Category: Help Net Security

Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Darktrace, Data Theorem, Jumio, Malwarebytes, Progress, and Wazuh. Progress Flowmon ADS 12.2 AI offers advanced security event monitoring Flowmon ADS 12.2 harnesses the power of…

Read more →

The high number of attacks on IoT devices represents a 400% increase in malware compared to the previous year, according to Zscaler. The increasing frequency of malware attacks targeting IoT devices is a significant concern for OT security, as the…

Read more →

Consumers are ready for the next wave of payment technology, including deployment of AI-driven biometrics to verify identity in digital-first account opening processes, according to Entrust. The key to future payment solutions 63% of respondents indicated that they are comfortable…

Read more →

Despite advancements in IT security measures, SMBs remain firmly in the crosshairs of cybercriminals, according to Devolutions. Ransomware payments and IoT malware incidents soar Spikes in incidents such as ransomware payments and IoT malware attacks indicate that this year has…

Read more →

Worldwide IT spending is projected to total $5.1 trillion in 2024, an increase of 8% from 2023, according to Gartner. 2024 set to see strong public cloud spending growth While generative AI has not yet had a material impact on…

Read more →

At-Bay launched At-Bay Stance Managed Detection and Response (At-Bay Stance MDR), a new MDR solution designed to help emerging and mid-sized businesses advance their security defenses and threat preparedness in light of rising cyber crime rates. By analyzing its claims…

Read more →

Cado Security has unveiled Cado’s Incident Readiness Dashboard. This new dashboard provides the ability to proactively run readiness checks, see readiness trends over time, and identify issues that could prevent the organization from rapidly responding to active threats. “The reality…

Read more →

Darktrace unveiled a new Darktrace/Cloud solution based on its self-learning AI. The new solution provides comprehensive visibility of cloud architectures, real-time cloud-native threat detection and response, and prioritized recommendations and actions to help security teams manage misconfigurations and strengthen compliance.…

Read more →

Progress has unveiled the latest release of its network anomaly detection system, Progress Flowmon ADS. Flowmon ADS 12.2 harnesses the power of artificial intelligence (AI) to provide an advanced and holistic view of detected security events, empowering cybersecurity professionals to…

Read more →

Tufin released Tufin Orchestration Suite (TOS) version R23-2. The latest edition streamlines Secure Access Service Edge (SASE) policy management across an organization’s hybrid network, expedites security audits and compliance efforts, and enhances application connectivity triage, offering organizations a comprehensive solution…

Read more →

Humans are still better at crafting phishing emails compared to AI, but not by far and likely not for long, according to research conducted by IBM X-Force Red. Creating phishing emails: Humans vs. AI The researchers wanted to see whether…

Read more →

Fortinet announced the expansion of its Universal SASE offering to empower today’s hybrid workforce with FortiOS everywhere. “The Fortinet operating system, FortiOS, is the industry’s only enterprise-grade converged operating system able to support all SASE functions, including firewall, SD-WAN, secure…

Read more →

Seemplicity announced its technical integration with cloud security provider Wiz. As a certified Wiz Integration (WIN) platform partner, Seemplicity enables joint customers to seamlessly integrate its Security Remediation Operations platform into their existing Wiz workflows to accelerate remediation. “Today security…

Read more →

QR code phishing – aka “quishing” – is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others. What are QR codes? QR codes are two-dimensional matrix barcodes used for tracking products, identifying items, simplifying actions such as…

Read more →

The sharp increase in attacks on operational technology (OT) systems can be primarily attributed to two key factors: the escalating global threats posed by nation-state actors and the active involvement of profit-driven cybercriminals (often sponsored by the former). The lack…

Read more →

Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. GOAD-Light: 3 vms, 1 forest, 2 domains “When the Zerologon vulnerability surfaced, it highlighted our…

Read more →

Many CISOs are grappling with the conundrum of the purpose and value of security controls data in supporting critical business decisions, according to Panaseer. The biggest concern when taking on a new CISO role is receiving an inaccurate audit of…

Read more →

Q3 of 2023 continued an ongoing surge in ransomware activity, according to GuidePoint Security. GuidePoint Research and Intelligence Team (GRIT) observed a nearly 15% increase in ransomware activity since Q2 due to an increased number of ransomware groups, including 10…

Read more →

Bitdefender announced Bitdefender Offensive Services, a new offering designed to proactively assess, identify, and remediate security gaps in an organization’s environment (on premises, cloud, hybrid) through penetration testing and red team simulated attacks. In an independent global survey of 400…

Read more →

Malwarebytes launched a new consumer solution, Identity Theft Protection. The new service helps individuals secure their digital identities and defend against identity and online threats. Malwarebytes Identity Theft Protection includes real-time identity monitoring and alerts,credit protection and reporting and live…

Read more →

Digital.ai has unveiled the launch of Denali, the latest release of its AI-powered DevSecOps platform, exemplifying its commitment to delivering an open platform tailored to the needs of the modern enterprise. The platform allows companies to harness the potential of…

Read more →

Teleport released Teleport Identity Governance and Security, a product that secures and governs services, and user identities across multiple clouds, environments and SaaS applications. This new product reduces attack response times by providing customers with a control plane that maps…

Read more →

SentinelOne has launched Singularity Threat Intelligence, a solution that offers security teams an end-to-end view of the threat landscape, along with deep, actionable insights to combat adversaries and minimize risk within the SentinelOne Singularity Platform. “In order to effectively respond…

Read more →

The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation of the XSS vulnerability can be…

Read more →

CyCognito announced a major platform expansion of its External Attack Surface Management (EASM). The latest release includes extended visibility across cloud assets, web application API endpoints and web application firewalls (WAFs), enhanced web crawling capabilities, compliance management controls, integrations for…

Read more →

VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software. About CVE-2023-34048 and CVE-2023-34056 CVE-2023-34048 allows an attacker with network access to a vulnerable vCenter Server…

Read more →

Oscilar unveiled a generative AI risk decisioning offering that enables companies to manage credit, fraud, and compliance risks. Even the most well-funded companies struggle to keep up with the increasing pace and sophistication of fraud schemes, which led to more…

Read more →

PlainID announces their strategic partnership with BigID to deliver an enhanced data protection solution for its customers. This collaboration brings together the unique strengths and capabilities of both companies to provide enterprises complete visibility and control of their data. Together,…

Read more →

AWS announced it will launch the AWS European Sovereign Cloud, a new, independent cloud for Europe designed to help public sector customers and those in highly regulated industries meet the most stringent regulatory data residency and operational requirements. Located and…

Read more →

The newly released Security and Exchange Commission (SEC) cyber incident disclosure rules have been met with mixed reviews. Of particular concern is whether public companies who own and operate industrial control systems and connected IoT infrastructure are prepared to fully…

Read more →

Generative AI is likely behind the increases in both the volume and sophistication of email attacks that organizations have experienced in the past few months, and it’s still early days, according to Abnormal Security. Their leading worry is the increased…

Read more →

Many CISOs may believe their cybersecurity defenses are robust enough to repel any attack, but there are critical misconceptions they may be harboring. In this Help Net Security video, Kevin Kirkwood, Deputy CISO at LogRhythm, stresses that one of the…

Read more →

Younger consumers are taking deliberate action to protect their privacy, as 42% of consumers aged 18-24 exercise their Data Subject Access Rights, compared with just 6% for consumers 75 and older, according to Cisco. Consumers express willingness to share their…

Read more →

Lacework announced a series of updates that expand the platform’s enterprise-grade capabilities to help customers do more in the cloud, securely. Lacework is extending its platform support to new cloud providers in order to give customers more choice as they…

Read more →

Versa Networks announced Versa Secure SD-LAN, a software-defined branch and campus Local Area Network (LAN) solution to deliver zero trust and IoT security natively at the LAN Edge. This software-defined approach makes campus and branch networks more agile and integrated,…

Read more →

Data Theorem introduced an attack path analysis of APIs and software supply chain exploits to its cloud-native application protection platform (CNAPP) called Cloud Secure. The new release includes machine learning (ML)-based hacker toolkits and improved visualizations that boost discovery of…

Read more →

Semgrep announced its public beta of Semgrep Secrets, a product for detecting and securing sensitive credentials during the software development process. Semgrep is designed for engineers – software and security alike – who need to maintain a fast cadence of…

Read more →

Veeam Software announced a strategic partnership with Sophos. Through the partnership, Veeam Data Platform will integrate with Sophos Managed Detection and Response (MDR), adding a critical layer of human-led threat detection and response to advance the security of business-critical backups…

Read more →

Searchlight Cyber has released enhancements to its Dark Web Traffic Monitoring capabilities, a key feature of its dark web monitoring solution, DarkIQ. These enhancements arm cybersecurity professionals with deeper insight into dark web traffic to and from their network, alerting…

Read more →

Ivanti released new capabilities for the Ivanti Neurons platform to improve the digital employee experience, offer scalability to customers and enhance vulnerability prioritization and remediation.​ With this release, Ivanti continues to deliver on its mission to empower IT and Security…

Read more →

Drata launched two highly anticipated capabilities: Role-Based Access Control (RBAC) and User Access Reviews (UAR). The addition of Role-Based Access Control enables even more partitioned access to various elements of the Drata platform to better manage compliance programs. And with…

Read more →

Zyxel Network launched USG FLEX H Series Security Firewalls for small- and medium-sized businesses (SMB). The high-performance firewalls combine ultra-fast firewall/UTM/VPN throughput, powerful multi-gigabit and PoE+ interfaces, and advanced network security to provide multi-layered protection against mounting cyber threats. USG…

Read more →

Island has raised $100 million in its Series C financing round, which values Island at $1.5 billion. The round was led by Prysm Capital and joined by Canapi Ventures, as well as Island’s current funding partners Insight Partners, Stripes, Sequoia,…

Read more →

Following in the footsteps of BeyondTrust and CloudFlare, 1Password has revealed that it has been affected by the Okta Support System breach. “On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing…

Read more →

Semperis announced a global relationship with Veritas Technologies to protect enterprises’ most critical assets and identity systems from cyberattacks. The powerful combination of Semperis Active Directory Forest Recovery (ADFR) and Veritas NetBackup provides enterprises with a comprehensive solution to guard…

Read more →

Security professionals want to pursue high-impact work, but they’re being held back by growing workloads, shrinking budgets, and a worsening skills shortage, according to Tines. Nine out of 10 security teams are automating at least some of their work, and…

Read more →

Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings. Wazuh system comprises an endpoint security agent installed on monitored systems and a management server that processes…

Read more →

AI has been the shiniest thing in tech since at least November 2022, when ChatGPT was made available to the masses and unveiled the transformative potential of large language models for all the world to see. As businesses scramble to…

Read more →

45% of CIOs are beginning to work with their CxO peers to bring IT and business area staff together to co-lead digital delivery on an enterprise-wide scale, according to Gartner. CIOs face a paradigm shift, sharing leadership responsibilities with CxOs…

Read more →

Deep Instinct launched Deep Instinct Prevention for Storage (DPS). The new offering applies a prevention-first approach to storage protection, wherever data is stored – Network Attached Storage (NAS), hybrid, or public cloud environments – and seamlessly integrates into existing environments…

Read more →

Persona launched a new addition to its suite of identity solutions, “Reusable Personas”. Leveraging Passkeys, the new release enables users to securely store their Personal Identity Information (PII) for reuse across any device or browser, without having to re-submit the…

Read more →

Veritas Technologies announced Veritas 360 Defense, an extensible architecture in its space that brings together leading data protection, data governance, and data security capabilities. Veritas 360 Defense delivers a set of cyber resilience capabilities integrated with leading security vendors, such…

Read more →

Centific and Prove Identity have partnered to bridge the gap between cybersecurity and fraud protection. This initiative will redefine the digital security landscape by offering a holistic solution for ensuring data privacy, identity verification, and digital fraud protection that protects…

Read more →

Jumio unveiled Jumio 360° Fraud Analytics, its new fraud-fighting technology that uses AI-driven predictive analytics to identify fraud patterns with more sophistication and accuracy. According to Jumio’s analysis, 25% of fraud is interconnected — either perpetrated by fraud rings or…

Read more →

Microsoft Security Copilot has been made available to a larger number of enterprise customers, via an invitation-only Early Access Program. What is Microsoft Security Copilot? “Security Copilot is an AI assistant for security teams that builds on the latest in…

Read more →

Unit21 launches Real-Time Monitoring to fight real-time fraud and transform the landscape of risk management. With Real-Time Monitoring, fraud prevention teams gain unprecedented capabilities to monitor real-time transactions which allows for proactive fraud prevention, resulting in significant reductions in fraud-related…

Read more →

Cisco has released the first fixes for the IOS XE zero-day (CVE-2023-20198) exploited by attackers to ultimately deliver a malicious implant. The fixes were made available on Sunday, but a curious thing happened the day before: several cybersecurity companies and…

Read more →

Escalating threats to operational technology (OT) have prompted an increasing number of global enterprises to adopt sophisticated technologies and services to enhance the security of their assets. In this Help Net Security video, Christopher Warner, Senior GRC-OT Security Consultant at…

Read more →

As passwordless identity becomes mainstream, the term “passkey” is quickly becoming a new buzzword in cybersecurity. But what exactly is a passkey and why do we need them? A passkey is a digital credential that can only be used by…

Read more →

Modern application security strategies must support and enable modern software development, even as it rapidly scales, according to Mend.io. Just 52% of companies can effectively remediate critical vulnerabilities and only 41% are confident they can manage the security and compliance…

Read more →

While 93% of companies recognize the risks associated with using generative AI inside the enterprise, only 9% say they’re prepared to manage the threat, according to Riskonnect. The research reveals a profound AI risk management gap: To date, only 17%…

Read more →

Healthcare organizations have become prime targets for cybercriminals due to the immense value of their data, including patient records, sensitive medical information, and financial data. The importance of protecting this invaluable information, alongside ensuring the seamless operation of medical devices…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: North Korean hackers are targeting software developers and impersonating IT workers State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in…

Read more →

NetSPI unveiled enhancements to its social engineering penetration testing solutions to help organizations build resilience to modern-day phishing attacks. The updates bring a customized, contextual approach to social engineering testing and go beyond basic phishing campaigns to simulate advanced techniques…

Read more →

ABS Consulting and Dragos have expanded their strategic partnership to provide operational technology (OT) cybersecurity solutions, services and training to federal and commercial organizations. This strategic partnership will build on the companies’ existing work together, further integrating Dragos’ OT cybersecurity…

Read more →

State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has outlined on Wednesday how North Korea-backed…

Read more →

WithSecure researchers have tracked attacks using DarkGate malware to an active cluster of cybercriminals operating out of Vietnam. DarkGate is a remote access trojan (RAT) that has been used in attacks since at least 2018 and is currently available to…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Arcitecta, AuditBoard, BackBox, Prevalent, and Thales. Thales introduces SafeNet IDPrime FIDO Bio Smart Card The SafeNet IDPrime FIDO Bio Smart Card facilitates end user adoption…

Read more →

Despite widespread usage of passwords lingering on, consumers want to use stronger, more user-friendly alternatives, according to FIDO Alliance. Entering a password manually without any form of additional authentication was the most commonly used authentication method across the use cases…

Read more →

Financial services organizations are enticing targets for cybercriminals due to their significant wealth holdings, presenting abundant opportunities for monetary gain through extortion, theft, and fraud, according to Trustwave. In addition to the money itself, the financial services sector stores large…

Read more →

Enterprises will invest nearly $16 billion worldwide on GenAI solutions in 2023, according to IDC. This spending, which includes GenAI software and related infrastructure hardware and IT/business services, is expected to reach $143 billion in 2027 with a compound annual…

Read more →

The financial constraints many smaller organizations face often cast shadows on their ability to fortify defenses. In this Help Net Security interview, Brent Deterding, CISO at Afni, delves into the realities and myths surrounding the cybersecurity poverty line, exploring the…

Read more →

Druva unveiled Dru, an AI copilot for backup that improves how customers engage with their data protection solutions. Dru allows both IT and business users to get critical information through a conversational interface, helping customers reduce protection risks, gain insight…

Read more →

Zumigo launched a functionality within the Zumigo Assure Authentication product that facilitates the transfer of verified trust from a user’s mobile phone to a desktop, laptop and tablet. The functionality is made possible with a crucial new feature – using…

Read more →

Zumigo launched a functionality within the Zumigo Assure Authentication product that facilitates the transfer of verified trust from a user’s mobile phone to a desktop, laptop and tablet. The functionality is made possible with a crucial new feature – using…

Read more →

Sumsub released For Fake’s Sake, a set of models enabling the detection of deepfakes and synthetic fraud in visual assets. Following this initial contribution, Sumsub will leverage feedback from the AI-research community to further improve the models’ capabilities. Sumsub has…

Read more →

itemis and Cybellum formed a partnership to provide comprehensive cybersecurity solutions for the automotive industry. Drawing on their respective expertise, they have established a formidable alliance that will allow OEMs & Tier-N suppliers to better secure their connected products. The…

Read more →

AuditBoard revealed powerful new capabilities purpose-built to enable teams to automate critical workflows, surface key strategic insights, and stay on top of proliferating risks. These new platform enhancements further deliver on the promise of AuditBoard’s modern connected risk model, which…

Read more →

With the relentless demand on banks to maintain consumer trust in an ever-evolving payments landscape, Mastercard has launched a new suite of enhanced solutions using AI to help them make good on the promise of ‘always-on’ payments. With millions of…

Read more →

Google is enhancing Google Play Protect’s real-time scanning to include code-level scanning, to keep Android devices safe from malicious and unwanted apps, especially those downloaded (or sideloaded) from outside of the Google Play app store – whether from third-party app…

Read more →

Resecurity announced a partnership with Spire Solutions, the Middle East & Africa region’s preferred security & data partner and leading value-added distributor. The partnership is aimed at addressing the growing challenges of cybersecurity and will leverage the strengths of both…

Read more →

Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme Segura, Director of Threat Intelligence at Malwarebytes. Malvertising via search engine ads is a…

Read more →