Category: Help Net Security

Virtana acquired cloud observability platform, OpsCruise, a purpose-built cloud-native, and Kubernetes observability platform. OpsCruise’s solution empowers ITOps/DevOps/SRE teams to predict performance degradation and pinpoint its cause. This is enabled by the deep understanding of Kubernetes and popular technologies used in…

Read more →

BSidesLjubljana 0x7E7 is taking place today at the Computer History Museum, and Help Net Security is on site. Here’s a look at the event featuring Solar Designer (Openwall), Boris Sieklik (MongoDB), Darko Kukovec (Infinum), and Daniel Poposki. The post Photos:…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from NETSCOUT, Okta, Quantinuum, Seceon, and Zilla Security. Okta Device Access enables businesses to secure access to both devices and applications As part of Okta’s Workforce…

Read more →

This year, against the backdrop of attacks on everyone from healthcare institutions and schools to financial services organizations, as well as the introduction of legislation across the UK and EU to move security up the agenda, cybersecurity has undoubtedly become…

Read more →

In this Help Net Security video interview, Thomas Roccia, Senior Security Researcher at Microsoft, discusses his new book – Visual Threat Intelligence. The book covers a wide range of topics, including: Threat intelligence fundamentals and methodologies TTP, Diamond Model of…

Read more →

Despite a hardening economic climate, heightened global tensions and the onset of new technology making cybercrime easier, 76% of the CISOs, suggested that no material breaches had occurred and 60% said that no material cybersecurity incident had occurred in the…

Read more →

After two years of pandemic-induced disruption, 2022 was a return to business as usual for the world’s cybercriminals, according to Proofpoint. As COVID-19 medical and economic programs began to wind down, attackers had to find new ways to make a…

Read more →

Coalition announced the Coalition Exploit Scoring System (Coalition ESS), a vulnerability scoring system that helps risk managers mitigate potential cyber threats. Developed by Coalition Security Labs, the company’s research and innovation center, Coalition ESS is a security risk prioritization scoring…

Read more →

T-Mobile and Google Cloud are working together to combine the power of 5G and edge compute, giving enterprises more ways to embrace digital transformation. T-Mobile will connect the 5G ANS suite of public, private and hybrid 5G networks with Google…

Read more →

anecdotes launched an updated version of its Risk Manager Application. Powered by data and automation, the Risk Manager delivers enterprise-level risk management insights and monitoring capabilities, enabling organizations to apply a risk-first approach to a broader Compliance management context. The…

Read more →

OneSpan announced expanded features for OneSpan Notary, a next-generation, all-in-one, cloud-connected solution that enables organizations to transform the way notaries and customers complete agreements and notarize documents in a secure and trusted environment. These new capabilities will now support Remote…

Read more →

VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network Insight), its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-20887, CVE-2023-20888,CVE-2023-20889) CVE-2023-20887 is a pre-authentication command injection vulnerability that…

Read more →

In this Help Net Security video, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber, discusses how cybercriminals employ specialized strategies when targeting energy companies. This is primarily due to the sensitive and valuable information these organizations hold and their…

Read more →

Digital key technology allows mobile devices to streamline approval for everyday access points, making it a fitting solution for the automotive industry. While there are a few different approaches to implementing digital keys for automotive use, a secure digital key…

Read more →

The tension between difficult economic conditions and the pace of technology innovation, including the evolution of AI, is influencing the growth of identity-led cybersecurity exposure, according to CyberArk. The CyberArk’s report details how these issues – allied to an expected…

Read more →

Fiddler Auditor is an open-source tool designed to evaluate the robustness of Large Language Models (LLMs) and Natural Language Processing (NLP) models. LLMs can sometimes produce unwarranted content, potentially create hostile responses, and may disclose confidential information they were trained…

Read more →

What if the enterprise had complete control over the browser? What would it do for security, productivity, for work itself? Ari Yablok, Head Of Brand at Island, invites you to visit Island at Infosecurity Europe 2023 (Stand S75) to learn…

Read more →

The use of MFA has nearly doubled since 2020 and that phishing-resistant authenticators represent the best choice in terms of security and convenience for users, according to Okta. MFA authentication gains traction MFA authentication has steadily gained traction across organizations…

Read more →

Zilla Security announced Zilla Secure and Segregation of Duties (SOD), two SaaS solutions that enable enterprise-wide identity security for cloud-based applications and infrastructure, SaaS, and legacy applications. “Organizations today face a stark reality around their cloud security posture,” said Deepak…

Read more →

Quantinuum launched Quantum Origin Onboard, an innovation in cryptographic key generation that provides quantum computing hardened cyber protection for a wide range of connected devices by maximizing the strength of keys generated within the devices themselves. The risk of cyberattacks…

Read more →

Absolute Software has expanded its differentiated Security Service Edge (SSE) solution with the launch of the Absolute Secure Web Gateway Service. Optimized for hybrid and mobile work models, this new extended offering builds on existing capabilities available in Absolute Secure…

Read more →

HPE announced that Rom Kosla has been appointed Chief Information Officer (CIO). “The performance and agility of our IT team is critical to ensuring our customers and partners have great experiences doing business with us, and that our team members…

Read more →

Zscaler has debuted four new cybersecurity services and capabilities which further extend the power of its Zscaler Zero Trust Exchange cloud security platform. The innovations not only enhance the monitoring and remediation of sophisticated attacks but also deliver a new…

Read more →

Rezilion released Agentless solution, allowing user connection and access to Rezlion’s full feature functionality across multiple cloud platforms. It enables security teams to monitor exploitable attack surfaces in runtime without using an agent to simultaneously minimize security and operational risk.…

Read more →

Kodem has launched from stealth and announced $25M in funding from Greylock and TPY Capital. Kodem will use the funds to launch its platform globally and expand its go-to-market team. The modern software supply chain is viral. Every software component…

Read more →

Silent Push launches with a total of $10M in seed funding led by global cybersecurity specialist investor Ten Eleven Ventures. Silent Push takes a unique approach to identifying emerging cyber threats by providing the most comprehensive view of global internet-facing…

Read more →

Deloitte is working with Amazon Web Services (AWS) to deliver ConvergeSECURITY, a cloud focused security and compliance service. ConvergeSECURITY allows enterprises to accelerate their cloud transformation efforts through a combination of artificial intelligence (AI)-enabled cloud security and compliance product solutions,…

Read more →

Echoworx announced that passkeys have been added to their authentication options. This versatile, advanced authentication method adds to their existing suite of security offerings and provides organizations with another layer of assurance that their data is safe. Organizations that use…

Read more →

Okta announced Okta Device Access, a new product that enables organizations to extend Okta’s Identity and Access Management (IAM) capabilities to secure access to corporate devices for a hybrid workforce. As part of Okta’s Workforce Identity Cloud, the solution will…

Read more →

Sycope is introducing version 2.3 of its network monitoring and security tool. The solution is based on real-time flow analysis enriched with business context and supports companies in securing performance and improving IT security. The new version brings numerous improvements…

Read more →

As a launch partner for the Wiz Integrations (WIN) platform, ContrastContrast Security brings the power of the Contrast Secure Code Platform to WIN, so that customers can seamlessly integrate Contrast’s application security and protections into their existing Wiz workflows. The…

Read more →

Swiss government websites are under DDoS attacks, but several ransomware gangs have also turned their sights on Swiss government organizations, cantonal governments, cities and companies in the last few months. Government sites under DDoS attacks “Several Federal Administration websites are/were…

Read more →

Eviden, an Atos business, announces AIsaac Cyber Mesh, a next generation of cybersecurity detection and response, reinforced by AWS Security Data Lake and powered by generative AI technologies. AIsaac Cyber Mesh offers an advanced end-to-end detection, response, and recovery solution,…

Read more →

Zscaler has unveiled a set of security solutions designed for IT and security teams to leverage the full potential of generative AI while preserving the safety of enterprises’ intellectual property and their customers’ data. By employing its vast data pool,…

Read more →

For many people, life’s fundamental activities are now conducted online. We do our banking and shopping online, turn to the digital realm for entertainment and to access medical records, and pursue our romantic interests via dating sites. That means apps…

Read more →

Business leaders worldwide understand they need to invest in digital transformation to meet a new innovation imperative, despite ongoing macroeconomic pressures and an increasingly uncertain, competitive business environment, according to Insight. The pandemic accelerated transformation in every industry as organizations…

Read more →

According to ESG, 70% of cybersecurity pros expect budget cuts or freezes this year, which, in turn, will trigger project delays and greater vendor scrutiny. Understaffing and low budgets are ever-present challenges, but security teams are uniquely affected by alert…

Read more →

Compliance obligations that support data privacy and cyber risk are nearly ubiquitous. Not only that, but they’re expanding. According to Gartner, government regulations covering these areas of emphasis will apply to five billion citizens and more than 70% of global…

Read more →

61% of SMBs have been hit by a successful cyberattack in the last year, according to BlackFog. The research study, which examined the business impact of cybersecurity for organizations in the US and UK, also revealed the growing importance of…

Read more →

For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today! Microsoft has previously fixed CVE-2023-3079, a type confusion vulnerability in…

Read more →

Open-source code repositories have become integral to developers, enabling them to work faster and more flexibly with the added benefit of collaborating with other developers. While these platforms encourage agility, they can also create security concerns. oak9 has added a…

Read more →

HashiCorp has unveiled new products and solutions to expand HashiCorp’s identity-based security portfolio. These include a new addition for privileged access management (PAM), HashiCorp Boundary Enterprise, and a simplified secrets management SaaS offering, HashiCorp Cloud Platform (HCP) Vault Secrets. These…

Read more →

Google has announced the Google Cyber NYC Institutional Research Program, allocating $12 million to stimulate the cybersecurity ecosystem and establish New York City as the global leader in cybersecurity. The $12 million will go towards research conducted at four of…

Read more →

Cynerio collaborates with Microsoft to integrate with their cloud-native SIEM and SOAR offering Microsoft Sentinel. This collaboration aims to provide the healthcare industry with a comprehensive solution to address the growing security challenges posed by medical and IoT devices. As…

Read more →

Seceon announced two new products designed to quantify and report on the value of the platform for its partners and their clients. Seceon aiSecurity Score360 service provides comprehensive scanning and risk assessments of attack surfaces. It quantifies, prioritizes and benchmarks…

Read more →

GuidePoint Security has announced the availability of its Breach & Attack Simulation as a Service (BASaaS) offering. The new service is designed to help organizations maximize the value from their BAS tools and improve their security posture and the ROI…

Read more →

OneTrust announces enhancements to OneTrust’s data policy engine designed to identify data security, privacy, and governance violations and automatically set and enforce data policies across the entire data ecosystem. Coupled with powerful automation, OneTrust’s data discovery, classification, and governance solutions…

Read more →

Dragos launched the Dragos Global Partner Program to comprise OT cybersecurity technology, services, and threat intelligence. The Dragos Partner Program extends even further by offering training that prepares partners as experts who can offer their customers assessment services based on…

Read more →

NETSCOUT has introduced its Visibility Without Borders (VWB) platform to help organizations keep goods and services flowing by uniting performance, security, and availability under one common data framework. By proactively identifying areas of complexity, fragility, and risk, the platform unlocks…

Read more →

As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. CVE-2023-34362 PoC exploit released Horizon3…

Read more →

Automation Anywhere and Google Cloud announced an expanded partnership that combines the power of generative AI and intelligent automation to accelerate the adoption of AI and make it accessible to every enterprise. Automation Anywhere is utilizing Google Cloud’s large language…

Read more →

Accenture announced a $3 billion investment over three years in its Data & AI practice to help clients across all industries rapidly and responsibly advance and use AI to achieve greater growth, efficiency and resilience. “There is unprecedented interest in…

Read more →

Security leaders are recognizing that cloud and the way cloud security teams work today are becoming increasingly critical to business and IT operations, according to Trend Micro. As a result, cloud security and the foundational practices of their teams will…

Read more →

The advent of 6G communication systems brings forth new possibilities and advancements compared to previous generations. With hyper-connectivity and machine-to-machine communication at its core, 6G aims to bridge the gap between humanity and the world of machines. In this Help…

Read more →

In this Help Net Security video, Denis Mandich, CTO at Qrypt, talks about quantum computing. If we thought AI turned security and privacy on their head, quantum computing will break how we encrypt data today and risk revealing sensitive data…

Read more →

Cyber resilience is a leading strategic priority today, and most enterprises are now pursuing programs to bolster their ability to mitigate attacks. Yet despite the importance placed on cyber resilience, many organizations struggle to measure their capabilities or track their…

Read more →

VMware has unveiled four enhancements to further its digital employee experience (DEX) solution: the general availability of DEX for 3rd party managed devices, DEX for VMware Horizon, AI-driven Guided RCA, as well as the intent to expand Workspace ONE ITSM…

Read more →

TuxCare launched SecureChain for Java service to bolster software supply chain security via continuously secured and free repository service. With 76% of open source code used in the commercial code bases, threat groups see it as an ever-growing opportunity to…

Read more →

Erik Prusch will join ISACA as its new CEO. Based in Washington state, Prusch brings significant tech and leadership experience as a CEO and board director to the organization. “This is an exciting time for ISACA as we’ve expanded globally,…

Read more →

Stellar Cyber announced a new technology partnership with Mimecast, an email and collaboration security company. This powerful technology integration makes it easy for Stellar Cyber and Mimecast customers to swiftly mitigate the risk of damaging email-based attacks, such as phishing…

Read more →

The 2023 Verizon Data Breach Investigations Report (DBIR) has confirmed what FBI’s Internet Crime Complaint Center has pointed out earlier this year: BEC scammers are ramping up their social engineering efforts to great success. BEC attackers targeting the real estate…

Read more →

Progress Software customers who use the MOVEit Transfer managed file transfer solution might not want to hear it, but they should quickly patch their on-prem installations again: With the help of researchers from Huntress, the company has uncovered additional SQL…

Read more →

In response to growing use of generative AI tools, Darktrace launched a new risk and compliance models to help its 8,400 customers around the world address the increasing risk of IP loss and data leakage. These new risk and compliance…

Read more →

Regulatory bodies are taking potential data privacy violations much more seriously this year after a relatively quiet period that followed the enactment of regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We…

Read more →

With the rise of modern trends such as cloud computing and remote work, healthcare institutions strive to balance accessibility, convenience, and robust security. In this Help Net Security interview, Ken Briggs, General Counsel at Salucro, discusses how fostering a culture…

Read more →

Organizations are still grappling with identity-related incidents, with an alarming 90% reporting one in the last 12 months, a 6% increase from last year, according to The Identity Defined Security Alliance (IDSA). Protecting digital identities As identities continue to significantly…

Read more →

Cyber extortion attacks have become increasingly prevalent in recent years, posing a significant threat to organizations of all sizes and industries, according to Orange Cyberdefense. Examining data from a total of 6,707 confirmed business victims, the findings show a fluctuation…

Read more →

Fortinet has released several versions of FortiOS, the OS/firmware powering its Fortigate firewalls, without mentioning that they include a fix for CVE-2023-27997, a remote code execution (RCE) flaw that does not require the attacker to be logged in to exploit…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cl0p announces rules for extortion negotiation after MOVEit hack The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by…

Read more →

The Forum of Incident Response and Security Team (FIRST) has elected a new chair and appointed a new cyber security expert to its Board of Directors. Bringing a wealth of knowledge and experience, current board member Tracy Bills was chosen…

Read more →

Kyndryl unveiled a Cybersecurity Incident Response and Forensics (CSIRF) service to help customers proactively prepare for and respond to threats by applying the latest threat intelligence and experience from Kyndryl’s deep domain security experts. The new service helps customers investigate…

Read more →

eSentire introduces MDR for Network on AWS offering, extending its proprietary, on-premises network software to AWS cloud environments as a SaaS-based solution. As organizations continue to scale in the cloud, more than half of network detections will be cloud-based by…

Read more →

Barracuda Networks is urging customers running phyisical Email Security Gateway (ESG) appliances to replace them immediately, “regardless of patch version level.” Vulnerability identification and disclosure Barracuda has identified a critical vulnerability (CVE-2023-2868) in their ESG appliances on May 19, 2023,…

Read more →

Guardz has unveiled a new AI-powered Multilayered Phishing Protection solution to help small and medium-sized enterprises (SMEs) and managed service providers (MSPs) prevent phishing attacks before their security is compromised. The solution uses AI to provide small businesses and the…

Read more →

Gigamon announced that its Deep Observability Pipeline now delivers network-derived application metadata intelligence (AMI) into Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers,…

Read more →

Insight Enterprises is launching a new service offering designed to help unlock the vast potential of generative AI to drive value to clients’ businesses. Insight Lens for GenAI builds on Insight’s deep capabilities in enterprise applications, data platforms, technical architecture…

Read more →

OneTrust announces new data source connectors for OneTrust Data Discovery, bringing the total number of out-of-the-box connectors to over 200. This allows organizations to scan, classify, inventory, and remediate data from virtually any data source. “Data is created at unprecedented…

Read more →

VanDyke Software released the VShell 4.9 server, adding public key to the authentication methods supported by SFTP virtual roots. SFTP virtual roots allow system administrators to configure VShell to automatically transfer files to a remote SFTP server. Files uploaded to…

Read more →

Deepwatch announced a global strategic partnership with Lacework to offer organizations comprehensive and proactive security solutions. This strategic partnership combines Deepwatch’s MDR expertise with Lacework’s advanced cloud security analytics, providing enterprises with an unmatched level of protection against modern cyber…

Read more →

Blackpoint Cyber has received a $190 million growth investment led by Bain Capital Tech Opportunities, with participation from Accel. Bain Capital Tech Opportunities and Accel join existing investors including Adelphi Capital Partners, Telecom Ventures, Pelican Ventures and WP Global Partners.…

Read more →

The odd month-to-month pattern of CVEs addressed by Microsoft continued with the May Patch Tuesday. After seeing high numbers for April, we saw 20 and 23 CVEs fixed for Windows 11 and 10, respectively, in May. And after 62 CVEs…

Read more →

As cyberattacks intensify, more and more organizations recognize the need to have a strong security culture for all employees, according to Fortinet. Employee cybersecurity awareness The most recent report from Fortinet’s FortiGuard Labs found that ransomware threats remain at peak…

Read more →

In this Help Net Security video interview, Alan Watkins, CIS Controls Ambassador, CIS, talks about his new book – Creating a Small Business Cybersecurity Program, Second Edition. This book provides guidance and essential steps small businesses with 25-50 employees should…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Datadog, Enveedo, Lacework, and NinjaOne. Lacework simplifies cloud security with risk calculation on users’ permissions Lacework announced new CIEM functionality to address the complex…

Read more →

Security executives are overwhelmingly craving more AI solutions in 2023 to help them battle the growing cybersecurity threat landscape, according to Netrix Global. 22% of respondents said that they would like to see more AI used in cybersecurity this year,…

Read more →

The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them – or they will post their…

Read more →

Open-source GitHub cybersecurity projects, developed and maintained by dedicated contributors, provide valuable tools, frameworks, and resources to enhance security practices. From vulnerability scanning and network monitoring to encryption and incident response, the following collection encompasses a diverse range of projects…

Read more →

Businesses have been using artificial intelligence for years, and while machine learning (ML) models have often been taken from open-source repositories and built into business-specific systems, model provenance and assurance have not always necessarily been documented nor built into company…

Read more →

In this Help Net Security video, Mattias Fridström, Chief Evangelist at Arelion, talks about the DDoS threat landscape during 2023. DDoS attacks reflect significant geo-political challenges and social tensions and have become an increasingly important part of the hybrid warfare…

Read more →

Despite economic headwinds and IT budget challenges, the world’s CIOs are bullish about the power of technology to deliver value for their organizations, according to Lenovo. Innovation investment concerns among CIOs Despite their optimism, the risks are real, as 83%…

Read more →

Despite prevailing economic headwinds, the market for cybersecurity products and services remains buoyant, according to CCgroup. The study found that 78% of enterprises in the U.S. and 58% in the UK have increased cybersecurity investment in the last year, while…

Read more →

Wipro launched a managed private 5G-as-a-Service solution in partnership with Cisco. The new offering enables enterprise customers to achieve better business outcomes through the seamless integration of private 5G with their existing LAN/WAN/Cloud infrastructure. The changing nature of work and…

Read more →

Elevate Security has unveiled the release of integrations with Cisco Duo, Secure Email, Secure Endpoint, and Umbrella. These integrations add Elevate’s high-confidence user risk quantification and management capabilities to Cisco’s core cyber security offerings, enabling defenders to predict which users…

Read more →

Sentra announced Sentra ChatDLP Anonymizer, a new feature that redacts Personal Identifiable Information (PII) from ChatGPT and Google Bard prompts. ChatDLP enhances organizations’ data security by minimizing the vulnerability of critical data, enabling enterprises to leverage the advantages of new…

Read more →

Cyera’s integration with Azure OpenAI enables Cyera customers to make faster, more informed decisions about data security, privacy, and governance. Cyera’s data security platform empowers security teams to take action by automatically deriving business context and understanding the intent behind…

Read more →

With Tines Cases, security and IT teams can manage and track incidents, investigate security breaches, and manage response activities. The new solution extends the strength of the Tines platform by empowering teams to collaborate on anomalies and build better automations…

Read more →

Wind River has introduced Wind River Studio Linux Security Scanning Service that provides professional-grade scanning to identify Common Vulnerabilities and Exposures (CVEs). Tuned to the unique needs of embedded Linux development, it also indicates whether a remediation solution is already…

Read more →

Commvault announced new security capabilities across its entire portfolio. Signaling the next phase in its evolution, Commvault is helping businesses secure, defend, and recover their data to meet increasingly sophisticated cyberthreats head on. As part of these capabilities, Commvault has…

Read more →

Island announced the first password manager natively built into an enterprise browser, providing IT teams and employees with powerful new capabilities to eliminate password abuse, help ensure organizational custody of corporate passwords, and embrace passwordless user authentication flows. By offering…

Read more →

SAIC launched Trust Resilience, a holistic approach to support government agencies adopting the mandated zero trust architecture. “Trust Resilience builds security into IT modernization, delivering protection and compliance of mission-critical resources no matter where organizations are on their technology modernization…

Read more →