Category: Help Net Security

Codenotary and Snyk alliance agreement provides enhanced security and trust for the modern development organization seeking to assure that only known and trusted artifacts are used in software builds. Vulnerability scanners are widely used by organizations of all sizes and…

Read more →

LogRhythm and Mimecast’s integration will help organizations around the globe protect against modern cyberattacks. Organizations need the ability to correlate data from their disparate security products and services to distinguish the real threats from false alarms. LogRhythm SIEM integrates Mimecast’s…

Read more →

The US Justice Department announced the completion of court-authorized operation MEDUSA, to disrupt a global peer-to-peer network of computers compromised by sophisticated malware, called “Snake” (aka “Uroburos”), that the US Government attributes to a unit within Center 16 of the…

Read more →

Nutanix announced new capabilities in the Nutanix Cloud Platform to enable customers to integrate data management of containerized and virtualized applications on-premises, on public cloud, and at the edge. This includes comprehensive data services for Kubernetes applications as well as…

Read more →

GitHub is making push protection – a security feature designed to automatically prevent the leaking of secrets to repositories – free for owners of all public repositories. Previously, the feature was available only for private repositories with a GitHub Advanced…

Read more →

SquareX, led by serial cybersecurity entrepreneur Vivek Ramachandran, is developing a browser-based cybersecurity product to keep consumers safe online. The company announced that it has raised $6 million in a seed round led by Sequoia Capital Southeast Asia. It will…

Read more →

SquareX, led by serial cybersecurity entrepreneur Vivek Ramachandran, is developing a browser-based cybersecurity product to keep consumers safe online. The company announced that it has raised USD 6 million in a seed round led by Sequoia Capital Southeast Asia. It…

Read more →

Kubernetes Security Operations Center (KSOC) released the first-ever Kubernetes Bill of Materials (KBOM) standard. Available in an open-source CLI tool, this KBOM enables cloud security teams to understand the scope of third-party tooling in their environment to respond quicker to…

Read more →

The technology sector had the highest number of malware-infected employees, most exposed corporate credentials and the majority of all stolen cookies, according to SpyCloud. Drawing on SpyCloud’s database of 400+ billion recaptured assets from the criminal underground, researchers analyzed 2.27…

Read more →

A large language model (LLM) is an artificial intelligence (AI) algorithm that employs deep learning methodologies, and extensive data sets to comprehend, condense, create, and predict new content. An example of an LLM is ChatGPT, a model developed by OpenAI…

Read more →

Malicious actors are increasingly exploiting legitimate tools to accomplish their goals, which include disabling security measures, lateral movement, and transferring files. Using commonly available tools allows attackers to evade detection. While custom-built tools or malware can be flagged as malicious…

Read more →

Asked about the Board and C-Suite‘s understanding of cybersecurity across the organisation, only 39% of respondents think their company’s leadership has a sound understanding of cybersecurity’s role as a business enabler, according to Delinea. The high cost of ignoring security…

Read more →

For May 2023 Patch Tuesday, Microsoft has delivered fixes for 38 CVE-numbered vulnerabilities, including a patch for a Windows bug (CVE-2023-29336) and a Secure Boot bypass flaw (CVE-2023-24932) exploited by attackers in the wild. The two exploited bugs (CVE-2023-29336, CVE-2023-24932)…

Read more →

Nebulon announced TripLine, a new threat detection service designed to alert customers when a cryptographic ransomware attack has been detected, as well as the precise location and point-in-time the attack occurred. The company also announced smartDefense, a cybersecurity solution that…

Read more →

SAIC introduced its new encrypted query analytics and data retrieval (EQADR) platform. “Agencies rely on data to help support their missions in a secure environment,” said Andy Henson, VP, Innovation at SAIC. “We are providing our customers with data encryption…

Read more →

Zscaler has expanded Zscaler Digital Experience (ZDX), an integrated solution that provides end-to-end visibility and IT troubleshooting capabilities accessed through the Zscaler security cloud. The modern workforce is geographically dispersed, resulting in difficulties for IT and helpdesk teams that need…

Read more →

CertifID released an identity verification solution to help title agencies and real estate firms combat seller impersonation fraud. The solution augments CertifID’s existing capabilities that evaluate more than 150 markers of fraud, including the verification of wiring instructions and bank…

Read more →

OneLayer released OneLayer Bridge, a security solution for private mobile networks. The use of private cellular networks allows organizations to improve IoT and OT device connectivity. As the adoption of these networks increases, organizations must consider the essential aspect of…

Read more →

Kyndryl introduced a managed Secure Access Service Edge (SASE) solution powered by Fortinet, which aims to help customers enable advanced network security initiatives. The solution combines Fortinet’s cloud-delivered security and secure networking solutions with Kyndryl’s network and security services to…

Read more →

ThreatBlockr and GreyNoise announced a partnership that will enhance the ThreatBlockr platform. By leveraging GreyNoise data, ThreatBlockr customers now have automatic access to this enhanced cyber intelligence and the largest cyber intelligence data set that protects against false positives. “False…

Read more →

DigiCert announced a partnership to provide DigiCert ONE, the platform for digital trust, on Oracle Cloud Infrastructure (OCI). Customers will benefit from DigiCert ONE’s fast time to value combined with OCI’s high-performance and security-first architecture for single and multi-cloud deployments.…

Read more →

Waterfall Security Solutions and Atlantic Data Security announced a partnership to protect data centers, building automation systems and critical infrastructure facilities. With attacks on OT networks becoming more powerful and pervasive, this new partnership provides owners and operators with solutions…

Read more →

SafePaaS announces its Unified Privileged Access Management (UPAM) solution to protect the digital enterprise without the complexity of traditional PAM solutions that fail to meet the evolving needs of today’s dynamic, complex organizations. SafePaaS’ UPAM offering enables in-depth cyber mechanisms…

Read more →

Webb Protocol raised $7 million in a seed funding round co-led by Polychain and Lemniscap, with participation from Zeeprime, CMS Holdings among others. The funding will go towards growing Webb’s staff base, accelerating the development of innovative privacy tools and…

Read more →

Microsoft has enabled number matching for Microsoft Authenticator push notifications to improve user sign-in security. Authenticator MFA number matching in action (Source: Microsoft) “If the user has a different default authentication method, there’s no change to their default sign-in. If…

Read more →

OpenVPN has introduced Device Identity Verification & Enforcement (DIVE) to their cloud-based solution, CloudConnexa (previously known as OpenVPN Cloud). This powerful new feature will take your ZTNA structure to the next level. With the rapid growth of remote and hybrid…

Read more →

With increased data breaches, errors, ransomware and hacks, digital trust can be the difference between retaining reputations and customer loyalty after a major incident and suffering serious, time-consuming, and expensive losses, according to ISACA. From digital trust to business success…

Read more →

DEF CON’s AI Village will host the first public assessment of large language models (LLMs) at the 31st edition of the hacker convention this August, aimed at finding bugs in and uncovering the potential for misuse of AI models. The…

Read more →

API sprawl is a prevalent issue in modern enterprises, as APIs are being developed and deployed at an unprecedented rate. As highlighted by Postman’s 2022 State of the API Report, “89% of respondents said organizations’ investment of time and resources…

Read more →

In this Help Net Security video, Devon Kerr, Team Lead, Elastic Security Labs, talks about the 2023 Global Threat Report Spring edition. Key takeaways In this report, the Elastic Security team highlights how they’ve noticed a slight increase in Linux…

Read more →

Organizations need to be able to match the ingenuity and resources of cybercriminals to better defend themselves against the increasing number of threats and attacks that could paralyze their business. Unfortunately, some laws restrict genuine security research. As we await…

Read more →

Cloudflare has partnered with Kyndryl to help enterprises modernize and scale their corporate networks with managed WAN-as-a-Service and Cloudflare zero trust. The partnership couples Kyndryl’s expert managed end-to-end networking services with Cloudflare’s robust technology platform to enable enterprises to streamline…

Read more →

Privoro announced a new partnership with Samsung to provide a security capability for mobile devices. The new capability provides a critical shield against the invisible threat posed by modern cyberweapons via high-assurance control over the radios, sensors and other peripherals…

Read more →

Waratek introduced API security to its Java Security Platform, giving customers the ability to scale strategic risk mitigation in the enterprise. This unique combination provides turnkey protection against bytecode and serialization vulnerabilities, classpath manipulation, and sandbox escapes that are unique…

Read more →

The cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company’s private code signing keys on their dark web site. The breach MSI (Micro-Star International) is a corporation that develops and sells computers (laptops, desktops, all-in-one PCs,…

Read more →

The Western Digital online store is offline as a result of the “network security incident” it suffered in March 2023. Users have been notified On May 5, 2023, the company emailed its customers to say that an unauthorized party obtained…

Read more →

AI technology is fueling a rise in online voice scams, with just three seconds of audio required to clone a person’s voice, according to McAfee. McAfee surveyed 7,054 people from seven countries and found that a quarter of adults had…

Read more →

The rise of AI-generated identity fraud like deepfakes is alarming, with 37% of organizations experiencing voice fraud and 29% falling victim to deepfake videos, according to a survey by Regula. In this Help Net Security video, Henry Patishman, Executive VP…

Read more →

A key term when discussing encryption these days is end-to-end (E2E) encryption. The idea with E2E encryption is that data is kept confidential between the encryptor and the intended receiver. This might seem an obvious requirement, but not all so-called…

Read more →

Paul Cha is a cyber and product security leader, serving as the VP of Cybersecurity at LG Electronics Vehicle component Solutions. Paul held critical positions at Synopsis, Ford Motor Company, and Samsung before joining LG. He found his way to…

Read more →

Businesses worldwide are eagerly embracing the potential for AI to provide personalized customer experiences, but customers remain cynical, according to Twilio. This year’s report underscores the value of an AI-driven personalization strategy for brands looking to both retain existing customers…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Former Uber CSO avoids prison for concealing data breach Joe Sullivan, the former Uber CSO who has been convicted last year for attempting to cover…

Read more →

CACI announced a strategic partnership to provide the DarkPursuit capability within the Torchlight Catalyst platform. This partnership will provide Torchlight customers, mainly Special Operations Forces (SOF), with safe and secure access to browse the open, deep, and dark web. “We…

Read more →

Mirantis announced the latest update of open source k0s, which adds compatibility with the latest release of Kubernetes 1.27, as well as improvements and bug fixes to k0s. The latest update of Mirantis k0s makes improvements that simplify installation and…

Read more →

AutoCrypt KEY enables OEMs and suppliers to manage all types of cryptographic keys used for the components of connected and electric vehicles. Modern vehicles function through communications, including internal communications between ECUs and application processors, and external connections with nearby…

Read more →

Joe Sullivan, the former Uber CSO who has been convicted last year for attempting to cover up a data breach Uber suffered in 2016 and kept it hidden from the Federal Trade Commission (FTC), has been sentenced to three years…

Read more →

Edgecore Networks has partnered with Wedge Networks to offer a next-generation network security solution to its customers. Wedge Networks’ Wedge Cloud Network Defense (WedgeCND), a cloud-managed security service designed to provide comprehensive security protection, is now available as an add-on…

Read more →

Cisco has revealed the existence of a critical vulnerability (CVE-2023-20126) in the web-based management interface of Cisco SPA112 2-Port Phone Adapters. The adapters are widely used to integrate analog phones into VoIP networks without the need for an upgrade. About…

Read more →

OneTrust announces AI-driven document classification to help organizations more accurately and completely identify and classify unstructured data and automatically apply governance and protection policies. “An organization’s data is what fuels innovation and gives them a competitive edge,” said Blake Brannon,…

Read more →

Edgecore Networks has partnered with Wedge Networks to offer a next-generation network security solution to its customers. Wedge Networks’ Wedge Cloud Network Defense (WedgeCND), a cloud-managed security service designed to provide comprehensive security protection, is now available as an add-on…

Read more →

The April Patch Tuesday releases were unusual because we saw a whopping 62 vulnerabilities addressed in the Microsoft Server 2012 KBs. Granted there was a lot of overlap with the CVEs addressed in Windows 10 and 11, but compared to…

Read more →

Satori released Universal Data Permissions Scanner, a free, open-source tool that enables companies to understand which employees have access to what data, reducing the risks associated with overprivileged or unauthorized users and streamlining compliance reporting. Who has access to what…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Dashlane, Immersive Labs, Intruder, Private AI, Vanta, and Veza. Immersive Labs Resilience Score strengthens executive decision making in cyber crises Immersive Labs Resilience Score helps…

Read more →

In the first quarter of 2023 there was a significant increase in cyberattacks exploiting trust in established tech brands Microsoft and Adobe, according to Avast. The Avast report also found a 40% rise in the share of phishing and smishing…

Read more →

Cyber-risk levels have improved from “elevated” to “moderate” for the first time, but insiders represent a persistent threat for global organizations, according to Trend Micro. Jon Clay, VP of threat intelligence at Trend Micro: “For the first time since we’ve…

Read more →

AppOmni announced free Salesforce Community Cloud Scanner to help organizations secure their Salesforce Community websites from data exposure risks and misconfigurations. Salesforce data leaks recently identified by Krebs on Security have resulted in exposure of numerous Salesforce Community Cloud customers’…

Read more →

The City of Dallas, Texas, has suffered a ransomware attack that resulted in disruption of several of its services. What do we know so far? “Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a…

Read more →

Airgap Networks announced that it is bringing the power of AI to its Zero Trust Firewall with ThreatGPT. Built on an advanced AI/ML model designed to protect enterprises from evolving cyber threats, ThreatGPT delivers a new level of insight and…

Read more →

HUB Security entered into an agreement for up to $16 million in gross proceeds from Lind Global Asset Management VI LLC, an investment entity managed by The Lind Partners, a New York based institutional fund manager (together, “Lind”). This investment…

Read more →

Criminal IP, an OSINT-based search engine provided by AI Spera, launched a new WordPress plugin called Anti-Brute Force, Login Fraud Detector, also known as Criminal IP FDS (Fraud Detection System). This latest development promises to revolutionize the digital security landscape…

Read more →

Arthur introduced a powerful addition to its suite of AI monitoring tools: Arthur Shield, a firewall for large language models (LLMs). This patented new technology enables companies to deploy LLM applications like ChatGPT more safely within an organization, helping to…

Read more →

Intruder has launched its continuous attack surface monitoring capabilities. The company’s new premium plan offering takes vulnerability management to the next level with continuous coverage, increasing visibility and transparency of external attack surfaces. On average, 65 new vulnerabilities are discovered…

Read more →

Protecto announced it has been able to boost the performance of its privacy models on NVIDIA GPUs, allowing the discovery of privacy issues up to 10x faster than before. With the help of powerful NVIDIA GPU technology, Protecto has delivered…

Read more →

Employing proprietary architecture, the Aegis NVX is the first Apricorn encrypted device to feature an NVME SSD inside, to address the immediate protection of raw data delivered directly from its source at high speeds. Initial capacity offerings will be 500GB,…

Read more →

“Since the beginning of 2023 until the end of April, out of 13,296 new domains created related to ChatGPT or OpenAI, 1 out of every 25 new domains were either malicious or potentially malicious,” Check Point researchers have shared on…

Read more →

BSidesLjubljana 0x7E7, a non-profit conference organized by the information security community, will take place on June 16, 2023, at the C111 Computer Museum. The deadline for the call for papers (CFP), initially set for April 30, has been extended for…

Read more →

The success of ChatGPT, a text-generation chatbot, has sparked widespread interest in generative AI among millions of people worldwide. According to Jumio’s research, 67% of consumers globally are aware of generative AI technologies, and in certain markets, such as Singapore,…

Read more →

Ensuring the security of the open-source software that modern organizations depend on is a crucial responsibility of the open source maintainers, especially as attacks on the software supply chain are increasingly common, according to Tidelift. Open source software security In…

Read more →

75% of organizations typically change or update their APIs on a daily or weekly basis, creating a significant challenge for protecting the changing API attack surface, according to Data Theorem and ESG. Insecure APIs plague organizations In a related finding,…

Read more →

Amazon Inspector is designed to manage vulnerabilities by continuously scanning your AWS workloads for software vulnerabilities and unintended network exposure across your entire organization. Upon activation, Amazon Inspector automatically detects all your Amazon Elastic Compute Cloud (EC2) instances, container images…

Read more →

Avetta has released the Cyber Risk Solution, providing a quantitative score that evaluates cyber health in 10 areas and delivers an aggregate grade for each supplier. The Avetta One feature offers a diagnostic cyber health check that identifies potential risk…

Read more →

Keysight Technologies has launched a new cybersecurity partnership program for managed security service providers (MSSP) to improve the security posture of organizations using the breach and attack simulation (BAS) capabilities of Keysight Threat Simulator. Cyberattacks are on the rise and…

Read more →

Dashlane introduced Passwordless Login, a technology that eliminates the need to create a master password to access Dashlane. The company was the first password manager to offer an extension that supports passkeys and this is the next step in that…

Read more →

Five years ago, security researcher Fernandez Ezequiel discovered a vulnerability (CVE-2018-9995) in many digital video recorder (DVR) brands and released a tool for exploiting it. The vulnerability is still being exploited in the wild, FortiGuard Labs warns: the company’s intrusion…

Read more →

ManageEngine announced that its identity security solution, ADSelfService Plus, now offers offline MFA for Windows. This new feature allows organizations to secure their data with next-gen authentication methods that prevent unsecured access to remote machines even when they are disconnected…

Read more →

Vanta launched Vendor Risk Management (VRM) solution, enabling organizations to accelerate, automate and simplify third-party vendor security reviews and due diligence. Featuring vendor auto-discovery and continuous vendor assessment and remediation workflows, Vanta’s VRM offering significantly reduces the time and costs…

Read more →

Users can now create passkeys for their Google account, the company has announced on Wednesday. Passkeys will enable users to sign in to their Google account on all major platforms and browsers with their fingerprint, face recognition, or a local…

Read more →

Location-tracking devices help users find personal items like their keys, purse, luggage, and more through crowdsourced finding networks. However, they can also be misused for unwanted tracking of individuals. Apple and Google jointly submitted a proposed industry specification to help…

Read more →

Immersive Labs announced the launch of the Immersive Labs Resilience Score. The score measures an organization’s workforce preparedness for cyber attacks and breaches based on Immersive Labs’ years of benchmarking data across industry verticals. The score will help organizations identify…

Read more →

T-Mobile has revealed a second data breach that occurred in 2023, which reportedly exposed customer data and account PINs, leaving many T-Mobile users vulnerable to potential fraud and identity theft. What happened? The attack started on February 24 and lasted…

Read more →

In September 2023, Google Chrome will stop showing the lock icon when a site loads over HTTPS, partly due to the now ubiquitous use of the protocol. The misunderstood Lock icon It took many years, but the unceasing push by…

Read more →

Attackers are finding new ways to evade detection and blend in with normal network traffic using HTTP and HTTPS to deliver malware, according to Netskope. On average, five out of every 1,000 enterprise users attempted to download malware in Q1…

Read more →

Development teams utilize automation through Infrastructure as Code (IaC) to facilitate rapid and frequent changes to their cloud-native architectures. Security teams must adopt automation and incorporate security measures into code to keep up with the quickly evolving software development. Now,…

Read more →

As outside economic pressures continue to shape how organizations think and allocate resources, data security continues to be a high priority. Due to their dependence on data to innovate and reduce expenses, many businesses are significantly more exposed to the…

Read more →

Veza has unveiled Veza for SaaS Apps, a solution to deliver access security and governance across SaaS applications, including Salesforce, JIRA, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. The solution allows customers to automate access reviews, find and fix privilege…

Read more →

KnectIQ has introduced SelectiveTRUST, the zero trust-based platform that prevents credential misuse to mount initial intrusions and credential-based privilege escalation by bad actors. Additionally, the security architecture and flexibility of SelectiveTRUST: Assures Trusted Connectivity, secure communication, and data sharing, at…

Read more →

Hopefully, you’ve been working with the Center for Internet Security (CIS) on securing your cloud infrastructure for a while now. Initially, you might have used our CIS Benchmarks and other free resources to manually configure your operating systems in the…

Read more →

Box unveiled Box AI, a new suite of capabilities that will natively integrate advanced AI models into the Box Content Cloud, bringing Box’s enterprise-grade standards for security, compliance, and privacy to this breakthrough technology. Box AI will make it easier…

Read more →

CYTRIO has introduced a data privacy UX platform that includes consent and preference management, do not sell my information, Data Subject Access Request (DSAR) management, and policy templates in one data privacy compliance platform. Businesses of all sizes can now…

Read more →

Trellix expanded support for Amazon Security Lake from AWS, designed to automatically centralize security data from cloud, on-premises, and custom sources into a purpose-built data lake. This offering is designed to enable simpler and faster delivery of Trellix XDR solutions…

Read more →

Spin.AI has partnered with Google to integrate its new Chrome Extension Risk Assessment in Chrome Browser Cloud Management. This free tool gives administrators increased visibility into browser extensions detected across the Chrome ecosystem and allows SecOps teams to better assess…

Read more →

Conceal announced partnership with Moruga to help organizations of all sizes monitor and detect malicious activity at the edge. Moruga’s proprietary Cybhermetics security platform aggregates industry-leading cybersecurity companies to create the Zero Day Protection Suite. This cybersecurity bundle combines a…

Read more →

Appdome has released a pre-built integration between its platform and GitLab that is part of Appdome’s Dev2Cyber Partner initiative to accelerate delivery of secure mobile apps globally. “This new integration allows mobile brands to use GitLab to build any of…

Read more →

A recently patched vulnerability (CVE-2023-21932) in Oracle Opera, a property management system widely used in large hotel and resort chains, is more critical than Oracle says it is and could be easily exploited by unauthenticated remote attackers to access sensitive…

Read more →

There has been a noted increase in malvertising via Google Ads this year, aimed at tricking users into downloading malware; among these malicious payloads is LOBSHOT, an infostealer that can also establish and keep long-term remote control of target computers…

Read more →

The security updating of iPhones, iPads and Macs has entered a new stage: Apple has, for the first time, released a Rapid Security Response to owners of the devices running the latest versions of its operating systems. Apple Rapid Security…

Read more →

Researchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that’s capable of copying saved credentials from the Google Chrome login data folder. ChatGPT has not released an official desktop client, but this bogus version looks remarkably similar…

Read more →

Private AI launched PrivateGPT, a new product that helps companies safely leverage OpenAI’s chatbot without compromising customer or employee privacy. “Generative AI will only have a space within our organizations and societies if the right tools exist to make it…

Read more →

Onfido announced that its Real Identity Platform services are now available for Salesforce Financial Services Cloud customers. Financial Services Cloud customers now have access to a suite of Onfido’s services, including Onfido’s library of global identity verification tools, Studio, Onfido’s…

Read more →

Security analysts face the demanding task of investigating and resolving increasing volumes of alerts daily, while adapting to an ever-changing threat landscape and keeping up with new technology. To complicate matters further, the cybersecurity workforce gap – which increased by…

Read more →