Category: Help Net Security

Harnessing the potential of automation in cybersecurity is key to maintaining a robust defense against ever-evolving threats. Still, this approach comes with its own unique challenges. In this Help Net Security interview, Oliver Rochford, Chief Futurist at Tenzir, discusses how…

Read more →

If you find the computer security guidelines you get at work confusing and not very useful, you’re not alone. A new study highlights a key problem with how these guidelines are created, and outlines simple steps that would improve them…

Read more →

Coalition’s recent Cyber Threat Index 2023 predicts the average Common Vulnerabilities and Exposures (CVEs) rate will rise by 13% over 2022 to more than 1,900 per month in 2023. As thousands of patches and updates are released each month, organizations…

Read more →

Digital threat actors are adopting evolving tactical behaviors, opting for different types of malicious attacks compared to previous years, according to SonicWall. Overall intrusion attempts were up, led by the highest year on record for global cryptojacking volume recorded by…

Read more →

Unix-like Artifacts Collector (UAC) is a live response collection script for incident response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD, and Solaris systems artifacts. It…

Read more →

The ongoing banking and economic turmoil has opened the floodgates to fraudsters. In this Help Net Security video, ex-British Intelligence officer Alex Beavan, Head of Ethics and Anti-Corruption at Convera, discusses how fraudsters target businesses and his experiences with companies…

Read more →

The Securities and Exchange Commission (SEC) today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules…

Read more →

SeeMetrics launched its new Security Performance Boards. Organized by security domains, the new Security Performance Boards are a collection of out-of-the box metrics that empower security leaders to measure the performance of their technologies, processes, and people in real time.…

Read more →

Endace announced a significant extension of its enterprise-class packet capture solutions with the launch of EndaceProbe Cloud. As organizations migrate sensitive data and critical systems to public cloud environments, it is essential that security and network teams have sufficient visibility…

Read more →

Malware attacks are becoming more sophisticated, and as business increasingly moves to the cloud, companies need to up their defenses to protect against them. SentinelOne announced its Cloud Data Security product line and the general availability of the first two…

Read more →

Clear Skye launched Clear Skye IGA 5.0, the company’s most significant product release to date. An identity security and governance solution built natively on the ServiceNow Platform, 5.0 enables businesses to simplify workflows, increase productivity, and improve the overall user…

Read more →

DataGrail announced a new Managed Services offering that offloads the burdens of day-to-day data privacy management so that companies can maintain their focus on strategy and impact. DataGrail Managed Services now handle customers’ DSR fulfillment and data mapping processes, streamlining…

Read more →

A privilege escalation vulnerability (CVE-2023-30799) could allow attackers to commandeer up to 900,000 MikroTik routers, says VulnCheck researcher Jacob Baines. While exploting it does require authentication, acquiring credentials to access the routers is not that difficult. “RouterOS [the underlying operating…

Read more →

Talon Cyber Security released the Talon Extension, a new enterprise browser security solution that provides customers with visibility and protection for activities conducted within the browser. The extension is easily installed on any web browser, making it an ideal solution…

Read more →

Darktrace announces Darktrace HEAL, its AI-enabled product to help businesses more effectively prepare for, rapidly remediate, and recover from cyber-attacks. HEAL provides security teams with abilities to simulate real attacks within their own environments, create bespoke incident response plans as…

Read more →

BreachRx launched Cyber RegScout, a product purpose-built to automate cybersecurity, privacy and data protection regulatory analysis. Built on BreachRx’s platform, Cyber RegScout empowers businesses to significantly reduce the time burden and compliance risk associated with today’s increasingly complex regulatory environment.…

Read more →

Dynatrace is expanding its Davis AI engine to create a hypermodal artificial intelligence (AI), converging fact-based, predictive- and causal-AI insights with new generative-AI capabilities. The expanded Davis AI will boost productivity across business, development, security, and operations teams by delivering…

Read more →

In this Help Net Security interview, Dr. Lindsey Polley de Lopez, Director of Cyber & Space Intelligence at MACH37, proposes strategies for companies, educational institutions, and governments on how to address the ongoing shortage of cybersecurity talent through the introduction…

Read more →

The role of CISO these days requires a strong moral compass: You have to be the one speaking up for the protection of customer data and be ready to handle uncomfortable situations such as pressure to downplay an actual breach.…

Read more →

A lack of executive understanding and an ever-widening talent gap that is placing an unsustainable burden on security teams to prevent business-ending breaches, according to Swimlane. The research investigated the perceptions of cybersecurity among on-the-ground security professionals and executives, the…

Read more →

Zero trust is here to stay, with 82% of experts currently working on implementing zero trust, and 16% planning to begin within 18 months, according to Beyond Identity. Over 90% of those working on zero trust cited that the 2022…

Read more →

Time is of the essence when it comes to recovery after Exchange Server failure or database corruption, as organizations depend on emails for their day-to-day business communication. The more the delay in restoring services and recovering data, the higher the…

Read more →

ZEDEDA introduced ZEDEDA Edge Application Services, making it easier for customers to instantly gain granular control across all of their edge applications, including their modern AI-based applications. The number of edge devices, along with the data they produce, is growing…

Read more →

NETSCOUT announced its next-generation Omnis Cyber Intelligence (OCI) solution. OCI is an advanced network detection and response (NDR) solution that uses highly scalable deep packet inspection (DPI) and multiple threat detection methods at the source of packet capture to detect…

Read more →

Panorays announced two capabilities – Supply Chain Discovery and Risk Insights and Response Portal. These new additions empower organizations to gain comprehensive visibility into their digital supply chains and effectively manage potential cybersecurity risks posed by third, fourth, and Nth…

Read more →

Lookout announced new Windows and macOS endpoint agents for its Zero Trust Network Access (ZTNA) solution, Lookout Secure Private Access, that facilitate the full replacement of overextended virtual private networks (VPNs) with cloud-delivered security. Businesses can now fully realize the…

Read more →

Dig Security announced enhancements to the Dig Data Security Platform, including new capabilities to secure Large Language Model (LLM) architectures. Dig’s DSPM solution now enables customers to train and deploy LLMs while upholding data security, privacy, and compliance, maintaining visibility…

Read more →

A zero-day vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile (EPMM) has been exploited to carry out an attack that affected 12 Norwegian ministries, the Norwegian National Security Authority (NSM) has confirmed on Tuesday. What is known about the attacks? On…

Read more →

OpenText released its latest OpenText Cloud Editions (CE) 23.3, harnessing advanced technologies and innovations that seamlessly integrate AI and analytics capabilities across the portfolio. Building upon the success of Project Titanium, CE 23.3 marks the commencement of the Titanium X…

Read more →

Thales has reached an agreement with Thoma Bravo for the acquisition of 100% of Imperva for an enterprise value of $3.6 billion. With this acquisition, Thales is taking its cybersecurity business to the next level. Imperva will enable growth in…

Read more →

Apple has patched an exploited zero-day kernel vulnerability (CVE-2023-38606) in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported In early July, Apple fixed an actively exploited zero-day vulnerability (CVE-2023-37450) in WebKit. The vulnerability has been patched via…

Read more →

While technology advancements and distributed workforces have created efficiencies and flexibility for companies, they’ve also created overcomplexity, which can increase security risk. 53% of senior IT decision-makers say their IT environment is more complex than it was two years ago.…

Read more →

In software development, the importance of secure coding practices cannot be overstated. Fostering a security culture within development teams has become crucial to ensure the integrity and protection of digital systems. To delve deeper into this topic, we had the…

Read more →

In the Q2 2023, GuidePoint Research and Intelligence Team (GRIT) tracked 1,177 total publicly posted ransomware victims claimed by 41 different threat groups. The most impacted industries GRIT’s report shows a 38% increase in public ransomware victims compared to Q1…

Read more →

Despite mass adoption of generative AI, most companies don’t have a coordinated strategy for deploying it or know how to assess its security—exposing them to risks and disadvantages if they don’t change their approach, according to Grammarly. Businesses are rushing…

Read more →

The number of known Cl0p victims resulting from its Memorial Day attack on vulnerable internet-facing MOVEit Transfer installations has surpassed 420, according to IT market research company KonBriefing Research. The cyber extortion group has lately switched to setting up company-specific…

Read more →

OneTrust announced a $150 million funding round. This capital will bolster OneTrust’s continued growth to meet customer demand for trust intelligence software. The round was led by new investor Generation Investment Management with participation from existing investor Sands Capital, bringing…

Read more →

D2iQ announced DKP AI Navigator, empowering enterprise organizations to overcome one of the biggest challenges they face in adopting cloud-native technology–the skills gap. Through a user-friendly interface, DKP AI Navigator enables organizations to harness more than a decade of the…

Read more →

Seven US artificial intelligence (AI) giants – Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI – have publicly committed to “help move toward safe, secure, and transparent development of AI technology.” The commitments “Companies that are developing these emerging technologies…

Read more →

IBM released its annual Cost of a Data Breach Report, showing the global average cost of a data breach reached $4.45 million in 2023 – an all-time high for the report and a 15% increase over the last 3 years.…

Read more →

In this Help Net Security interview, Debbie Gordon, CEO of Cloud Range explains the concept of a cyber range, its crucial role in preparing for real-world cyber threats, and the importance of realism in cyber training scenarios. Gordon also discusses…

Read more →

Fraudsters are opportunistic criminals and 2022 and the first few months of this year brought opportunities like never before, according to Experian. This volatility perpetuated an unpredictable atmosphere for both businesses and consumers alike. The report found that consumers and…

Read more →

Digital identity refers to the unique and electronically stored representation of an individual or entity’s personal information, characteristics, and attributes. It encompasses various digital identifiers, such as usernames, email addresses, biometric data, or government-issued IDs, that allow users to authenticate…

Read more →

In this Help Net Security video, Marc Gaffan, CEO at IONIX, discusses how businesses’ biggest cybersecurity mistake is not protecting the full external attack surface that continues to expand to include a businesses’ entire digital supply chain. This is driven…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519) The exploitation of the Citrix NetScaler ADC zero-day vulnerability (CVE-2023-3519) was first…

Read more →

Deloitte has expanded their MXDR cybersecurity solution to help support some of the unique challenges for enterprise, cloud, and operational technology (OT) security operations center (SOC) delivery, by developing two new modules for identity security and mission-critical OT. “As the…

Read more →

IGEL has announced the appointment of Klaus Oestermann as CEO. A proven leader in growing global software businesses, Oestermann succeeds Jed Ayres who will continue on as IGEL Company Advisor. Oestermann, who brings a track record for scaling global software…

Read more →

AppViewX has joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners who provide software solutions that run or integrate with AWS. The program will help AppViewX drive new business and accelerate…

Read more →

North Korean state-sponsored hackers have been linked to two recent cyberattack campaigns: one involving a spear-phishing attack on JumpCloud and the other targeting tech employees on GitHub through a social engineering campaign. The JumpCloud intrusion On June 27, JumpCloud –…

Read more →

G-71 launched an extensive integration of its LeaksID solution with all major mail servers. This integration aims to ensure the utmost security of sensitive email attachments and heralds a new era in safeguarding valuable corporate information. In addition to serving…

Read more →

The exploitation of the Citrix NetScaler ADC zero-day vulnerability (CVE-2023-3519) was first spotted by a critical infrastructure organization, who reported it to the Cybersecurity and Infrastructure Security Agency (CISA). “In June 2023, threat actors exploited this vulnerability as a zero-day…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Code42, ComplyAdvantage, Diligent, Privacera, and Tenable. Tenable unveils agentless container scanning to prevent vulnerable containers from reaching runtime Tenable Cloud Security agentless container scanning enables…

Read more →

As we entered 2023, the cybersecurity landscape witnessed an increase in sophisticated, high-volume attacks, according to Gcore. The maximum attack power rose from 600 to 800 Gbps. UDP flood attacks were most common and amounted to 52% of total attacks,…

Read more →

Life sciences companies, including medical device manufacturers, biotech and pharmaceutical companies, are experiencing increasing rates of insider-driven data loss events, according to Code42. Faced with this growing threat, life sciences leaders are prioritizing modern data loss prevention strategies, which are…

Read more →

In this Help Net Security video, Chris Westphal, Head of Product Marketing at Ordr, discusses how healthcare organizations should measure their device security success and where they should be concentrating their future security investments. The post How healthcare organizations should…

Read more →

U.S. enterprises are responding to growing cybersecurity threats by working to make the best use of tools and services to ensure business resilience, according to ISG. Enterprises face growing cybersecurity threats The report for the U.S. finds that the U.S.…

Read more →

LTIMindtree partners with CYFIRMA to enhance the threat intelligence capabilities of its XDR platform and help global enterprises identify, evaluate, and manage potential risks and threats. LTIMindtree’s parent organization, Larsen & Toubro, through its L&T Innovation Fund, recently invested in…

Read more →

Island announced that the Island Enterprise Browser is now available in the AWS Marketplace. AWS Marketplace is a digital catalog that customers can use to find, buy, deploy and manage third-party software that runs on Amazon Web Services (AWS), the…

Read more →

OTAVA has expanded its Managed Security offerings with SIEM and SOC services to strengthen enterprises’ security posture by protecting operations against cyberthreats and attacks. OTAVA’s SIEM and SOC are complementary, purpose-built, security solutions that automate alerting, customize visualization with analysis,…

Read more →

Osano launched the multi-level Osano Privacy Program Maturity Model alongside its new Data Mapping product to help organizations understand where personal information is being stored, mitigate risks and grow mature privacy programs. Developing a privacy program is complex, and maintaining…

Read more →

FileCloud released FileCloud 23.1, bringing forward significant optimizations for collaboration, ease-of-use, and integration capabilities. With this latest version, FileCloud continues to redefine the way organizations securely access, manage, and share their files in the cloud. “File sharing and collaboration solutions…

Read more →

Do you know where your patients’ data lives once it’s in the cloud? Unfortunately, for many healthcare organizations, the answer is no – or, at least, it’s not a definitive yes. Knowing how (or where) data is used, shared or…

Read more →

In this Help Net Security video, Greg Woolf, CEO at FiVerity, discusses how the emergence of sophisticated fraud tools powered by AI and recent upheavals in the banking sector have forged an ideal environment for financial fraud. This complex scenario…

Read more →

As modern software trends toward distributed architectures, microservices, and extensive use of third-party and open source components, dependency management only gets harder, according to Endor Labs. Application development risks A new research report explores emerging trends that software organizations need…

Read more →

The number of successful ransomware attacks and data breach attempts fell by 30% over the last year, the number of reported security incident types at organizations increased, according to the 2023 Cybersecurity Perspectives Survey by Scale. Security incident types In…

Read more →

Today’s security operations (SecOps) teams are tasked with protecting progressively sophisticated, fast-paced cyberattacks, according to Vectra AI. Yet, the complexity of people, processes, and technology at their disposal is making cyber defense increasingly unsustainable. The ever-expanding attack surface combined with…

Read more →

Feedzai introduced Railgun, its next-generation AI engine designed to target and intercept financial fraud before it can occur. In order to scale, today’s risk engines force financial institutions to limit the data they use to make risk decisions – typically…

Read more →

Diligent launched Board Reporting for IT Risk to provide CISOs and IT risk professionals with a holistic view of their organization’s risk posture. “As cyber evolves so does the risk landscape, and it becomes a matter of not whether you’re…

Read more →

Designed to enable developers and businesses to create counter-fraud safeguards that protect against the evolving threat of online fraud and cyberattacks, Vonage Protection Suite is a comprehensive portfolio of counter-fraud products and solutions that brings a unique level of customer…

Read more →

Trend Micro announced Trend Vision One – Endpoint Security, the latest offering in its next-generation cybersecurity platform, which unifies prevention, detection, and response for user endpoints, servers, cloud workloads, and data centers. This solution aims to support customers throughout their…

Read more →

ExtraHop launched ExtraHop IDS for Government to help agencies accelerate zero trust ahead of the 2024 deadline. As agencies look to implement a zero trust architecture ahead of the 2024 deadline, they are racing to enhance visibility into their IT…

Read more →

Bitwarden has announced a new single sign-on (SSO) offering that brings convenience and security to enterprise users, regardless of identity provider. Coming later in 2023, SSO with trusted devices presents another milestone offering for enterprises seeking secure and convenient passwordless…

Read more →

LimaCharlie is unveiling the Security Operations (SecOps) Cloud Platform, a vendor-neutral architecture built for security teams to develop the most effective infrastructure for their organization. The LimaCharlie SecOps Cloud Platform provides comprehensive enterprise protection by bringing together critical cybersecurity capabilities,…

Read more →

Perle Systems launched Native OCI Container Support, based on the popular Docker platform, in Perle IRG Routers. Introducing this new feature in Firmware version 7.2.G1 will empower customers to optimize edge computing processing capabilities by deploying lightweight applications tailored to…

Read more →

Tenable announced new Tenable Cloud Security features that deliver automated operating system (OS) vulnerability detection across container images, registries and pipelines. Building on existing exposure management capabilities, Tenable Cloud Security enables security teams to prevent OS vulnerabilities and other risks…

Read more →

Lenovo announced its next wave of data management innovation with new ThinkSystem DG Enterprise Storage Arrays and ThinkSystem DM3010H Enterprise Storage Arrays, designed to make it easier for organizations to enable AI workloads and unlock value from their data. Also…

Read more →

Veeam Software announced it is integrating Veeam Backup for Microsoft 365 with newly launched Microsoft 365 Backup via their backup APIs to bring customers and partners new capabilities for backup, recovery, ransomware protection and business continuity. Veeam plans to utilize…

Read more →

Code42 has added custom Insider Risk Indicators (IRIs) to its Incydr data protection solution. This addition enables security teams to customize their Insider Risk alerts based on needs specific to their business and industry, thus focusing analysts’ attention on the…

Read more →

Citrix has patched three vulnerabilities (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467) in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), one of which is a zero-day being exploited by attackers. A zero-day patched (CVE-2023-3519) CVE-2023-3519 is a remote code execution…

Read more →

CompTIA released the CompTIA DataSys+ program, a comprehensive set of resources for learning and skills validation for IT professionals in search of database management skills. The CompTIA DataSys+ program covers all aspects of database administration, including deployment, management, and maintenance…

Read more →

The Biden-Harris Administration has announced a cybersecurity certification and labeling program to help Americans more easily choose smart devices that are safer and less vulnerable to cyberattacks. The new “U.S. Cyber Trust Mark” program proposed by FCC Chairwoman Jessica Rosenworcel…

Read more →

Small and medium-sized businesses (SMBs) are targeted by cyberattackers as much as large companies, the 2023 Verizon Data Breach Investigations Report (DBIR) has revealed; here are some cybersecurity controls they should prioritize. Company size does not matter to cyber attackers…

Read more →

Cohesity announced Cisco and HPE will each be offering Cohesity Cloud Services (CCS) to bring efficient data security and management to companies operating in today’s modern hybrid and multicloud environments. Cohesity has benefited from strategic partnerships with Cisco and HPE…

Read more →

Data breaches have been hitting the headlines left and right. Every time a breach occurs, the impacted organization’s response differs from the last. In this Help Net Security video, Rodman Ramezanian, Global Cloud Threat Lead at Skyhigh Security, discusses what…

Read more →

In this Help Net Security interview, Arthur Hu, SVP, Global CIO and Services & Solutions Group CTO at Lenovo, discusses how AI/ML is optimizing tech stacks, the hurdles anticipated in its integration, the role of AI in enterprise resilience and…

Read more →

In January, law enforcement officials disrupted the operations of the Hive cybercriminal group, which profited off a ransomware-as-a-service (RaaS) business model. Hive is widely believed to be affiliated with the Conti ransomware group, joining a list of other groups associated…

Read more →

Bureau is announcing an additional $4.5m from GMO VenturePartners, GMO Payment Gateway, and existing investors to complete its series A funding round at $16.5m. With the completion of the latest round, total funding for the startup has reached $20.5m to…

Read more →

Improve your cloud security with these 9 proven strategies. Uptycs, alongside renowned expert Lee Atchison, share their list of comprehensive tactics to mitigate risks facing modern development teams. To address these emerging risks, Uptycs has created an eBook, Laptop to…

Read more →

Supply chain executives significantly overestimate stakeholder trust in their supply chain capabilities and intentions, according to Deloitte. Of more than 1,000 executives from large global organizations surveyed, 89% on average who self-identified as leading suppliers said customers trust their supply…

Read more →

Privacera announced Governed Data Stewardship solution and significant ease of use improvements. This innovative offering transforms how IT organizations distribute data ownership and stewardship into lines of business to speed up self-service data sharing and access governance. By eliminating a…

Read more →

Rapid7 released Executive Risk View, a solution that normalizes risk scoring across cloud and on-premises environments so that security leaders can effectively assess and collaborate with teams across an organization to speed up cyber risk reduction. Now generally available within…

Read more →

Hammerspace has raised $56.7 million in funding in its first round of institutional investment. The funding round, led by Prosperity7 Ventures, also includes Pier 88 Ventures, ARK Invest, and others. Data has been widely considered to be among the world’s…

Read more →

Splunk announced Splunk Edge Hub, a new solution that simplifies the ingestion and analysis of data generated by sensors, IoT devices and industrial equipment. Splunk Edge Hub provides more complete visibility across IT and OT environments by streaming previously hard…

Read more →

Spectro Cloud announces new Palette VerteX Edition and new Spectro Cloud Government practice to meet the growing need for powerful management and security for Kubernetes (K8s) in the public sector. Kubernetes adoption is growing across the public sector, from federal…

Read more →

Attackers are exploiting two Adobe ColdFusion vulnerabilities (CVE-2023-29298, CVE-2023-38203) to breach servers and install web shells to enable persistent access and allow remote control of the system, according to Rapid7 researchers. Flaws with incomplete fixes On July 11, 2023, Adobe…

Read more →

Kyndryl and Veritas Technologies unveiled two new services — Data Protection Risk Assessment with Veritas and Incident Recovery with Veritas. As a key milestone in Kyndryl and Veritas’ strategic alliance, these services help enterprises protect and recover their critical data…

Read more →

VirusTotal has suffered a data leak that exposed the names and email addresses of 5,600 of its registered users. The leaked data reportedly includes information about employees of US and German intelligence agencies (among others). VirusTotal data leak exposed exploitable…

Read more →

Egress launched adaptive security for its Intelligent Email Security platform, providing dynamic and automated protection against advanced inbound and outbound threats, transforming the way in which organizations manage human risk on email. Egress CEO Tony Pepper comments: “Almost every organization…

Read more →

Aiming to protect the digital ecosystem in the UAE and the Mena region, Seed Group, has announced a strategic partnership with Resecurity. With this strategic partnership, Seed Group and Resecurity are set to reshape the cybersecurity landscape in the Middle…

Read more →

CheckRed Security announced that the company’s Board of Directors has appointed Pat Clawson as its first CEO. Clawson brings more than 20 years of leadership experience in driving cybersecurity innovation. As CEO, Clawson will lead CheckRed’s global initiatives to secure…

Read more →