Category: Help Net Security

Organizations have strengthened security measures and become more resilient, but threat actors are still finding ways through, according to BakerHostetler. “We launched the Data Security Incident Response Report nine years ago because we recognized that organizations were making data-driven decisions…

Read more →

Insider attacks such as fraud, sabotage, and data theft plague 71% of U.S. businesses, according to Capterra. These schemes can cost companies hundreds of thousands of dollars and the vast majority of businesses (79%) say they take longer to uncover…

Read more →

In this Help Net Security interview, Filipe Beato, Lead, Centre for Cybersecurity, World Economic Forum, shares his expertise on the correlation between the digitization of the manufacturing sector and the rise in cyberattacks. He delves into the far-reaching impact of…

Read more →

Excessive privileges are a continuing headache for security professionals. As more organizations migrate assets to the cloud, users with excessive permissions can expand the blast radius of an attack, leaving organizations open to all sorts of malicious activity. Cloud environments…

Read more →

Companies’ operating models today are significantly more complex than they were just a couple of years ago, according to BeyondTrust. Remote employees accessing key systems and data, more applications, and information stored and flowing through the cloud, are all helping…

Read more →

Bot attacks were previously seen as relatively inconsequential type of online fraud, and that mentality has persisted even as threat actors have gained the ability to cause significant damage to revenue and brand reputation, according to HUMAN. Bad bot traffic…

Read more →

In this Help Net Security video interview, cybersecurity entrepreneur, founder, innovator, and investor William Lin discusses his new book – The VC Field Guide. In this book, Lin demystifies the inner workings of venture capital. He offers a guide on…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Abnormal Security, Arista Networks, Armorblox, BigID, Binarly, Cofense, Cyera, Cynalytica, D3 Security, Eclypsium, GitGuardian, Guardz, Halo Security, Immuta, Malwarebytes, ManageEngine, Netskope, Obsidian Security, Searchlight Cyber,…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RSA Conference 2023 RSA Conference 2023 took place at the Moscone Center in San Francisco. Check out our microsite for related news, photos, product releases,…

Read more →

The UK Cyber Security Councilv has launched the first phase of its certification mapping tool. It has been created to map all available cyber security certifications onto the 16 specialisms identified by the Council, with the first phase now available.…

Read more →

Codenotary has unveiled SBOMcenter, providing a central, secure place for software producers and consumers to freely generate, store and share Software Bills of Materials (SBOMs). In May 2021, the US government issued an executive order requiring federal agencies to adopt…

Read more →

CSI has released its new robust IT Governance Services, which is available within its Advisory Services offering. Coupled with CSI’s Compliance & Risk Management Services, IT Governance Services combines domain expertise with leading compliance technology. The result is a holistic…

Read more →

The Commission adopted the first designation decisions under the Digital Services Act (DSA), designating 17 Very Large Online Platforms (VLOPs) and 2 Very Large Online Search Engines (VLOSEs) that reach at least 45 million monthly active users. These are: Very…

Read more →

Password resets could unnecessarily cost FTSE 100 businesses over $156 million every month, according to MyCena Security Solutions. This raises the question of the necessity of password resets, at a time when organisations must identify cost savings to survive the…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, Arista Networks, Cyera, Eclypsium, Halo Security, Immuta, ManageEngine, and Traceable AI. Abnormal Security expands its platform and launches new products Abnormal Security launched…

Read more →

Generative AI has captured the imagination of millions worldwide, largely driven by the recent success of ChatGPT, the text-generation chatbot. Our new research showed that globally, 67% of consumers have heard of generative AI technologies, and in some markets, like…

Read more →

5G connectivity has reached a tipping point globally as 5G networks are now active in 47 of the world’s 70 largest economies by GDP, according to Viavi. VIAVI revealed that there are 2,497 cities globally with commercial 5G networks, across…

Read more →

Over the last two years, respondents reported a continued reliance on the least secure forms of authentication, including traditional usernames and passwords and one-time passwords (OTPs), according to Yubico. Not all MFA is equal The results are surprising considering 59%…

Read more →

With the iShield Key Pro, Swissbit is expanding its range of hardware security keys with more than simply another FIDO stick. Thanks to the addition of further security standards and features, the new security key provides even more flexibility for…

Read more →

RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. The Early Stage Expo is an innovation space dedicated to promoting up-and-comers in the…

Read more →

RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part 1 of the photos is here, and Part 2 is here. Here are…

Read more →

At RSA Conference 2023, Thales launched CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP), an optional licensed feature to the CipherTrust Data Security Platform. CTE-RWP will elevate the protection of customer files and folders from ransomware attacks via access management controls and…

Read more →

Skyhigh Security announced the addition of several new capabilities to its Security Service Edge (SSE) portfolio at RSA Conference 2023. The features and functionality converged in the Skyhigh Cloud Platform reinforce Skyhigh Security’s mission to protect the world’s data with…

Read more →

Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers. The detected campaings “Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in…

Read more →

ThreatX announced the expansion of its platform offering with the release of a new Botnet Console and API catalog 2.0. These new dashboards, unveiled at RSA Conference 2023, will help security teams rapidly investigate automated threats and attempts to abuse…

Read more →

GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private vulnerability reporting feature provides a direct collaboration channel that allows researchers to more easily report vulnerabilities,…

Read more →

The use of artificial intelligence can result in the production of deepfakes that are becoming more realistic and challenging to differentiate from authentic content, according to Regula. Companies view fabricated biometric artifacts such as deepfake videos or voices as genuine…

Read more →

Are we moving too fast with AI? This is a central question both inside and outside the tech industry, given the recent tsunami of attention paid to ChatGPT and other generative AI tools. Nearly all tech companies are moving to…

Read more →

Security compliance often feels like the ever-present task that looms over every angle of your role as Chief Information Security Officer. Yet, regardless of the hours spent managing it, something can always slip through the cracks. In this eBook, we’re…

Read more →

As their hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production environments, CISOs find it increasingly difficult to keep their software secure, according to…

Read more →

Travelers should avoid public USB charging stations at airports, hotels, and other venues, as they may harbor malicious software. Designed for both data and power transmission, USB connections lack a solid barrier between the two. Over the years, as smartphones…

Read more →

Tessian launched Tessian Respond, a major improvement in how security teams identify and respond to email threats compared to traditional secure email gateway solutions. Security teams today face a backlog of end-user reported email threats, missed attacks by traditional controls,…

Read more →

Accenture and Palo Alto Networks are collaborating to deliver joint secure access service edge (SASE) solutions powered by Palo Alto NetworksAI-powered PrismaSASE, enabling organizations to improve their cyber resilience and accelerate business transformation efforts. The transition to remote work and…

Read more →

At RSA Conference 2023, Forcepoint extended the depth and breadth of its Data-first SASE (Secure Access Service Edge) offering with the launch of Forcepoint Data Security Everywhere. Forcepoint is simplifying enterprise DLP management across cloud, web and private apps and…

Read more →

Graylog announced at the RSA Conference 2023 Graylog 5.1 with new incident investigation and enhancements to its cybersecurity solution. Currently available in Beta, version 5.1 of Graylog Security and the Graylog Platform will be GA in May 2023. With the…

Read more →

A group of OT cybersecurity leaders and critical infrastructure defenders introduced their plans for ETHOS (Emerging THreat Open Sharing), an open-source, vendor-agnostic technology platform for sharing anonymous early warning threat information across industries with peers and governments. Founding ETHOS community…

Read more →

RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part 1 of the photos is available here. Here are a few photos from…

Read more →

Eclypsium released Supply Chain Security Platform, enabling an organization’s IT security and operations teams to continuously identify and monitor the bill of materials, integrity and vulnerability of components and system code in each device, providing insight into the overall supply…

Read more →

Cynet announced its presence at RSA Conference 2023 with new updates to its cybersecurity solution. The company is on track to release the latest version of its platform in Q2 2023, with all new domain filtering capabilities, enhanced Playbook Summary…

Read more →

An insecure default configuration issue (CVE-2023-27524) makes most internet-facing Apache Superset servers vulnerable to attackers, Horizon3.ai researchers have discovered. Administrators in charge of Apache Superset instances should check whether they are among that lot, upgrade them to a fixed version,…

Read more →

At RSA Conference 2023, Uptycs unveiled the ability to collect and analyze GitHub audit logs and user identity information from Okta and Azure AD to reveal suspicious behavior as the developer moves code in and out of repositories and into…

Read more →

RSA Conference 2023 is taking place in San Francisco this week, and this video provides a closer look at this year’s event. The post RSA Conference 2023 video walkthrough appeared first on Help Net Security. This article has been indexed…

Read more →

ExtraHop launched ExtraHop IDS, which integrates with the ExtraHop Reveal(x) platform to offer a new, simplified approach to intrusion detection for deeper coverage and full-spectrum investigation. As part of its release, ExtraHop also announced several product enhancements, including Automated Retrospective…

Read more →

At RSA Conference 2023, Code42 announced that it has added real-time blocking capabilities to the Incydr IRM solution. The enhancement allows security teams to prevent unacceptable data exfiltration without the management burden, inaccuracy, and endpoint impact of content-based policies. Insider…

Read more →

Traceable AI launched Zero Trust API Access to help organizations better protect sensitive data, stop API abuse, and align data security programs with broader innovation and business objectives. Traceable’s Zero Trust API Access actively reduces attack surface by minimizing or…

Read more →

At RSA Conference 2023, Sophos announced that its vendor-agnostic Managed Detection and Response (MDR) service has grown its customer base by 33% in the first six months since introducing the service’s ability to ingest and analyze telemetry from third-party security…

Read more →

VMware has fixed one critical (CVE-2023-20869) and three important flaws (CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) in its VMware Workstation and Fusion virtual user session software. The former allows users to run multiple x86-based operating systems on one PC, while the latter runs…

Read more →

ManageEngine, the enterprise IT management division of Zoho Corporation, launched the MSSP Edition of its cloud-based SIEM solution, Log360 Cloud. According to a recent ManageEngine study, organizations are currently facing a shortage of cybersecurity staff. With budgeting constraints and the…

Read more →

Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync (effectively: back up) their codes to their Google account. A long-awaited option Before this update, losing one’s mobile device…

Read more →

In this Help Net Security interview, Eve Maler, CTO at ForgeRock, talks about how digital identities continue to play a critical role in how we access online services securely. Maler also highlights the challenges encountered by various industries in implementing…

Read more →

The increase in reported ransomware victims across Q1 2023 reflects the continued prevalence of ransomware as a worldwide, industry agnostic threat, according to GuidePoint Security. The report is based on data obtained from publicly available resources, including threat groups themselves,…

Read more →

In just under a year’s time, organizations will have had to comply with several new requirements under version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS). About PCI DSS PCI DSS comprises 12 requirements to protect payment…

Read more →

A study conducted among CISOs worldwide from various industries sheds light on their strategies amid a challenging threat environment, identifies obstacles from business functions, and highlights their requirements for achieving success. “Our research shows CISOs are motivated by a mission…

Read more →

Web properties are increasingly relying on third-party JavaScript to increase functionality, but this can also bring inherent risks. A report from Source Defense, which scanned the 4,300 highest-trafficked websites globally, found an average of four third-party scripts per page. Often,…

Read more →

Immuta announced new vulnerability risk assessment and dynamic query classification capabilities for the Immuta Data Security Platform. These new features enable customers to promptly identify and prioritize security gaps, protecting sensitive data based on the context and sensitivity levels. When…

Read more →

Seclore has released new Digital Asset Classification and Risk Insights capabilities delivering security risk visibility and insights for the most sensitive digital assets within the enterprise, such as intellectual property, and customer and employee personally identifiable information. “In today’s digital…

Read more →

Akamai launched Prolexic Network Cloud Firewall, allowing customers to define and manage their own access control lists (ACLs) while enabling greater flexibility to secure their own network edge. Prolexic is Akamai’s cloud-based DDoS protection platform that stops attacks before they…

Read more →

While those working in InfoSec and GRC have high levels of confidence in their cyber/IT risk management systems, persistent problems may be making them less effective than perceived, according to RiskOptics. The top challenges when implementing an effective cyber/IT risk…

Read more →

Accenture and Google Cloud announced an expansion of their global partnership to help businesses better protect critical assets and strengthen security against persistent cyber threats. Together, they are providing the technology, trusted infrastructure, and security expertise organizations need to build…

Read more →

NetRise announced $8 million in funding, led by Squadra Ventures, with participation by existing major investors Miramar Digital Ventures, Sorenson Ventures and DNX Ventures. NetRise has developed a cloud-based SaaS platform that analyzes and continuously monitors the firmware of Extended…

Read more →

Deep Instinct announced a new partnership with eSentire to protect eSentire customers from unknown and zero-day attacks. As ransomware and data exfiltration become more prevalent and damaging to businesses, the need for proactive cybersecurity has never been greater. Gartner projects…

Read more →

At RSA Conference 2023, Cyera has introduced new operational capabilities in its AI-powered data security platform, to help security teams stop data exfiltration and remediate sensitive data exposures in real time. The company’s Unified Data Explorer provides a way for…

Read more →

Cisco unveiled at the RSA Conference 2023 the latest progress towards its vision of the Cisco Security Cloud, a unified, AI-driven, cross-domain security platform. Cisco’s new XDR solution and the release of advanced features for Duo MFA will help organizations…

Read more →

SecurityScorecard announced at RSA Conference 2023 the launch of a security ratings platform that integrates with OpenAI’s GPT-4 system. With this natural language processing capability, cybersecurity leaders can find immediate answers to high priority cyber risks. The solution was developed…

Read more →

At RSA Conference 2023, Palo Alto Networks Unit 42 unveiled the expansion of its Digital Forensics and Incident Response (DFIR) global service to help organizations understand evolving threats quickly and take swift action to remediate them. The Global Digital Forensics…

Read more →

Even though the adoption of SaaS apps started more than ten years ago, CISOs are still finding it challenging to tackle the accumulated security debt. Significant deficiencies The prevalence of phishing and account takeover attacks has raised significant concerns, as…

Read more →

At the RSA Conference 2023, Thales introduced a new secrets management solution as part of its CipherTrust Data Security platform which unifies the discovery, classification, protection, and control of sensitive data across cloud, on-premises and hybrid environments. Thales’s new secrets…

Read more →

At RSA Conference 2023, Abnormal Security launched three new products focused on expanding security detection for Slack, Microsoft Teams and Zoom. The company is also extending the platform to better model identity behavior through the ingestion of signals from additional…

Read more →

VMware has unveiled new capabilities that deliver lateral security across multi-cloud environments so customers can better see and stop more threats and innovations to its Workspace ONE platform that will better enable organizations to secure their hybrid workforce. VMware Contexa,…

Read more →

At RSA Conference 2023, Ridge Security announced Ridge Security RidgeShield, an automated, cloud workload protection and testing solution. As organizations increasingly move their workloads to the cloud, they face new and complex security challenges that traditional security solutions are not…

Read more →

Google has made available a new tool for Google Workspace admins and security teams to make an assessment of the risk different Chrome extensions may present to their users: Spin.AI App Risk Assessment. The tool is available through the Chrome…

Read more →

GrammaTech and ArmorCode announced a technology integration partnership to help customers automate product security across development, testing, feedback and deployment. The GrammaTech CodeSonar SAST (static application security testing) platform provides deep safety and security vulnerability intelligence to ArmorCode for orchestrating…

Read more →

AWS has unveiled three new capabilities for Amazon GuardDuty, AWS’s threat detection service, that further strengthen customer security through expanded coverage and continuous enhancements in machine learning, anomaly detection, and integrated threat intelligence. GuardDuty is part of a broad set…

Read more →

IBM unveiled at the RSA conference 2023, its new Security QRadar Suite designed to unify and accelerate the security analyst experience across the full incident lifecycle. The IBM Security QRadar Suite represents a major evolution and expansion of the QRadar…

Read more →

An unauthenticated RCE flaw (CVE-2023-27350) in widely-used PaperCut MF and NG print management software is being exploited by attackers to take over vulnerable application servers, and now there’s a public PoC exploit. About the vulnerability According to PaperCut, the attacks…

Read more →

Cyberattackers leveraged more than 500 unique tools and tactics in 2022, according to Sophos. The data, analyzed from more than 150 Sophos Incident Response (IR) cases, identified more than 500 unique tools and techniques, including 118 “Living off the Land”…

Read more →

MITRE is launching its MITRE Caldera for OT tool, which allows security teams to run automated adversary emulation exercises that are specifically targeted against operational technology (OT). At RSA Conference 2023, MITRE is also showcasing its Infrastructure Susceptibility Analysis (ISA)…

Read more →

Arista Networks announced at the RSA Conference 2023 a cloud-delivered, AI-driven network identity service for enterprise security and IT operations. Based on Arista’s flagship CloudVision platform, Arista Guardian for Network Identity (CV AGNI) expands Arista’s zero trust networking approach to…

Read more →

IBM unveiled at the RSA conference 2023, its new Security QRadar Suite designed to unify and accelerate the security analyst experience across the full incident lifecycle. The IBM Security QRadar Suite represents a major evolution and expansion of the QRadar…

Read more →

In this Help Net Security video interview, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, discusses the 12th annual Cybersecurity Insights Report, released at RSA Conference 2023. This comprehensive survey aims to provide insights into the current state of…

Read more →

As digital transformation revolutionizes the healthcare industry, its use of API (application programming interfaces) technology is skyrocketing. APIs, which help users and apps interact and exchange information, are essential tools for healthcare systems striving to achieve greater interoperability. The ability…

Read more →

Phishing scams are a growing threat, and cybercriminals’ methods are becoming increasingly sophisticated, making them harder to detect and block, according to Zscaler report. The report found that a majority of modern phishing attacks rely on stolen credentials and outlined…

Read more →

The lack of visibility into the software supply chain creates an unsustainable cycle of discovering vulnerabilities and weaknesses in software and IT systems, overwhelming organizations, according to Lineaje. Diversity and complexity of the open-source community Lineaje Data Labs analyzed 41,989…

Read more →

As user credentials continue to be a top vector for cyberattacks, organizations are under tremendous pressure to rethink the effectiveness of current authentication initiatives, according to SecureAuth. Additionally, cyber insurance carriers are requiring companies to demonstrate strong controls over authentication…

Read more →

Cybercriminals around the world are using generative artificial intelligence (AI) to execute malicious attacks that can take down companies and governments. SentinelOne plans to use the same technologies to defeat them. The company has unveiled a threat-hunting platform that integrates…

Read more →

The National Cybersecurity Alliance (NCA) launched their Historically Black Colleges and Universities Scholarship Program. Established in partnership with One In Tech, an ISACA Foundation, the initiative will provide support to individuals who are currently underrepresented in the industry by ensuring…

Read more →

At RSA Conference 2023, the key theme for Mend is automation. Their focus is on helping people put their application security programs on autopilot. They encourage and enable the automation of as much of AppSec as possible because the manual…

Read more →

At RSA Conference 2023, Akamai Technologies unveiled Brand Protector, a new solution that detects and disrupts phishing sites, fake stores, and brand impersonations. Brand Protector enables organizations to retain and grow customer loyalty while minimizing loss, drops in productivity and…

Read more →

Flashpoint has released Ignite, a new intelligence platform that accelerates cross-functional risk mitigation and prevention across CTI, vulnerability management, national security, and physical security teams. Ignite combines Flashpoint’s intelligence with an integrated user experience to help organizations streamline workflows, find…

Read more →

D3 Security will unveil its MSSP Client Portal this week at the 2023 RSA Conference. The MSSP Client Portal is a one-stop shop for managed security service providers (MSSPs) and their clients to manage interactions and share information. Taking inspiration…

Read more →

Pieces of the 3CX supply chain compromise puzzle are starting to fall into place, though we’re still far away from seeing the complete picture. In the meantime, we now also know that: The source of the 3CX breach was a…

Read more →

Global median dwell time drops to just over two weeks, reflecting the essential role partnerships and the exchange of information play in building a more resilient cybersecurity ecosystem, according to Mandiant. Modern cyber defense capabilities The report reveals the progress…

Read more →

At RSA Conference 2023, Trellix announced it has expanded its Threat Intelligence portfolio to increase threat expertise and actionable intelligence to help global customers stay ahead of cyber adversaries. The new offerings include Vulnerability Intelligence and Trellix Intelligence as a…

Read more →

VMware has fixed two vulnerabilities (CVE-2023-20864, CVE-2023-20865) in VMware Aria Operations for Logs (formerly vRealize Log Insight), a widely used cloud solution for log analysis and management. About the vulnerabilities (CVE-2023-20864, CVE-2023-20865) CVE-2023-20864, a deserialization vulnerability, could be exploited by…

Read more →

Product security has been driving major changes throughout the automotive, medical, and industrial sectors. However, just a few short years ago, it was a term few knew and even less considered its own discipline. Slava Bronfman, Co-Founder & CEO of…

Read more →

Resecurity is excited to announce its participation at RSA Conference 2023, the cybersecurity event that brings together industry leaders and professionals to share knowledge and insights on the latest trends, threats, and solutions. The event will take place from April…

Read more →

More than ever, organizations are relying on third parties to streamline operations, scale their business, expand and leverage expertise, and reduce costs. In the complex and fast-moving world of cybersecurity-meets-regulations, working with third parties requires diligent third-party risk management oversight…

Read more →

Although interest in passwordless technology, which aims to eliminate the need for passwords, is relatively low, 65% of consumers are receptive to using new technology that simplifies their lives, according to 1Password. Passkeys, the newest and most secure passwordless technology,…

Read more →

Critical exposures outside of an organization’s firewall are the greatest source of cybersecurity threats, according to CybelAngel. Across all industries, these vulnerabilities, composed of unprotected or compromised assets, data and credentials, have proven to be an increasing challenge for organizations…

Read more →

Due to the increasing importance of multi-cloud and the intricate nature of cloud infrastructure, obtaining a comprehensive understanding of the various cloud workloads operating within your system, and ensuring their security, can be challenging. In this Help Net Security video,…

Read more →