Category: Help Net Security

Secure Code Warrior closed its Series C funding round, led by Paladin Capital Group. At $50 million, this marks the largest investment since the company’s inception, bringing its total funding to date to over $100 million. The new funding will…

Read more →

The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace: Ensuring that the biggest, most capable, and best-positioned entities – in the public and private…

Read more →

Rockwell Automation has fixed two vulnerabilities (CVE-2023-3595, CVE-2023-3596) in the communication modules of its ControlLogix industrial programmable logic controllers (PLCs), ahead of expected (and likely) in-the-wild exploitation. “An unreleased exploit capability leveraging these vulnerabilities is associated with an unnamed APT…

Read more →

Fidelis Cybersecurity released the new Fidelis Active Directory Intercept, a capability that combines network detection and response, deception technology, and Active Directory (AD) security, as part of their Fidelis Network and Deception 9.6.1 product release. Active Directory Intercept is the…

Read more →

The update of the Regula 4306 is centered around light sources that are indispensable for thorough document examination, including relief and various security features, especially those invisible to the naked eye. The redesigned device boasts of a new light source…

Read more →

FIRST has unveiled the latest version of its Common Vulnerability Scoring System (CVSS 4.0). Critical in the interface between supplier and consumer, CVSS provides a way to capture the principal characteristics of a security vulnerability and produces a numerical score…

Read more →

In this Help Net Security video, Brianna McGovern, Product Manager, Attack Surface Management, NetSPI, discusses Attack Surface Management (ASM). Attack Surface Management detects known, unknown, and potentially vulnerable public-facing assets and changes to your attack surface that may introduce risk.…

Read more →

When companies utilize public generative AI tools, the models are refined on input data provided by the company. Regarding data security, unauthorized use of sensitive data or the accidental exposure of proprietary information can lead to reputational damage, legal consequences,…

Read more →

While 75% of organizations have made significant strides to upgrade their infrastructure in the past year, including the adoption of public cloud hosting and containerization, and 78% have increased their security budgets, only 2% of industry experts are confident in…

Read more →

Security leaders are concerned about attacks that leverage malware-exfiltrated authentication data, with 53% expressing extreme concern and less than 1% admitting they weren’t concerned at all, according to SpyCloud. However, many still lack the necessary tools to investigate the security…

Read more →

39% of businesses have experienced a data breach in their cloud environment last year, an increase on the 35% reported in 2022, according to Thales. In addition, human error was reported as the leading cause of cloud data breaches by…

Read more →

(ISC)² expanded its diversity, equity, and inclusion (DEI) partner network, cementing its commitment to fostering greater diversity within the cybersecurity field. Following the initial announcement of five founding partners, an additional eight organizations have joined forces with (ISC)², demonstrating a…

Read more →

WatchGuard Technologies has unveiled AuthPoint Total Identity Security, a comprehensive bundle that combines the AuthPoint multi-factor authentication (MFA) with dark web credential monitoring capabilities and a corporate password manager. The introduction of this new product, paired with the zero trust…

Read more →

anecdotes launched Analysis Engine, empowering its customers to attain proactive GRC monitoring. With the introduction of the new engine, users gain access to robust analysis capabilities that automatically detect gaps in their data and provide deep visibility into their Compliance…

Read more →

Liongard announced its newly enhanced platform to transform the way IT service providers deliver IT governance and mitigate risk with the launch of its Configuration Change Detection and Response (CCDR) platform. More than 2,000 cyberattacks strike the internet each day.…

Read more →

CyberCatch and Proficio announced a strategic partnership to join forces to market and deliver a combined AI-enabled solution for organizations worldwide. CyberCatch’s proprietary, artificial intelligence-enabled (AI) Software-as-a-Service (SaaS) solution is designed to help organizations implement all mandated and necessary controls,…

Read more →

DirectDefense announced its partnership with SCADAfence to enhance industrial cybersecurity and safeguard OT Networks in the era of IIoT. The SCADAfence Platform enables critical infrastructure and manufacturing organizations with complex Operational Technology (OT) networks to embrace the benefits of the…

Read more →

Wipro launched Wipro ai360, a comprehensive, AI-first innovation ecosystem that builds on Wipro’s decade-long investments in AI with the goal of integrating AI into every platform, every tool, and every solution used internally and offered to clients. Along with the…

Read more →

Threat landscape trends demonstrate the impressive flexibility of cybercriminals as they continually seek out fresh methods of attack, including exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, and defrauding individuals, according to the H1 2023 ESET Threat Report. Microsoft: An…

Read more →

IDrive Backup announced the introduction of Google Shared Drive backup, which automatically detects and backs up all the shared drives available to the Super Administrator of the Google Workspace account. Shared drives, which are special folders in Google Drive that…

Read more →

IronNet’s Board of Directors has appointed Linda Zecher as Chief Executive Officer (CEO) effective immediately. Cameron Pforr, the company’s current Chief Financial Officer (CFO), has been appointed President of IronNet. GEN (Ret.) Keith Alexander will continue to serve as Chairman…

Read more →

Hubble announced its next-generation Technology Asset Visibility and Cybersecurity Posture Management Platform, Aurora. Aurora builds on the foundation of Hubble’s existing Asset Intelligence platform, providing users with asset visibility and insights into their cybersecurity posture, with new features such as…

Read more →

Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account (MSA) consumer signing key, the company has revealed on Tuesday. “The threat actor Microsoft links to this incident…

Read more →

Ransomware has been a hugely profitable industry for criminal gangs for the last few years. The total amount of ransom paid since 2020 is estimated to be at least $2 billion, and this has both motivated and enabled the groups…

Read more →

Despite economic obstacles and constraints on IT budgets, global CIOs maintain a positive outlook on the potential of technology to provide significant benefits for their organizations, according to Lenovo. Despite their optimism, the risks are real, as 83% are concerned…

Read more →

Google Cloud’s AML AI represents an advancement in the fight against money laundering. By replacing outdated transaction monitoring systems and embracing AI technology, financial institutions can now stay ahead of evolving financial crime risks, improve operational efficiency, ensure regulatory compliance,…

Read more →

The Ultimate Guide to Certified in Cybersecurity (CC) covers everything you need to know about the entry-level credential recognized by organizations worldwide. Inside, learn how CC starts you on your path to advanced cybersecurity certification and how to access free…

Read more →

For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and…

Read more →

NETSCOUT SYSTEMS has released its latest version of Arbor Edge Defense (AED) which includes new ML-based Adaptive DDoS Protection. According to NETSCOUT’s latest DDoS Threat Intelligence Report, there has been a significant increase in a new breed of dynamic DDoS…

Read more →

Drata announced the appointment of Sydney Sloan as the company’s first ever Chief Marketing Officer (CMO). Sloan will oversee global marketing at Drata to help market and brand leadership, fuel customer engagement, and accelerate the company’s commitment to delivering value…

Read more →

Digilock launched Pivot, hardwired built-in locks for new stationary furniture installations. Digilock brings its keyless lock experience to facilities requiring a hardwired power and data source for its permanent fixtures. Pivot Smart Locks are networked locks that operate with proprietary…

Read more →

Vercara has released a new integration of its enterprise-grade, cloud-based authoritative DNS service, UltraDNS, with HashiCorp’s Consul-Terraform-Sync (CTS), a multi-platform tool designed to automate tasks across network devices that are traditionally handled manually by networking operators. The integration, UltraDNS-CTS, follows…

Read more →

Perimeter 81 announced the hiring of Gadi BenMark as Chief Marketing Officer. With more than 20 years experience in marketing strategy and business development across a variety of industries, BenMark brings extensive working knowledge to Perimeter 81. He reports to…

Read more →

Netskope announced a new partnership with Wipro to deliver cloud-native Managed Secure Access Service Edge (SASE) and Managed Zero Trust Network Access (ZTNA) services to Wipro’s extensive global enterprise client portfolio. “As the global work environment transforms, our Security Cloud…

Read more →

Alteryx announced decision intelligence and intelligent automation capabilities on AWS designed to empower chief financial officers (CFOs) and finance leaders to embrace cloud and data analytics as strategic tools for their modernization goals. “Analytic insights help us tailor digital transformation…

Read more →

Today, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred…

Read more →

Apple has patched an actively exploited zero-day vulnerability (CVE-2023-37450) by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems. The vulnerability has also been fixed with a regular security update in…

Read more →

Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go. Owncast vulnerability (CVE-2023-3188) The first vulnerability was discovered in Owncast,…

Read more →

Due to their distinct perspectives, board members and CISOs often have differing views on cyber attack risks. The discrepancy arises when boards need cybersecurity expertise, need help comprehending technical jargon, or when CISOs need to communicate in business language. In…

Read more →

IT teams need help to monitor and enforce BYOD policies during summer months when more employees often travel or work remotely. In this Help Net Security video, Jeremy Ventura, Director, Security Strategy & Field CISO at ThreatX, discusses how employees…

Read more →

Due to their distinct perspectives, Board members and CISOs often have differing views on cyber attack risks. The discrepancy arises when Boards need cybersecurity expertise, need help comprehending technical jargon, or when CISOs need to communicate in business language. In…

Read more →

Investment in connected device security has accelerated as upcoming legislation affecting the sector becomes more prominent, according to PSA Certified. This acceleration also highlights a noticeable difference from last year in the level of demand from industry customers and, more…

Read more →

It is important not to underestimate the potentially devastating impact of DDoS attacks. Organizations of all sizes should take proactive measures to mitigate and safeguard against DDoS attacks, ensuring the continuity and resilience of their operations. Throughout this Help Net…

Read more →

In April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised. The attack was claimed by the Russian-linked ALPHV/Blackcat ransomware group.…

Read more →

A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the exploited vulnerability As noted by Jumpsec researchers Max Corbridge and Tom Ellson, Microsoft Teams’…

Read more →

lockr launched Connections Hub to verify the authenticity of first-party datasets. Connections Hub expands lockr’s partnerships with publisher-focused data platforms such as CDPs and Clean Rooms, allowing publishers to easily assess and manage the impact of machine-generated emails on their…

Read more →

Honeywell has agreed to acquire SCADAfence, a provider of OT and IoT cybersecurity solutions for monitoring large-scale networks. SCADAfence brings proven capabilities in asset discovery, threat detection and security governance which are key to industrial and buildings management cybersecurity programs.…

Read more →

Organized criminal groups exploited a flaw in Revolut’s payment systems and made off with $20+ million of the company’s money, the Financial Times reported on Sunday, citing people with knowledge of the situation. Revolut’s cybersecurity troubles Revolut is a privately…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Island Enterprise Browser: Intelligent security built into the browsing session In this Help Net Security interview, Mike Fey, CEO of Island, explains the differences between…

Read more →

We’re halfway through 2023 already and moving into our seventh Patch Tuesday of the year next week. There’s been a lot of activity with Microsoft this month which may impact updates we’ll see. But first taking a quick look back…

Read more →

As more companies recognize APIs as the building blocks of modern software, API tools and services are evolving to meet their needs, according to Postman. Adopting an API-first approach “More companies are adopting an API-first approach to software development, and…

Read more →

Network attacks (IPS detections) have remained relatively flat over the last three quarters, technically down a bit more than 3%, according to WatchGuard. “Organisations need to pay more active, ongoing attention to the existing security solutions and strategies their businesses…

Read more →

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of…

Read more →

Dig Security announced it has added support for Optical Character Recognition (OCR) to the Dig Data Security Platform. Dig can now detect sensitive customer data in image files, such as passports and driver’s licenses, that are stored in multi-cloud environments.…

Read more →

ISACA is joining the European Cyber Security Organisation (ECSO). The membership will work to accelerate ECSO and ISACA’s shared commitment to advancing cybersecurity, fostering collaboration and driving digital trust across Europe. ISACA’s membership brings numerous benefits and opportunities for organisations…

Read more →

TXOne Networks announced its Stellar solution for defending operational stability. Employing TXOne Networks’ approach to security, Cyber-Physical System Detection and Response (CPSDR), Stellar supports the priorities of security and operations without either team having to sacrifice capability or performance. Already…

Read more →

Regulatory compliance and cybersecurity improvement are not two sides of the same coin: they are distinct pillars that demand specialized attention. Achieving compliance does not create an impenetrable fortress against threats, it merely creates a baseline defense. So, how can…

Read more →

Computer scientists at the University of Waterloo have discovered a method of attack that can successfully bypass voice authentication security systems with up to a 99% success rate after only six tries. Experts expose flaws in voiceprint technology Voice authentication…

Read more →

An overwhelming number of respondents familiar with ChatGPT were concerned about the risks it poses to security and safety, according to Malwarebytes. They also don’t trust the information it produces, and would like to see a pause in development so…

Read more →

As AI technology advances, it is essential to remain mindful of familiar and emerging risks. Education is critical to fostering responsible AI innovation, as understanding the technology and its limitations raises standards and benefits everyone. In this Help Net Security…

Read more →

Hackrate launched HackGATE, a monitoring platform specifically designed for ethical hacking projects. Thousands of IT security teams around the world struggle with efficiently monitoring ethical hacking projects and determining whether a test yielded a clear result because their systems are…

Read more →

LTIMindtree has launched a comprehensive cyber-recovery and data protection platform called ‘LTIMindtree V-Protect’, powered by Rubrik. LTIMindtree V-Protect is a offering from LTIMindtree which provides data protection and seamless recovery for M365 workloads such as Exchange, SharePoint, OneDrive, and Teams.…

Read more →

CampusGuard launched CampusGuard Central 2.0, a new release of its dynamic customer compliance portal. CampusGuard Central enables organizations to manage their PCI DSS compliance status across their entire enterprise with one easy-to-use tool. CampusGuard Central 2.0 includes the following enhancements:…

Read more →

Running about 200,000 daily security scans, the free Community Edition now has an online security test to quickly verify security, privacy and compliance of email servers. According to the most recent Trend Micro’s report, both sophistication and volume of phishing…

Read more →

As 40% of consumers harbor skepticism regarding organizations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack, according to Object First. Consumers request data protection Furthermore, consumers request increased data protection from vendors, with 55% favoring…

Read more →

Healthcare continues to be one of the most attractive targets for cyberattackers, and the number of breaches affecting the industry is increasing yearly. In this Help Net Security video, Steve Gwizdala, VP of Healthcare at ForgeRock, discusses how vigilance and…

Read more →

Small organizations face the same security threats as organizations overall but have less resources to address them, according to Netwrix. Lack of budget among small organizations The most common security incidents are phishing, ransomware, and user account compromise. However, smaller…

Read more →

In this Help Net Security interview, Mike Fey, CEO of Island, explains the differences between consumer browsers and the Island Enterprise Browser, how it protects organizations’ data, and how it uses contextual information to provide users with a safe browsing…

Read more →

Waterfall Security Solutions confirmed the opening of a new European headquarters in the Netherlands. This continued expansion of Waterfall’s presence in Europe is in response to the strong increase in demand for Waterfall products throughout the EU. Waterfall’s growing customer…

Read more →

Node4 announced the acquisition of ThreeTwoFour, an information security and technology risk specialist. The acquisition is Node4’s third significant growth purchase in the last 18 months, having also bought risual, an IT managed services and solutions provider and Tisski, a…

Read more →

Enterprise leaders in procurement, IT, and finance need to take immediate action to rationalize their SaaS portfolios to prevent spending and governance challenges from spiraling out of control, according to Productiv. Productiv analyzed how nearly 100 million SaaS licenses were…

Read more →

Aggregated honeypot data, over a six-month period, showed that more than 50% of the attacks focused on defense evasion, according to Aqua Security. Threat actors avoid detection These attacks included masquerading techniques, such as files executed from /tmp, and obfuscated…

Read more →

IT leaders are losing sleep over improving overall IT performance (60%), data security (50%), process risk and compliance (46%), and the need to improve agility (41%), according to Rocket Software. To overcome these challenges, IT organizations are turning to hybrid…

Read more →

Threat actors are well-aware of the vulnerability of our cloud infrastructure. The internet we have today is not equipped to serve the data needs of the future. When data is stored in the cloud, it can end up across several…

Read more →

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches…

Read more →

In this Help Net Security video, Charl van der Walt, Head of Security Research at Orange Cyberdefense, discusses cyber extortion attacks and their expansion to new regions. A recent report revealed that cyber extortion activity reached the highest volume ever…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Bitdefender, Cequence Security, ConnectSecure, Cymulate, Cytracom, Datadog, Delinea, Edgescan, Enveedo, ESET, Index Engines, Island, iStorage, Lacework, NetApp, Netscout, Netskope, NinjaOne, Okta, Permit.io, PingSafe, Quantinuum,…

Read more →

As more businesses experience resource and cost constraints, 86% of MSPs and MSSPs customers are outsourcing their security needs to consolidate security tools, according to OpenText. “Staffing issues that have plagued the security industry for years are getting worse due…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unlocking internet’s secrets via monitoring, data collection, and analysis In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring,…

Read more →

CobolCloud and Kubo Labs sign a partnership agreement to secure legacy applications in Kubernetes environments. “CobolCloud is the very latest generation of COBOL tools allowing on the one hand, the recompilation of existing applications without modifying the source code, and…

Read more →

Attain Insight released Attain Insight Security 4X version 4.0, an upgrade to its flagship security software. This latest release introduces new features and enhancements designed to fortify data protection, streamline compliance processes, and bolster user management across diverse enterprise environments.…

Read more →

Total Assure announced its spinout from IBSS. Total Assure partners with its customers to identify security gaps, develop attainable cybersecurity objectives, and deliver comprehensive cybersecurity solutions that protect their businesses from modern cybersecurity threats. On account of the cybersecurity talent…

Read more →

Nokod Security announced its $8 million seed round, which will be used to establish a presence in the United States market, as well as to expand the R&D teams and support novel research of security vulnerabilities in the low-code/no-code domain.…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Cequence Security, Delinea, Index Engines, and NetApp. Delinea Privilege Manager enhancements reduce phishing effectiveness Based on Delinea’s deep expertise and customer feedback, the new Workstation…

Read more →

IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months when more employees are often traveling or working remotely, according to ThreatX. With more endpoints and applications in use, and often personal rather…

Read more →

In the dynamic business landscape where third-party relationships assume a critical role, organizations confront various risks that can profoundly affect their security and compliance requirements, according to Panorays. Even amidst tough economic times, the crucial nature of these risks necessitates…

Read more →

In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring, collecting, and analyzing internet data to gain a profound understanding of the internet. This insight plays a vital role in protecting and empowering customers.…

Read more →

Perception Point reveals its latest detection innovation, developed to counter the emergent wave of AI-generated email threats. The AI-powered technology leverages Large Language Models (LLMs) and Deep Learning architecture to effectively detect and prevent BEC attacks, a cyber threat which…

Read more →

WISeKey has unveiled a major upgrade to its digital identity and privacy platform, WISeID.com, designed to provide users with enhanced protection against identity theft and increase privacy in today’s hyper-connected digital world. The new generation of WISeID builds upon WISeKey’s…

Read more →

Keepit launched new backup and recovery service for Microsoft Azure DevOps. “Azure DevOps has limited disaster recovery coverage. If a company loses its Azure DevOps data, it loses access to development operations, which means it loses the ability to track,…

Read more →

Immuta launched its latest platform enhancements to deliver simplified data security and monitoring in Snowflake so that joint customers can unlock more value, reduce costs, and speed up innovation. These new features include strengthened data mesh support, enhanced security for…

Read more →

Skyhigh Security announced it’s enabling organizations to adopt artificial intelligence applications in a secure manner that protects sensitive, confidential, and business critical information through its Security Service Edge (SSE) portfolio. Skyhigh Security’s technology protects data and stops threats in the…

Read more →

Daon announces the addition of AI.X technology to expand the capabilities of its IdentityX and TrustX platforms. Designed for emerging identity threats from generative AI technology, AI.X includes pioneering technology that protects against deepfakes across voice, face, and document verification.…

Read more →

An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found – and…

Read more →

Twilio and Frame AI announced a partnership to leverage AI to enhance customer engagement delivered within Twilio Flex. With the help of Frame AI’s platform, Twilio Flex (the cloud-based digital engagement solution for personalized interactions across contact centers, sales, and…

Read more →

In this Help Net Security video, Mitja Kolsek, CEO at Acros Security, discusses micropatches, a solution to a huge security problem. With micropatches, there are no reboots or downtime when patching and no fear that an official update will break…

Read more →

Many popular generative AI projects are an increased security threat and open-source projects that utilize insecure generative AI and LLMs also have poor security posture, resulting in an environment with substantial risk for organizations, according to Rezilion. Advancements in LLMs…

Read more →

In 2022, the total number of DDoS attacks worldwide increased by 115.1% over the amount observed in 2021, according to Nexusguard. The data also showed that cyber attackers continued to alter their threat vectors by targeting the application platforms, online…

Read more →

Attack surface expansion is a byproduct of doing business today, especially for enterprises that rely on the cloud. As businesses adapt and scale, the assets and platforms they use inevitably grow and change. This can result in attack surface exposures,…

Read more →

Fewer than one in ten CIOs can claim that they have avoided a network outage, according to Opengear. This finding is among new research by Opengear of both CIOs and network engineers globally. The scale and frequency of network outages…

Read more →