Category: Help Net Security

Contrast Security extends its application security testing (AST) platform to support testing of Large Language Models (LLMs) from OpenAI. In this first release, Contrast rules help teams that are developing software using the OpenAI application programming interface (API) set to…

Read more →

Dasera releases Mesa Verde, empowering organizations to safeguard structured and unstructured data with precision and efficiency. Now with a comprehensive and seamless approach to securing unstructured data sources, Dasera is redefining the standards of data security. Unlike traditional models, its…

Read more →

CISO Global has strengthened its security management platform Argo to increase the effectiveness of security teams who now can access real-time data across tool sets to make better informed decisions. The platform is able to aggregate data in real time…

Read more →

Endor Labs raises $70 million in oversubscribed Series A financing from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, Section 32, and over 30 industry-leading CEOs, CISOs, and CTOs. Arif Janmohamed of Lightspeed, Sri Viswanath of Coatue and former CTO…

Read more →

An APT group linked to Russia’s Foreign Intelligence Service has hit employees of several dozen global organizations with phishing attacks via Microsoft Teams, says Microsoft. A social engineering attack to bypass MFA protection “To facilitate their attack, the actor uses…

Read more →

Onyxia unveiled a AI-powered Cybersecurity Performance Management (CPM) platform, a vital management platform for security leaders to better measure the performance of their cybersecurity programs and reduce risk. By having real-time Cybersecurity Performance Indicator (CPI) metrics and actionable security program…

Read more →

Lineaje unveiled BOMbots, AI-based automation bots that deliver optimized recommendations and remediations across the entire supply chain. These AI-based automation bots analyze deep software bill of materials (SBOMs) to deliver optimized recommendations and remediations across the entire supply chain. Using…

Read more →

Torq announced an evolution of the Torq security Hyperautomation platform: Torq Socrates, cybersecurity’s Tier-1 analysis AI Agent. Torq Socrates is designed to transform security operations by using AI to hyperautomate key security operations activities, including alert triage, contextual data enrichment,…

Read more →

Deloitte and Palo Alto Networks announced a new product and service offering, Secure Software Development Lifecycle (SSDL), to help clients reduce “alert fatigue,” increase operational efficiency and decrease time to market. SSDL is a modular orchestration platform powered by Palo…

Read more →

Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile (EPMM). “The vulnerability was incidentally resolved in MobileIron Core 11.3 as part…

Read more →

Sophos released new findings on CryptoRom scams—a subset of pig butchering schemes designed to trick users of dating apps into making fake cryptocurrency investments. Since May, Sophos X-Ops has observed CryptoRom fraudsters refining their techniques, including adding an AI chat…

Read more →

With the rise of ML, traditional red teams tasked with probing and exposing security vulnerabilities found themselves facing a new set of challenges that required a deep and comprehensive understanding of machine learning. Google’s recent announcement about the formation of…

Read more →

A group of international researchers has achieved a breakthrough in computer security by developing a new and highly efficient cipher for cache randomization. The innovative cipher, designed by Assistant Professor Rei Ueno from the Research Institute of Electrical Communication at…

Read more →

Amid a recent uptick in cybercrime on local governments, cities have been left to recover for months after the initial attack. For example, leaders in Dallas, Texas are ready to spend months recovering from an attack that hindered the city’s…

Read more →

Ermetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are easy to deploy and destroy. It is available on GitHub. CNAPPgoat supports AWS, Azure (Microsoft…

Read more →

AI professionals are still facing some very real challenges in democratizing data, much less AI (much less Generative AI), across their organizations, according to Dataiku. While the global survey of 400 respondents revealed broad enthusiasm and action around Generative AI,…

Read more →

Traceable AI introduced digital fraud prevention capabilities, to deliver protection against fraudulent activities across APIs and digital interfaces. This innovation is crucial, especially in the post-COVID era, as businesses continue to grapple with the high cost of fraud, both financially…

Read more →

The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email sample as was sent from the “@salesforce.com” email address The vulnerability allowed threat actors to craft targeted…

Read more →

Sonar announced a significant advancement of its Clean Code offering – developers can now automatically discover and fix code security issues arising from interactions between user source code and third-party, open-source libraries. Referred to as deeper SAST, the new advanced…

Read more →

PrivacyHawk launched the Privacy Score, an easy way for individuals to learn their privacy and personal data risk like a credit score. The Privacy Score calculates and rates privacy and data risk on a scale between 300 and 850, the…

Read more →

Cyble has been steadily gaining recognition as the favored solution for Dark Web and Threat Intelligence among cybersecurity specialists. They just announced a $24 million injection of capital through Series B funding. The funding round, co-led by Blackbird Ventures and…

Read more →

Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as to non-EC2 machines (e.g., on-premises enterprise servers and virtual machines, and VMs…

Read more →

Armis announced a strategic partnership with international cybersecurity consulting firm, Security Risk Advisors (SRA). This collaboration empowers joint customers as both organizations leverage their respective areas of expertise to secure operational technology (OT) and protect cyber physical systems (CPS). As…

Read more →

1Password announced the appointment of Melton Littlepage as its Chief Marketing Officer (CMO). With over 20 years of experience driving innovation, category creation, and growth across global security and technology companies, Littlepage will enable the company to meet growing enterprise…

Read more →

ClearSale launched its new Brand Protection platform. Brand Protection by ClearSale uses AI and digital intelligence to continuously scan for and report brand impersonation attacks such as fake social profiles, ads, and websites; counterfeit products; and phishing attacks. “ClearSale has…

Read more →

Technology is accelerating faster than it ever has before, giving IT and security teams more tools to fend off cybersecurity attacks from an increasingly diverse slate of bad actors, according to Comcast Business. Cybercriminals employ sophisticated tactics However, the tactics…

Read more →

In this Help Net Security interview, Attila Török, CISO at GoTo, discusses how to balance technical expertise and leadership and how he navigates the rapidly evolving technological landscape. We also delve into the key challenges faced in communicating complex security…

Read more →

The overarching mission of the US-based non-profit organization the Tor Project is to advance human rights and make open-source, privacy preserving software available to people globally, so that they can browse the internet privately, protect themselves against surveillance and bypass…

Read more →

BEC and phishing attacks soar by 20% and 41% respectively in H1 2023, according to Perception Point. Cyber attackers have continued to refine their methods, adopting more sophisticated techniques to exploit vulnerabilities across various sectors. With the ever-increasing reliance on…

Read more →

SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. It is available for free on GitHub. Identifying…

Read more →

With Balbix, compliance teams can not only access current and up-to-date CIS Benchmarks reports but also understand their most significant and critical assets and take steps to mitigate security risks. With Balbix, security and compliance teams can align, improving overall…

Read more →

Forescout unveiled Risk and Exposure Management, its cloud-native product designed to collate all data sources associated with an enterprise’s connected assets and calculate a unique multifactor risk score for each asset, offering a more intuitive and quantitative approach to risk…

Read more →

Tessian launched Abuse Mailbox Response product – the second in its Respond product line. Also included in this release is API-based remediation, new email threat and DLP insights dashboards, and an updated visual design. Today’s security teams are limited by…

Read more →

Synopsys launched Synopsys Software Risk Manager, a new application security posture management (ASPM) solution. Software Risk Manager enables security and development teams to simplify, align and streamline their application security testing across projects, teams and application security testing (AST) tools.…

Read more →

Mobb announced its AI-powered technology that automates vulnerability remediations to significantly reduce security backlogs and free developers to focus on innovation. Mobb ingests SAST results from various scanning tools and automatically fixes code, while keeping the developers informed during the…

Read more →

Cisco is enhancing its Extended Detection and Response (XDR) solution. By adding recovery to the response process, Cisco XDR is redefining what customers should expect from security products. This announcement brings near real-time recovery for business operations after a ransomware…

Read more →

Monte Carlo announced Data Product Dashboard, a new capability that allows customers to define a data or AI product, track the health of corresponding data tables and training sets, and report on the product’s reliability to business stakeholders, directly in…

Read more →

Schneider Electric launched a Managed Security Services (MSS) offering to help customers in OT environments address the increased cyber risk associated with the demand for remote access and connectivity technologies. With the manufacturing industry reporting the highest share of cyberattacks…

Read more →

Menlo Security announced HEAT Shield and HEAT Visibility, a suite of threat prevention capabilities designed to detect and block highly evasive threats targeting users via the web browser. Menlo Security HEAT Shield detects and blocks phishing attacks before they can…

Read more →

After the release of a National Cybersecurity Strategy and its implementation plan, the Biden-Harris Administration has unveiled the National Cyber Workforce and Education Strategy (NCWES), “aimed at addressing both immediate and long-term cyber workforce needs.” The National Cyber Workforce and…

Read more →

Dynatrace has signed a definitive agreement to acquire Rookout, a provider of enterprise-ready and privacy-aware solutions that enable developers to troubleshoot and debug actively running code in Kubernetes-hosted cloud-native applications. The addition of Rookout to the Dynatrace platform will help…

Read more →

In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days functioning as zero-days Zero-days are software bugs that are unknown to the vendor but known…

Read more →

Cyborg Security announced the introduction of a REST API into its HUNTER Platform. This new feature is designed to supercharge organizations’ threat hunting capabilities by automating key processes and workflows. “Since our inception, Cyborg Security has been committed to building,…

Read more →

CyFox researchers have discovered a DLL planting/hijacking vulnerability in popular media center application Stremio, which could be exploited by attackers to execute code on the victim’s system, steal information, and more. About the vulnerability DLLs (dynamic link libraries) are files…

Read more →

With the average price tag for a healthcare data breach at an all-time high, the overall financial damage to an organization is high regarding economic loss and reputation repair. According to the Cybersecurity and Infrastructure Security Agency (CISA), using improperly…

Read more →

Gartner estimates that in 2023 worldwide end-user spending on public cloud services will grow by 21.7% and hit nearly $600 billion. Even as the economic downturn has most businesses looking for ways to tighten their belts, the cloud remains one…

Read more →

With exponential growth in the number of human and machine actors on the network and more sophisticated technology in more places, identity in this new era is rapidly becoming a super-human problem, according to RSA. Paradoxically, even in this world…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: BreachRx, Code42, ComplyAdvantage, Darktrace, Dig Security, Diligent, Fidelis Cybersecurity, Hubble, Netscout, Panorays, Privacera, Regula, SeeMetrics, Tenable, and WatchGuard. WatchGuard expands identity protection capabilities with AuthPoint…

Read more →

78% of Europe’s largest financial institutions experienced a third-party breach in the past year, according to SecurityScorecard. In the wake of attacks such as MOVEit and SolarWinds, cybersecurity regulations are increasing the need for comprehensive approaches to manage vendor risk…

Read more →

Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted Last week, we reported on a remote unauthenticated API access vulnerability (CVE-2023-35078) affecting Ivanti EPMM having been exploited to…

Read more →

Oracle Cloud Infrastructure (OCI) has introduced a new Secure Cloud Computing Architecture (SCCA) for the U.S. Department of Defense (DoD). The solution helps make security compliance and cloud adoption for mission-critical workloads easier, faster, and more cost effective by using…

Read more →

DELL introduces new offerings to help customers securely build generative AI (GenAI) models on-premises to accelerate improved outcomes and drive new levels of intelligence. New Dell Generative AI Solutions, expanding upon our May’s Project Helix announcement, span IT infrastructure, PCs…

Read more →

The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection vulnerability in Barracuda Email Security Gateway (ESG) appliances. Barracuda ESG zero-day exploit and backdoors In late May,…

Read more →

The most widely used method for ransomware delivery in 2022 was via URL or web browsing (75.5%), Palo Alto Networks researchers have found. In 2021, it was email attachments (i.e., delivery via SMTP, POP3, and IMAP protocols), but in 2022…

Read more →

What separates superstar CISOs from the rest of the pack is that they are keenly aware of the burgeoning threat landscape and the cybersecurity skills shortage, but they don’t give in to despair. Instead, they use their existing assets to…

Read more →

Most organizations lack strong cyber resilience strategies or data security capabilities to address threats and maintain business continuity, according to BigID. Despite both the rise in threats and the high percentage of respondents whose organizations suffered recent attacks, there hasn’t…

Read more →

Open source refers to software or technology that is made available to the public with its source code openly accessible, editable, and distributable. In other words, the source code contains the underlying programming instructions and is freely available for anyone…

Read more →

A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. In fact, relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was shown…

Read more →

In this Help Net Security interview, Jean-Charles Chemin, CEO of Legapass, provides insight into the correlation between maintaining customer trust and protecting sensitive customer data. He emphasizes how a data privacy vault can reinforce customer trust by offering protection against…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Key factors for effective security automation In this Help Net Security interview, Oliver Rochford, Chief Futurist at Tenzir, discusses how automation can be strategically integrated…

Read more →

BlackBerry announced that it will participate in Cybertech Africa, in Rwanda. The first-of-its kind event in the region will convene government officials and technology leaders to advance cybersecurity in Africa and will be held from August 1-2. At Cybertech Africa,…

Read more →

Baffle unveiled Baffle Data Protection Services with Advanced Encryption, a privacy-enhanced technology solution that enables analytical and operational computations on protected, regulated data. Baffle’s no code, data-centric software protects data in a performant manner without specialized hardware, giving companies control…

Read more →

Citrix announced expanded capabilities for its cloud and on-premises solutions for the hybrid world. As part of this expansion, Desktop-as-a-Service (DaaS) and virtual desktop infrastructure (VDI) offerings are now combined in a Citrix Universal subscription. These offerings include a recent…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from BreachRx, Darktrace, Dig Security, Panorays, and SeeMetrics. Panorays unveils cybersecurity enhancements for supply chains Panorays announced two capabilities – Supply Chain Discovery and Risk Insights…

Read more →

In the wake of increased workforce mobility, today’s organizations require more innovative, more flexible, and more secure methods of granting network and application access to their workers. ZTNA adoption The encryption-based security approach leveraged by the virtual private networks (VPNs)…

Read more →

The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace. In this Help Net Security video, Kelly Rozumalski, a Senior VP leading Booz Allen’s national…

Read more →

For every 10,000 enterprise users, an enterprise organization is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month, according to Netskope. Source code accounts for the largest share of sensitive data being exposed. Based on data…

Read more →

The majority of organizations are on the road to implementing a zero trust framework to increase their overall security risk posture, according to PlainID. However, only 50% said that authorization makes up their zero trust program – potentially exposing their…

Read more →

Seraphic Security has extended its enterprise browser security solution to digital workplace apps. The Seraphic Security Platform works across any browser and any device ensuring both safe browsing and enforcing corporate policies across cloud-based corporate applications such as AWS, Google…

Read more →

The attack surface of cloud-native applications continues to grow as adversaries look to exploit misconfigurations and vulnerabilities throughout the application life cycle. In response, the industry has turned to Cloud Native Application Protection Platforms (CNAPPs) to unify multiple disparate security…

Read more →

SkyKick announced major enhancements to its Cloud Management Platform. New products and updates deliver enhanced data protection capabilities and personalized security insights, enabling ITSPs to meet the growing demand for robust security solutions and conversations in the SMB market. This…

Read more →

Island announced the addition of Steve Tchejeyan to its executive team as President. Tchejeyan brings decades of executive leadership experience driving successful business strategies and growth initiatives for some of the world’s leading technology and cybersecurity companies. He is tasked…

Read more →

In a significant move toward enhancing business continuity and data security for enterprises, N2WS has launched the latest version of N2WS Backup and Recovery. This latest release encompasses substantial advancements and new integrations designed to strengthen the protection of enterprise…

Read more →

Egnyte announced several new AI-powered solutions being natively integrated into the Egnyte platform. Egnyte customers will now be able to use the latest generative AI models to find and summarize information contained in their company’s documents and media files, without…

Read more →

Protect AI has closed a $35 million Series A round of funding led by Evolution Equity Partners with participation from Salesforce Ventures and existing investors Acrew Capital, boldstart ventures, Knollwood Capital and Pelion Ventures. To date, the company has raised…

Read more →

Harnessing the potential of automation in cybersecurity is key to maintaining a robust defense against ever-evolving threats. Still, this approach comes with its own unique challenges. In this Help Net Security interview, Oliver Rochford, Chief Futurist at Tenzir, discusses how…

Read more →

If you find the computer security guidelines you get at work confusing and not very useful, you’re not alone. A new study highlights a key problem with how these guidelines are created, and outlines simple steps that would improve them…

Read more →

Coalition’s recent Cyber Threat Index 2023 predicts the average Common Vulnerabilities and Exposures (CVEs) rate will rise by 13% over 2022 to more than 1,900 per month in 2023. As thousands of patches and updates are released each month, organizations…

Read more →

Digital threat actors are adopting evolving tactical behaviors, opting for different types of malicious attacks compared to previous years, according to SonicWall. Overall intrusion attempts were up, led by the highest year on record for global cryptojacking volume recorded by…

Read more →

Unix-like Artifacts Collector (UAC) is a live response collection script for incident response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD, and Solaris systems artifacts. It…

Read more →

The ongoing banking and economic turmoil has opened the floodgates to fraudsters. In this Help Net Security video, ex-British Intelligence officer Alex Beavan, Head of Ethics and Anti-Corruption at Convera, discusses how fraudsters target businesses and his experiences with companies…

Read more →

The Securities and Exchange Commission (SEC) today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules…

Read more →

SeeMetrics launched its new Security Performance Boards. Organized by security domains, the new Security Performance Boards are a collection of out-of-the box metrics that empower security leaders to measure the performance of their technologies, processes, and people in real time.…

Read more →

Endace announced a significant extension of its enterprise-class packet capture solutions with the launch of EndaceProbe Cloud. As organizations migrate sensitive data and critical systems to public cloud environments, it is essential that security and network teams have sufficient visibility…

Read more →

Malware attacks are becoming more sophisticated, and as business increasingly moves to the cloud, companies need to up their defenses to protect against them. SentinelOne announced its Cloud Data Security product line and the general availability of the first two…

Read more →

Clear Skye launched Clear Skye IGA 5.0, the company’s most significant product release to date. An identity security and governance solution built natively on the ServiceNow Platform, 5.0 enables businesses to simplify workflows, increase productivity, and improve the overall user…

Read more →

DataGrail announced a new Managed Services offering that offloads the burdens of day-to-day data privacy management so that companies can maintain their focus on strategy and impact. DataGrail Managed Services now handle customers’ DSR fulfillment and data mapping processes, streamlining…

Read more →

A privilege escalation vulnerability (CVE-2023-30799) could allow attackers to commandeer up to 900,000 MikroTik routers, says VulnCheck researcher Jacob Baines. While exploting it does require authentication, acquiring credentials to access the routers is not that difficult. “RouterOS [the underlying operating…

Read more →

Talon Cyber Security released the Talon Extension, a new enterprise browser security solution that provides customers with visibility and protection for activities conducted within the browser. The extension is easily installed on any web browser, making it an ideal solution…

Read more →

Darktrace announces Darktrace HEAL, its AI-enabled product to help businesses more effectively prepare for, rapidly remediate, and recover from cyber-attacks. HEAL provides security teams with abilities to simulate real attacks within their own environments, create bespoke incident response plans as…

Read more →

BreachRx launched Cyber RegScout, a product purpose-built to automate cybersecurity, privacy and data protection regulatory analysis. Built on BreachRx’s platform, Cyber RegScout empowers businesses to significantly reduce the time burden and compliance risk associated with today’s increasingly complex regulatory environment.…

Read more →

Dynatrace is expanding its Davis AI engine to create a hypermodal artificial intelligence (AI), converging fact-based, predictive- and causal-AI insights with new generative-AI capabilities. The expanded Davis AI will boost productivity across business, development, security, and operations teams by delivering…

Read more →

In this Help Net Security interview, Dr. Lindsey Polley de Lopez, Director of Cyber & Space Intelligence at MACH37, proposes strategies for companies, educational institutions, and governments on how to address the ongoing shortage of cybersecurity talent through the introduction…

Read more →

The role of CISO these days requires a strong moral compass: You have to be the one speaking up for the protection of customer data and be ready to handle uncomfortable situations such as pressure to downplay an actual breach.…

Read more →

A lack of executive understanding and an ever-widening talent gap that is placing an unsustainable burden on security teams to prevent business-ending breaches, according to Swimlane. The research investigated the perceptions of cybersecurity among on-the-ground security professionals and executives, the…

Read more →

Zero trust is here to stay, with 82% of experts currently working on implementing zero trust, and 16% planning to begin within 18 months, according to Beyond Identity. Over 90% of those working on zero trust cited that the 2022…

Read more →

Time is of the essence when it comes to recovery after Exchange Server failure or database corruption, as organizations depend on emails for their day-to-day business communication. The more the delay in restoring services and recovering data, the higher the…

Read more →

ZEDEDA introduced ZEDEDA Edge Application Services, making it easier for customers to instantly gain granular control across all of their edge applications, including their modern AI-based applications. The number of edge devices, along with the data they produce, is growing…

Read more →

NETSCOUT announced its next-generation Omnis Cyber Intelligence (OCI) solution. OCI is an advanced network detection and response (NDR) solution that uses highly scalable deep packet inspection (DPI) and multiple threat detection methods at the source of packet capture to detect…

Read more →

Panorays announced two capabilities – Supply Chain Discovery and Risk Insights and Response Portal. These new additions empower organizations to gain comprehensive visibility into their digital supply chains and effectively manage potential cybersecurity risks posed by third, fourth, and Nth…

Read more →