Category: Help Net Security

Cisco launched a Full-Stack Observability Platform—a vendor-agnostic solution that harnesses the power of the company’s full portfolio. It delivers contextual, correlated, and predictive insights that allow customers to resolve issues more quickly and optimize experiences, while also minimizing business risk.…

Read more →

Network Perception introduced its next-generation NP-View platform, providing improved scalability and throughput, making OT network path analysis and reporting more comprehensive. The new NP-View platform, version 4.2, powered by a second-generation path analysis algorithm, offers significant performance improvements, including faster…

Read more →

Cloudbrink launched a software-only solution that replaces hardware based VPN and SD-WAN appliances for power users in the hybrid workplace. The Cloudbrink app with bridge mode delivers 30 times the performance of small branch office and home routers while reducing…

Read more →

Nile announced a new integration with Palo Alto Networks. With the integration, joint customers can now benefit from a highly integrated solution that brings together Nile Access Service for enterprise campus (NaaS) and Palo Alto Networks Next-Generation Firewalls (NGFWs). Globally,…

Read more →

Prism Infosec has identified two high-risk vulnerabilities within the Aspect Control Engine building management system (BMS) developed by ABB. ABB’s Aspect BMS enables users to monitor a building’s performance and combines real-time integrated control, supervision, data logging, alarming, scheduling and…

Read more →

Google has fixed a high-severity vulnerability in the Chrome browser (CVE-2023-3079) that is being exploited by attackers. About the vulnerability CVE-2023-3079 is a vulnerability that stems from a type confusion in the V8 JavaScript engine, and has been uncovered by…

Read more →

In my last post I discussed how developers can be your security secret weapon… but how to help them love doing security work? That’s a whole other challenge! Stories of the tension between developers and security teams are a longstanding…

Read more →

Many recent breaches and data leaks have been tied back to SaaS apps, according to Adaptive Shield. “We wanted to gain a deeper understanding of the incidents within SaaS applications and how organizations are building their threat prevention and detection…

Read more →

Applications developed by public sector organizations tend to have more security flaws than applications created by the private sector, according to Veracode. The findings are notable because increased numbers of flaws and vulnerabilities in applications correlate with increased levels of…

Read more →

In this Help Net Security video, Ed Adams, CEO of Security Innovation, discusses the shifts in cybersecurity training. 60% of companies now include realistic simulations in their cybersecurity training programs compared to 36% in 2020. According to Security Innovation research,…

Read more →

DigiCert has partnered with ReversingLabs to enhance software security by combining advanced binary analysis and threat detection from ReversingLabs with DigiCert’s enterprise-grade secure code signing solution. DigiCert customers will benefit from improved software integrity through deep analysis that shows their…

Read more →

Lacework announced new CIEM functionality to address the complex and growing challenges in managing identity threats and unnecessary risk within public cloud environments. With over 35,000 granular permissions across hyperscale cloud providers, organizations can struggle to maintain an overview and…

Read more →

Trulioo released new capabilities for automated business and person verification workflows. The latest update bolsters Trulioo global leadership by expanding geographic coverage and localization for person verification and further automating business verification processes to reduce costly manual reviews. With the…

Read more →

NinjaOne announced enhancements to NinjaOne Patch Management, delivering the latest automated patching solutions to maintain business operations and keep organizations secure. Patching is a tedious, time-consuming task but also a critical step to secure modern IT environments, where technology experts…

Read more →

BlackBerry announced a partnership with Upstream Security to enable automakers to strengthen the overall security posture of their vehicles, by leveraging the rich telemetry data and edge compute capabilities from BlackBerry IVY. Upstream’s cloud-native Vehicle Detection and Response (V-XDR) platform…

Read more →

Datadog released Workflow Automation, a new product that enables teams to automate end-to-end remediation processes—with out-of-the-box actions and pre-built templates—across all systems, apps and services to help identify, investigate and resolve service disruptions and security threats faster. DevOps, SRE and…

Read more →

Fingerprint launched Fingerprint Pro Plus, featuring the company’s latest innovation, Smart Signals. These new capabilities provide real-time, actionable intelligence that builds on Fingerprint’s browser and device identification signals which more than 6,000 companies use to help fight and prevent fraud.…

Read more →

Appdome has integrated its platform with GitHub to accelerate the delivery of secure mobile apps globally. GitHub Actions is now part of the Appdome Dev2Cyber Agility Partner Initiative to accelerate the delivery of secure mobile apps globally. With this new…

Read more →

Enveedo has launched its Strategy Execution Platform for Security that enables organizations to build and maintain cyber resiliency. The platform includes a risk management engine, on-demand access to vCISO guidance, and a real-time centralized view of the organization’s systems, assets,…

Read more →

Verizon Business today released the results of its 16th annual Data Breach Investigations Report (2023 DBIR), which analyzed 16,312 security incidents and 5,199 breaches. Chief among its findings is the soaring cost of ransomware – malicious software (malware) that encrypts…

Read more →

1Password begins to offer customers the ability to save and sign into online accounts with passkeys. This summer, early adopters can begin unlocking their 1Password account with a passkey. “Our mission is to help people safeguard their digital identities and…

Read more →

IDnow announces the expansion of its platform to include fully automated document liveness capabilities, data checks and Financial Risk Checks as well as new fraud prevention features. The platform expansion will also include a central, no-code workflow management tool. Document…

Read more →

Zoom has introduced a new range of privacy enhancements and tools to make sure users have control over their data and their privacy preferences. These enhancements not only cater to global customers but also include features specifically designed for users…

Read more →

The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Victimized organizations The confirmed victims so far are Zellis, “UK…

Read more →

In this Help Net Security video, Michael Rinehart, VP of Artificial Intelligence at Securiti.ai, discusses a dark side to generative AI that isn’t talked about enough. Organizations must remember that anything that goes into the learning process can never be…

Read more →

Apple announced its latest privacy and security innovations, including major updates to Safari Private Browsing, Communication Safety, and Lockdown Mode, as well as app privacy improvements. Additionally, Apple introduced new features designed with privacy and security at their core, including…

Read more →

“Once a new technology rolls over you, if you’re not part of the steamroller, you’re part of the road.” – Stewart Brand The digital world is vast and ever-evolving, and central to this evolution are large language models (LLMs) like…

Read more →

67% of consumers are aware of generative AI technologies but they overestimate their ability to detect a deepfake video, according to Jumio. Generative AI awareness among consumers Awareness of generative AI and deepfakes among consumers is high — 52% of…

Read more →

CISOs and ITDMs (IT security decision-makers) continue to be most occupied with business, IT and security program strategy, but they are spending less time on threat research, awareness and hunting compared to 2022, according to Nuspire. The ever-evolving cybersecurity landscape…

Read more →

Traceable AI announced API Security Reference Architecture for Zero Trust. This reference architecture serves as a guide for security leaders as the industry addresses the urgency of integrating API Security into zero trust security initiatives. Zero trust, a cybersecurity framework…

Read more →

After making passkeys available for consumers in early May, Google is now rolling them out for Google Workspace and Google Cloud accounts. This feature will soon be available (in open beta) for more than 9 million organizations and aims to…

Read more →

LogicGate introduced a new OpenAI integration that will help automate and inform GRC processes, including policy generation. Founded in 2015 by seasoned risk consultants, LogicGate automates and centralizes tedious, time-consuming governance, risk, and compliance (GRC) workflows with Risk Cloud, its…

Read more →

The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many…

Read more →

With the availability of the BigID Data Classification App on the ServiceNow Store, this expanded relationship provides more advanced security and privacy capabilities for workflow automations. BigID automates the discovery and classification of personal, regulated, critical, and sensitive data in…

Read more →

AntChain announced a new collaboration with Intel to launch AntChain Massive Data Privacy-Preserving Computing Platform (MAPPIC), a new privacy-preserving computing platform that brings a data privacy protection solution for large-scale AI machine learning. As a Software-as-a-Service (SaaS) platform, MAPPIC is…

Read more →

Malicious bots are taking new forms – a burst of spam and scam text messages led to 18,000+ consumer complaints at the FCC last year. One of the newest scams – artificial inflation of traffic (AIT) – targets the SMS…

Read more →

In today’s rapidly evolving digital landscape, organizations face constant cyber threats that can compromise their sensitive data, disrupt operations, and damage their reputation. Staying informed about the latest cyberattacks and understanding effective protection methods is crucial. This list of free…

Read more →

Are you watching your employees? Though the question may incite thoughts of “Big Brother” and an all-seeing or all-knowing entity, it isn’t quite as ominous as you might think. Employee productivity surveillance technology, or EPST, often tracks statistics such as…

Read more →

As the digital revolution changes the claims process, both carriers and customers are increasingly concerned about data privacy, according to LexisNexis Risk Solutions. More than 60% of consumers have concerns over the security of their personally identifiable information when they…

Read more →

Forced verification and deepfake cases multiply at alarming rates in the UK and continental Europe, according to Sumsub. In Germany alone, forced verification grew by 1500% as a proportion of all fraud cases, from 0.3% in the full year 2022…

Read more →

Katie Boswell spent years on the front lines securing the most critical national infrastructure in energy and life sciences. Yet, earlier in her career, she was told that senior leadership was not for her if she planned on becoming a…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: MOVEit Transfer zero-day attacks: The latest info Progress Software has updated the security advisory and confirmed that the vulnerability (still without a CVE number) is…

Read more →

Digi International has released the latest version of Digi SkyCloud, a solution for monitoring, analyzing and controlling field data. The 23.5 update of SkyCloud introduces a range of new features, giving users effortless systems integrations with remote monitoring and control…

Read more →

OffSec launched a newly expanded OffSec Global Partner Program. With cyber threats becoming increasingly sophisticated, organizations are seeking reliable partners to address the ever-growing demand for skilled cybersecurity professionals. In response to this market need, OffSec’s new program introduces a…

Read more →

Google has tripled the full reward amount for the first security bug report that includes a functional full chain exploit of its popular Chrome browser. Six months of higher rewards for a Chrome full chain exploit The Chrome Vulnerability Rewards…

Read more →

ON2IT announces the addition of the CISA Zero Trust Maturity Model into its Zero Trust as a Service platform, AUXO. Organizations can use ON2IT’s Zero Trust as a Service platform to strengthen cyber defenses and easily embrace Zero Trust. With…

Read more →

Galvanick announced its $10 million seed round. Major investors included MaC Venture Capital, Founders Fund, Village Global, Countdown Capital, Hanover Technology Investment Management, Shrug Capital, 8090 Industries, and over 25 angel investors specializing in cybersecurity, manufacturing, finance, and defense. Galvanick…

Read more →

There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice Progress Software has…

Read more →

Qakbot (aka Qbot) – banking malware-turned-malware/ransomware distribution network – has been first observed in 2007 and is active to this day. The neverending adaptability of this threat is key to its long-term survival and success. “Qakbot operators tend to reduce…

Read more →

As the world’s most powerful military and economic power, the United States also holds another, less impressive distinction: Cyber threat actors target the US more than any other country in the world. In 2022 alone, the FBI received more than…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Bitdefender, ConnectSecure, CYTRACOM, Permit.io, and PingSafe. Permit.io launches FoAz to give frontend developers the keys to security Short for frontend-only authorization, FoAz is a technology…

Read more →

Despite rising labor costs, economic inflation, and companies making an effort to cut back, the salary outlook for IT professionals is positive, according to InformationWeek. Work-life balance and base pay top the list as what matters most to IT professionals…

Read more →

According to Egress, the evolving attack methodologies currently used by cybercriminals are designed to get through traditional perimeter security. “The evolution of phishing emails continues to pose a major threat to organizations, emphasizing the need to enhance defenses to prevent…

Read more →

In this Help Net Security video interview, Rick Howard, CSO of N2K, Chief Analyst, and Senior Fellow at the Cyberwire, discusses his book – Cybersecurity First Principles: A Reboot of Strategy and Tactics. In the book, Howard challenges the conventional…

Read more →

The 1Kosmos BlockID distributed identity cloud service, which unifies identity verification and passwordless authentication, is now available in the AWS Marketplace. This listing makes it easy for customers to test and deploy BlockID, as well as directly procure it in…

Read more →

Resecurity’s Digital Identity Product (IDP) is a solution designed to enhance online security and protect enterprises’ and individuals’ digital identities in an increasingly interconnected world. With the ever-present risk of cyber threats compromising personal information, IDP offers a robust framework…

Read more →

New Relic has announced an integration with the newly launched Amazon Security Lake. With this integration, New Relic customers can access and monitor their Amazon Security Lake security log data and events in New Relic. This allows users to leverage…

Read more →

Cobalt Iron launched Compass NAS Protector, a new set of features in its Cobalt Iron Compass enterprise SaaS backup platform. Intended to aid enterprise NAS and backup administrators, Compass NAS Protector speeds up backups, simplifies management of NAS data, and…

Read more →

WithSecure’s USB armory is an open-sourced, single board computer with a unique form factor and capabilities. It has been used in a variety of applications, including (but not limited to) encrypted storage solutions, hardware security modules (HSM), enhanced smart cards,…

Read more →

Secureworks has launched two new offerings to unify the way industrial organizations prevent, detect, and respond to threats across the OT and IT landscapes. The convergence of OT and IT in the industrial sector brings technological and economic benefits, but…

Read more →

Uptycs has integrated with Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes security data from across AWS environments, SaaS providers, on-premises, and cloud sources into a purpose-built data lake. Amazon Security Lake manages data throughout…

Read more →

CYTRACOM announces a significant update to its ControlOne platform, enabling MSPs to prevent managed clients from evading security requirements and create a passwordless experience for end-users. Managed users are now always on the virtual corporate network, secured by unified global…

Read more →

A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential unauthorized access to the environment,” the company warned…

Read more →

Nozomi Networks and Cynalytica have unveiled they have partnered to provide a visibility, monitoring and threat detection solution that encompasses both TCP/IP-based and non-IP based serial bus and analog connections found in OT and IoT environments. The joint solution simplifies…

Read more →

Stellar Cyber announced support for the Amazon Security Lake from Amazon Web Services (AWS). Organizations using the Stellar Cyber Open XDR Platform and AWS can directly ingest data from the Amazon Security Lake into Stellar Cyber, automatically enabling richer data…

Read more →

Safe Security announced Cyber Risk Cloud of Clouds for predicting and preventing cyber breaches. In contrast to the rest of the industry that takes a reactive approach, SAFE’s Cyber Risk Cloud of Clouds enables organizations to make informed and predictive…

Read more →

Code42 Software has announced the appointment of Wayne Jackson to its board of directors. Jackson boasts an impressive career in enterprise security software and currently serves as the CEO of Sonatype. “We are pleased to welcome Wayne Jackson to Code42’s…

Read more →

Resecurity announced the appointment of Shawn Loveland as its Chief Operating Officer (COO). With an impressive track record of over 35 years in technology and cybersecurity, Mr. Loveland brings extensive experience and expertise to the Resecurity team. His illustrious career…

Read more →

Syxsense announced a partnership with VLCM, an IT solutions and services provider focused on meeting customer needs for cybersecurity, networking, cloud, big data, and more. VLCM is one of Syxsense’s platinum channel partners and offers Syxsense Manage, Syxsense Secure, and…

Read more →

Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident responders “Google Workspace…

Read more →

CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-2023-28771 is a vulnerability that allows unauthenticated attackers to…

Read more →

In this Help Net Security interview, Jay Chaudhry, CEO at Zscaler, talks about connecting and securing remote employees and their devices to access organizational resources from any location. He discusses the potential risks of remote VPN access, the increasing reliance…

Read more →

The cloud is the future of enterprise architecture. It’s economical (to a degree), it’s scalable, it’s flexible and – best of all – it’s someone else’s responsibility. Again, to a point. That’s because the cloud comes with its own set…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Aqua Security, Axiado, Bitwarden, Cloudflare, ComplyAdvantage, Dashlane, Delinea, Enzoic, Feedzai, Immersive Labs, Intruder, Nebulon, NETSCOUT, Neurotechnology, Nozomi Networks, OpenVPN, Private AI, Radware, Satori, Trua, Vanta,…

Read more →

A 25% increase in the use of phishing kits has been recorded in 2022, according to Group-IB. The key phishing trends observed are the increasing use of access control and advanced detection evasion techniques. The rise in evasive tactics, such…

Read more →

Ransomware has become an ever-present threat to individuals, businesses, and even entire nations. In this Help Net Security round-up, we present parts of previously recorded videos from experts in the field that shed light on the pressing ransomware issues. Complete…

Read more →

An essential aspect of organizational operations is effectively responding to and returning from a disruptive event, commonly called disaster recovery. The primary objective of DR techniques is to restore the utilization of crucial systems and IT infrastructure following a disaster.…

Read more →

Bitdefender unveiled GravityZone Security for Mobile, designed to provide organizations with advanced Mobile Threat Detection (MTD) and security for Android, iOS and Chromebook devices, including Chrome extensions. The new offering helps enterprises, managed service providers (MSPs) and their customers gain…

Read more →

Rezilion released its new Smart Fix feature in the Rezilion platform, which offers critical guidance so users can understand the most strategic, not just the most recent, upgrade to fix vulnerable components. Patching is a complicated and noisy process, which…

Read more →

PingSafe launched KSPM module to provide an end-to-end security solution that encompasses the entire container lifecycle, from development to production, helping organizations securely navigate the dynamic landscape of container orchestration. By tightly integrating into PingSafe’s CNAPP platform, KSPM module, along…

Read more →

ConnectSecure is adding deep attack surface scanning and the Exploit Prediction Scoring System (EPSS) to its cybersecurity platform for managed service providers (MSPs) that protect small and midsize businesses. The new capabilities will be fully integrated into the ConnectSecure platform,…

Read more →

If you’re running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else’s behalf. The attack Indicators of the ongoing campaign were first…

Read more →

Permit.io has launched FoAz which enables frontend developers to take access controls into their own hands. Short for frontend-only authorization, FoAz is a technology that empowers frontend developers to use sensitive APIs directly from the frontend, without requiring any backend…

Read more →

Netskope announced an integration between Netskope’s Intelligent Security Service Edge (SSE) platform and Amazon Security Lake from AWS. Amazon Security Lake is a service that automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers, on-premises,…

Read more →

Zyxel has patched a high-severity authenticated command injection vulnerability (CVE-2023-27988) in some of its network attached storage (NAS) devices aimed at home users. About the vulnerability (CVE-2023-27988) The vulnerability was discovered in the devices’ web management interface. “An authenticated attacker…

Read more →

Ping Identity announced PingOne Protect, a new fraud detection and risk management service to prevent account takeover and fake accounts while solving multi-factor authentication (MFA) fatigue for end users. PingOne Protect takes a unique approach to threat protection, combining Identity…

Read more →

Hitachi Vantara introduced Hitachi Data Reliability Engineering (DRE), a suite of consulting services helping organizations improve the quality and consistency of business-critical data. Amid a surge of data from connected devices and applications, organizations are challenged with increasingly complex data…

Read more →

Mirantis announced Lens Control Center, to enable large businesses to centrally manage Lens Pro deployments by standardizing configurations, consolidating billing, and enabling control over outbound network connections for greater security. Over 1 million people use Lens to make them significantly…

Read more →

Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers. By analyzing a year’s worth of APT campaign data they collected from the 200,000+ SMBs that have their security…

Read more →

Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2023.2 Aside from updates for existing tools, a new Kali version usually comes with new tools.…

Read more →

In this Help Net Security interview, Deepika Chauhan, CPO at DigiCert, talks about the importance of maintaining high trust assurance levels for businesses in today’s digital landscape. How does DigiCert define “digital trust,” and why is it essential for businesses…

Read more →

Organizations of all sizes are increasingly falling victim to ransomware attacks and inadequately protecting against this rising cyberthreat, according to Veeam. One in seven organizations will see almost all (>80%) data affected as a result of a ransomware attack –…

Read more →

Protecting operational technology (OT) systems is now more critical than ever as more organizations connect their OT environments to the internet, according to Fortinet. Although IT/OT convergence has many benefits, it is being hampered and handicapped by advanced and destructive…

Read more →

In this Help Net Security video, Jason Lewkowicz, Chief Services Officer at Optiv, discusses mental health in cybersecurity, which needs more attention. There is a confluence of factors – from the cybersecurity talent shortage and reductions in force to volatile…

Read more →

Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability (CVE-2023-2868) resulted in the deployment of three types of malware and data exfiltration. The company did not say how many organizations have…

Read more →

API calls make up the majority of our digital lives. Take, for example, the everyday use of a cloud-based food delivery app, which could involve up to 25 API calls. Between the order being placed, transmission to the restaurant, the…

Read more →

Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organization, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. Barracuda Networks research finds 24% of organizations studied had at least…

Read more →

Threat actors are abusing generative AI to carry out child sex abuse material (CSAM), disinformation, fraud and extremism, according to ActiveFence. “The explosion of generative AI has far-reaching implications for all corners of the internet,” said Noam Schwartz, CEO and…

Read more →

Building a custom cracking rig for research can be expensive, so penetration tester Max Ahartz built one on AWS. In this Help Net Security interview, he takes us through the process and unveils the details of his creation. What motivated…

Read more →

Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. Any vulnerabilities within this software supply chain can jeopardize your and your customers’ safety. In this Help Net Security video,…

Read more →