndryl and Microsoft announced a joint effort to enable the adoption of enterprise-grade generative AI solutions for businesses on The Microsoft Cloud. Leveraging the partnership’s Joint Innovation Centers, Kyndryl’s growing patent portfolio in data and AI, and its access to…

Read more →

Cymulate announced innovations designed to deliver threat-informed defense through comprehensive exposure management and security validation for cloud infrastructure. The Cymulate Exposure Management and Security Validation platform now includes new and expanded cloud-focused attack simulation templates and resources to cover all…

Read more →

Appdome announced a collaboration with NetSPI, the global leader in offensive security as part of its launch of Appdome’s new Mobile App Defense Project, a community program aimed at improving mobile DevSecOps for everyone. This collaboration aims to create a…

Read more →

DigiCert announced the expansion of its certificate management platform, DigiCert Trust Lifecycle Manager, to provide full lifecycle support for multiple CAs including Microsoft CA and AWS Private CA, as well as integration with ServiceNow to support existing IT service workflows.…

Read more →

Ghost Security launched the Ghost Platform, a discovery and threat detection capability for modern, cloud-native applications. The Ghost Platform automatically uncovers every application and API associated with an organization, mapping and understanding the relationships each has to sensitive data, and…

Read more →

Computer Integrated Services (CIS) has partnered with Island. This relationship will allow CIS to resell Island’s product portfolio across its nationwide customer base, offering CIS’ technology services and consulting with the innovation of the Island Enterprise Browser. As organizations turn…

Read more →

A variety of Intel Core processors and the devices using them are vulnerable to “Downfall”, a new class of attacks made possible by CVE-2022-40982, which enables attackers to access and steal sensitive data such as passwords, encryption keys, and private…

Read more →

BigID has introduced its Data Risk assessment reporting capability. BigID’s Data Risk Assessment allows organizations to streamline data security posture reporting, providing comprehensive insights about their data risks and vulnerabilities with respect to sensitivity, volume, location, and accessibility in just…

Read more →

Sonet.io announced support for data loss protection, monitoring and observability capabilities for the generative AI era. Sonet.io will be able to detect when sensitive data is downloaded, uploaded, copied, pasted or typed into generative AI tools, allowing organizations to realize…

Read more →

Google has revealed new cellular security mitigations that will be available for users and enterprises on its soon-to-be-released Android 14, and announced a new release schedule for Chrome Stable channel updates. Boosting network security on Android 14 Even though 2G…

Read more →

Bectran launched revolutionary Advanced Fraud Prevention Suite. This suite of risk mitigation services is designed to empower businesses with fraud detection capabilities through comprehensive, adaptable risk models for enhanced decision making, online presence evaluation and customizable risk thresholds for risk…

Read more →

Sophos has announced that Sophos X-Ops will lead three presentations at Black Hat and DEF CON, taking place this week in Las Vegas. Speaker presentations from Sophos Managed Detection and Response (MDR) security operations experts, threat researchers, data scientists, and…

Read more →

A series of ransomware attacks made by different groups share curiously similar characteristics, according to Sophos. Sophos released new findings into the connections between the most prominent ransomware groups this past year, including Royal, in its Clustering Attacker Behavior Reveals…

Read more →

At Black Hat USA 2023, Tenzir launched its new security data pipeline platform. The solution delivers an easier and more cost-effective approach to solve the growing data engineering challenges typically faced by security teams. Tenzir pipelines allow for the collection,…

Read more →

Barracuda Networks is teaming with Cork to offer cyber warranty program created for MSPs to offer to the SMB clients they serve. Barracuda is introducing the Barracuda Cyber Warranty through its relationship with Cork. This is a financial protection product…

Read more →

The abuse of zero-day and one-day vulnerabilities in the past six months led to a 143% increase in victims when comparing Q1 2022 with Q1 2023, according to Akamai. Ransomware groups target the exfiltration of files The report also found…

Read more →

With the increasing complexity of cyber threats and the global shortage of cybersecurity experts, organizations are looking for creative approaches to recruiting and retaining top talent. In this Help Net Security interview, Jon Check, Executive Director of Cybersecurity Protection Solutions…

Read more →

Cybersecurity has witnessed exponential growth in recent years, fueled by the increasing sophistication of cyber threats. As the demand for skilled professionals continues to surge, traditional approaches to education and job requirements are being challenged. In this article, I will…

Read more →

SandboxAQ launched Sandwich, an open-source framework that simplifies modern cryptography management and enables developers to steer their organizations towards cryptographic agility. With a unified API, Sandwich empowers developers to embed the cryptographic algorithms of their choice directly into their applications…

Read more →

Ransomware shows no signs of slowing, with ransomware activity ending 13 times higher than at the start of 2023 as a proportion of all malware detections, according to Fortinet. Ransomware detections 1H 2023 FortiGuard Labs has documented substantial spikes in…

Read more →

August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in .NET and Visual Studio (CVE-2023-38180) for which proof-of-exploit code exists. Other than the fact that a patch is…

Read more →

Code42 Software has partnered with Tines to release Incydr Flows, powered by Tines. With the automation capabilities of Tines, the integration enables security teams to simplify manual, error-prone, and cross-functional workflows by automating actions between the Code42 Incydr solution and…

Read more →

ThreatX has unveiled new sensitive data exposure capabilities for APIs that help security teams detect and visualize API transactions that contain sensitive user information (e.g., personally identifiable information) and authentication data. This will help boost the security of high-risk APIs,…

Read more →

SecurityScorecard has unveiled new partner-focused Managed Cyber Risk Services designed to help customers of all types and sizes operationalize third-party cyber risk management. With 98% of organizations having a relationship with at least one-third party that experienced a breach, SecurityScorecard…

Read more →

The XDR Alliance released a new set of open-source API specifications that help leading cybersecurity vendors collaborate and integrate their technology solutions. As a result, end user customer organizations worldwide can rationalize their disparate and previously siloed cybersecurity solutions, enabling…

Read more →

Silobreaker has introduced new risk scoring capabilities to help threat intel teams better understand, categorise and prioritise the cybersecurity risks facing their organisations. The new features include a convenient way to interpret and compare the Indicators of Compromise (IOC) risk…

Read more →

Abnormal Security announced CheckGPT, a new capability to detect AI-generated email attacks. The new capability determines when email threats, including business email compromise (BEC) and other socially-engineered attacks, have likely been created using generative AI tools. Cybercriminals are constantly evolving…

Read more →

North Korean state-sponsored hackers have breached Russian missile maker NPO Mashinostroyeniya, according to SentinelLabs researchers. North Korean hackers discovered The researchers came across leaked email communication between NPO Mashinostroyeniya’s IT staff that contained information about a possible cyber intrusion first…

Read more →

Vectra AI has launced the Vectra AI Platform with patented Attack Signal Intelligence to deliver the integrated signal enterprises need to make extended detection and response (XDR) a reality. With the Vectra AI Platform, enterprises can integrate Vectra AI’s public…

Read more →

Cloud security breaches are a major threat to organizations with an average detection time of 277 days and human error contributing to 85% of Incidents. To address this challenge, Solvo launched SecurityGenie, a prompt-based cloud security solution with instant and…

Read more →

Open Raven announced Data Detection and Response (DDR) capabilities, support for Amazon Redshift, workflow automations, real-time scanning, and AI-enabled asset discovery. These new developments build on existing automated data discovery, classification, and posture management, to include live monitoring of critical…

Read more →

NetSPI has debuted its ML/AI Pentesting solution to bring a more holistic and proactive approach to safeguarding machine learning model implementations. The solution focuses on two core components: Identifying, analyzing, and remediating vulnerabilities on machine learning systems such as Large…

Read more →

ComplyCube has enhanced its Document Authentication service to counter ‘screen replay attacks’, where scammers attempt to use IDs displayed on digital screens for illicit access to products and services. The announcement arrives in the context of a rise in identity…

Read more →

Though typically seen as a final measure, 90% of participants from a BigID survey revealed that their company would contemplate paying a ransom if it meant they could recover data and business processes, or recover them faster. In this Help…

Read more →

Late last month, the Transportation Security Administration renewed and updated its security directive aimed at enhancing the cybersecurity of oil and natural gas pipelines. The reissued guidance, known as Security Directive (SD) Pipeline-2021-02D Pipeline Cybersecurity Mitigation, Actions, Contingency Planning, and…

Read more →

Average response time accelerated from 29 to 19 days, from 2021 to 2022, with lessons from Log4j and other high-profile vulnerabilities having a significant impact on urgency levels, according to Immersive Labs. Faster response time to new threats Improvements to…

Read more →

In this Help Net Security video, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber, discusses threats against the financial sector. Threat actors will invariably target banks, yet by keeping an eye on the dark web, these institutions can identify…

Read more →

There’s an old adage in business: if you’re not measuring something, you can’t manage it. These days, information technology (IT) and information security professionals know this all too well, especially when it comes to configuration assessments. Network performance requires constant…

Read more →

As artificial intelligence amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. The report underscores the escalating stakes in human cyber risks, particularly…

Read more →

ThreatConnect announced its new Intelligence Requirement capability. This new capability strengthens ThreatConnect’s TI Ops Platform by allowing customers to define, manage, and track their intelligence requirements (IRs), priority intelligence requirements (PIRs), and requests for information (RFIs) more effectively, making it…

Read more →

Researchers from several UK universities have proven that the recorded sounds of laptop keystrokes can be used to obtain sensitive user data such as passwords with a high accuracy. Sounds of keystrokes can reveal passwords, other sensitive data Side-channel attacks…

Read more →

Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be exploited by unauthenticated attackers to execute code remotely. But, they noted, unlike the PaperCut vulnerability (CVE-2023-27350) recently…

Read more →

To help companies strengthen their cyber resilience and revolutionize their security operations, Hunters and Kudelski Security have entered a strategic partnership, cybersecurity company Hunters announced. As part of the partnership, Kudelski Security will integrate the Hunters SOC Platform into their…

Read more →

The line between physical and digital safety continues to blur, making cybersecurity a universal concern. The intricacies of cybersecurity can often feel esoteric, leaving many outside the industry feeling daunted. However, with increasing resources becoming available, getting a handle on…

Read more →

In this Help Net Security interview, we delve into the world of cybersecurity with Michael Adams, the CISO at Zoom. Adams analyzes how organizations grapple with the effects of workforce shortages and remote work complications, offering insights into best practices…

Read more →

Ransomware remains a lucrative tool for cybercriminals as attackers continue to target a wide array of businesses. In response to this growing threat, an increasing number of organizations are compelled to meet ransom demands, perceiving it as their only viable…

Read more →

Government organizations are attractive targets for threat actors whose motivations may be geopolitical, financial, or disruption, according to BlackBerry. Because threat actors may include private individuals, small groups, or state-sponsored APT groups (which use APT tactics), government organizations must defend…

Read more →

The software supply chain encompasses the entire lifecycle of a software product, from its conception and development to its distribution and deployment. It involves a complex network of suppliers, vendors, developers, integrators, and users, making it susceptible to many potential…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Open-source penetration testing tool BloodHound CE released SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps…

Read more →

Cybersecurity agencies from member countries of the Five Eyes intelligence alliance have released a list of the top 12 vulnerabilities routinely exploited in 2022, plus 30 additional ones also “popular” with attackers. The top 12 “In 2022, malicious cyber actors…

Read more →

Datadog announced Security Inbox, a new capability for engineers to prioritize and remediate the most important security issues impacting their production applications. Traditional security products specialize in identifying massive volumes of specific risks such as runtime attacks, vulnerabilities or misconfigurations.…

Read more →

Kinetic Business has launched a new cybersecurity product, Managed Detection and Response (MDR), designed exclusively for business customers. The all-in-one security solution protects business data, network, applications, and users from evolving and sophisticated cyber threats. As cyberattacks become more frequent…

Read more →

Cobalt Iron released Compass Migrator, a new capability of the Cobalt Iron Compass enterprise SaaS backup platform. Large enterprises are using Compass Migrator to gain control of their backup operations and data, move to the most modern backup technology available,…

Read more →

Deepfence released ThreatStryker, an enterprise offering built on top of ThreatMapper. “Deepfence has changed the economic landscape of cloud security with our open source first strategy which insists that companies shouldn’t have to pay to know what the security posture…

Read more →

The continued onslaught of phishing attacks, ransomware deployment, and other exploitation is forcing the community to pay closer attention to early identification, as well as fast response, to vulnerabilities in their software. In July alone Microsoft addressed 84 CVEs in…

Read more →

Datadog introduces the Intelligent Test Runner, helping development teams save time, minimize failures and optimize costs. Traditional testing solutions run the entirety of a test suite against every code change, regardless of how small and isolated a change might be.…

Read more →

Google is making it easier for users to remove personal contact information and personal, non-consensual explicit imagery from Google search results. “Of course, removing content from Google Search does not remove it from the web or other search engines, but…

Read more →

As the healthcare industry continues its rapid transformation through the adoption of digital technologies, it is also confronted with an ever-expanding range of cybersecurity threats. In this Help Net Security interview, Dr. Omar Sangurima, Principal Technical Program Manager at Memorial…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Forescout, Menlo Security, Qualys, Sonar, SpecterOps, Synopsys, Traceable AI, and Lineaje. Open-source penetration testing tool BloodHound CE released SpecterOps released version 5.0 of BloodHound Community…

Read more →

Cybersecurity risk is distinct from other IT risk in that it has a thinking, adaptive, human opponent. IT generally must deal with first order chaos and risk much like hurricanes in meteorology or viruses in biology: complex and dangerous –…

Read more →

Organizations are expressing deep concerns about their network security due to the risks from VPNs, according to a new Zscaler report. The report stresses the need for organizations to reevaluate their security posture and migrate to a zero-trust architecture due…

Read more →

The importance of networking to and within cloud environments has grown significantly for enterprise customers as more and more applications, workloads, and data are moved to the cloud, according to IDC. IDC estimates that worldwide revenue for public cloud-based infrastructure…

Read more →