Category: Help Net Security

Cynalytica has launced its Industrial Control System (ICS/SCADA) monitoring sensor, OTNetGuard, that passively and securely captures analog, serial, and IP communications closing the capabilities gap in complete monitoring of OT networks. With the increasing frequency and sophistication of cyberattacks targeting…

Read more →

Rezonate’s ITDR offering detects and responds to active identity threats using both common and sophisticated techniques missed by traditional IAM solutions and endpoint controls. The continuous changes in identities and access privileges across multiple tools and teams at every stage…

Read more →

Armis has formed a strategic partnership and integration with TrueFort to empower customers by enriching the discovery, understanding, and enforcement of security policies for IT, Internet of Things (IoT), and operational technology (OT) environments. “Customers have shared with us just…

Read more →

Syncro has launched a new agreement with Proofpoint to enable Syncro’s MSP partners to offer their customers access to Proofpoint’s email security and security awareness training solutions. “This reseller agreement not only allows our MSPs to give their customers superior…

Read more →

The Cloud Security Alliance (CSA) has announced that registration has opened for the CSA Summit 2023: Mission Critical (San Francisco, April 24) held in conjunction with the RSA Conference. Tima Soni, Chief and Head of the Valencia office of the…

Read more →

Concentric AI has launched its new channel partner program which is aimed at enabling partners’ growth and success delivering the leading solution in the rapidly expanding AI-powered data risk management market to improve customers’ security posture. With Concentric AI’s partner…

Read more →

Raytheon Technologies’ BBN division and SpiderOak have formed a strategic partnership to develop and field a new generation of zero-trust security systems for satellite communications in proliferated low-Earth orbit, or pLEO. SpiderOak’s OrbitSecure solution will be combined with Raytheon BBN’s…

Read more →

The Connectivity Standards Alliance released Zigbee PRO 2023 of the Zigbee protocol stack. The revision brings several enhancements and new features to the technology, allowing mesh networks to have a universal language that enables smart objects to work together. What’s…

Read more →

Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API encryption keys, passwords, and certificates. The vulnerability was an SQL injection vulnerability that potentially could lead to…

Read more →

The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. What happened? The breach did not happen due to a vulnerability. Instead, an unknown attacker used the account of a…

Read more →

3CX has released an interim report about Mandiant’s findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting cryptocurrency companies. They discovered that: The attackers infected targeted 3CX systems with TAXHAUL (aka…

Read more →

GitGuardian launched its new Honeytoken module, providing intrusion detection, code leakage detection and helping companies secure their software supply chains against attackers targeting Source Control Management (SCM) systems, Continuous Integration Continuous Deployment (CI/CD) pipelines, and software artifact registries. “Honeytoken is…

Read more →

The CISO role is currently fraught with novel challenges and escalating workloads. This includes increased paperwork and time spent on risk assessments, which have surged from two to thirty hours per assessment. Furthermore, privacy regulations are expanding, and CISOs are…

Read more →

Cybersecurity threats to organizations are only increasing, not only in number but in scope, according to Team Cymru. The true cost of cyber breaches Proactive threat hunting helps organizations save money by preventing security breaches and reducing the impact of…

Read more →

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to Red Access.…

Read more →

The Qualys Threat Research Unit (TRU) has been hard at work detecting vulnerabilities worldwide, and its latest report is set to shake up the industry. In this Help Net Security interview, Travis Smith, VP of the Qualys TRU, talks about…

Read more →

Netskope unveiled its brand new Endpoint SD-WAN to provide secure, optimized access to endpoint devices from anywhere. Netskope Endpoint SD-WAN will leverage the industry’s first software-based unified SASE client, converging SD-WAN and Security Service Edge (SSE) capabilities so organizations can…

Read more →

AutoRABIT has enhanced their data and metadata security offerings by refining existing products, adding new features, and emphasizing the importance of a full-featured approach to Salesforce DevSecOps. Security continues to be an increasingly difficult consideration. The advent of tools being…

Read more →

11:11 Systems has revealed general availability of 11:11 Managed SteelDome in partnership with SteelDome Cyber. The fully managed service is designed for organizations in need of secure, scalable and cost-efficient storage of their unstructured, on-premises data. Leveraging SteelDome’s InfiniVault application…

Read more →

Xerox has unveiled new and upgraded solutions to improve productivity and security for hybrid workers. These include technologies designed for any organization to advance user experience, make the office a highly productive workplace choice, and enhance security wherever work happens.…

Read more →

In his role as Trelix’s CMO, Ash Parikh will lead global marketing teams to drive brand awareness, demand generation, and go-to-market strategies of the XDR market leader. “Trellix’s XDR platform is helping our customers bolster their cybersecurity programs,” said Bryan…

Read more →

Flashpoint has expanded its partnership with Google Cloud to deploy next-generation intelligence solutions, including generative AI, within the Flashpoint product suite. This initiative will revolutionize how organizations detect security threats and reduce risk, in support of better, faster, and more…

Read more →

It’s April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day (CVE-2023-28252). About CVE-2023-28252 CVE-2023-28252 is a vulnerability in the Windows Common Log File System (CLFS) that allows attackers to gain SYSTEM…

Read more →

Sextortion victims are already in a vulnerable position, and shady companies are taking advantage of this vulnerability to offer “sextortion assistance” services for huge sums – services that they may be unable to render or that won’t help the victims…

Read more →

BigID launched ML-powered solution for finding duplicate and similar data content. The innovative technology uses AI to locate both similar and duplicate data on any data set, enabling organizations to identify duplicate data as well as redundant, obsolete, or trivial…

Read more →

Syxsense has released new updates to the Syxsense product suite designed to extend automated workflow capabilities, improve usability, and enhance overall platform security. Key to this release is the introduction of Cortex Sequences, which uses the power of automation to…

Read more →

ThreatX has unveiled ThreatX Runtime API & Application Protection (RAAP). This patent-pending capability goes beyond basic observability to extend threat detection, tracking and blocking to customers’ runtime environments, without slowing developers or requiring expertise in cloud-native applications. As organizations transition…

Read more →

Apple has pushed out security updates that fix two actively exploited zero-day vulnerabilities (CVE-2023-28205, CVE-2023-28206) in macOS, iOS and iPadOS. Reported by researchers Clément Lecigne of Google’s Threat Analysis Group (TAG) and Donncha Ó Cearbhaill, the head of Amnesty International’s…

Read more →

While applications like Slack and Teams have transformed how we collaborate and communicate, cybersecurity training has not kept pace with these advancements. Most security training is still being delivered through web-based learning management systems, according to CybSafe. Often, important security…

Read more →

Nicole Darden Ford is Global VP & CISO at Rockwell Automation. As the company’s cybersecurity leader, Nicole is entrusted to protect enterprise IT assets with scalable, future-ready platforms that enable the business. In addition to building cybersecurity programs for organizations…

Read more →

Adversaries don’t need to use sophisticated methods to gain access to enterprise systems or to deploy ransomware – they can just buy or steal credentials and log in. By burdening users with the near-impossible task of maintaining “secure passwords,” businesses…

Read more →

As criminal groups increase in size, they adopt corporate-like behavior, but this shift brings about its own set of challenges and costs, according to Trend Micro. “The criminal underground is rapidly professionalizing – with groups beginning to mimic legitimate businesses…

Read more →

Data Subject Requests (DSRs), which are formal requests made by individuals to access, modify, or delete their personal data held by a company, increased by 72% from 2021 to 2022. The increase was primarily driven by deletion and access requests,…

Read more →

MSPs are focusing on automation and integration between their core tools to improve efficiency, service delivery and cost management, according to Kaseya. Automation, cybersecurity and integration About 90% of respondents hailed automation as a crucial technology for their business because…

Read more →

People reveal more personal information when you ask them the same questions a second time – according to new research from the University of East Anglia. A new study reveals how simple repetition can make people over-disclose, and potentially put…

Read more →

Global 5G wireless connections increased by 76% from the end of 2021 to the end of 2022, reaching up to 1.05 billion, and it will touch a mark of 5.9 billion by the end of 2027, according to Omdia and…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Passbolt: Open-source password manager for security-conscious organizations In this Help Net Security interview, Kevin Muller, CEO at Passbolt, delves into the critical concerns linked to…

Read more →

Cryptocurrency thieves are targeting users of Chromium-based browsers – Google Chrome, Microsoft Edge, Brave Browser, and Opera – with an extension that steals credentials and can grab multi-factor authentication (MFA) codes. The malicious extension Dubbed Rilide by Trustwave researchers, the…

Read more →

Phishers are targeting YouTube content creators by leveraging the service’s Share Video by Email feature, which delivers the phishing email from an official YouTube email address (no-reply@youtube.com). How the YouTube phishing email scam works? The email informs the targets of…

Read more →

93% of organizations find the execution of some essential security operation tasks, such as threat hunting, challenging, according to Sophos. IT professionals face challenging security operation tasks These challenges also include understanding how an attack happened, with 75% of respondents…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Guardz, Malwarebytes, Obsidian Security, and Stamus Networks. Malwarebytes unveils WorldBytes to help users reveal the hidden cyber threats around them Powered by Malwarebytes and AI…

Read more →

The answer to the question “Why does software continue to have so many vulnerabilities?” is complex, because the software itself is so complex. There’ve been many articles written that cover the lack of tools to test for vulnerabilities, the security…

Read more →

40% of senior cybersecurity decision makers effectively prioritize risks to Payment Card Industry Data Security Standard (PCI DSS) 4.0 compliance, according to Titania. The study highlights that oil and gas, telecommunications, and banking and financial services organizations are prime targets…

Read more →

Organizations follow a reactive approach to cybersecurity which is stifling their progress in demonstrating value and aligning with business outcomes, according to WithSecure. 83% of respondents surveyed in the study were interested in, planning to adopt, or expanding their adoption…

Read more →

Workspot has launched Workspot Global Desktop, a capability that creates a way for enterprises to deliver end-user computing with the ultimate availability. Through a multi-cloud (private and public) and multi-region approach, the company provides enterprises with a Cloud PC that…

Read more →

The new McAfee+ product suite, launched in Italy, allows users access to identity restoration and lost wallet assistance, as well as the ability to secure all their devices with award-winning protection against threats and viruses. As part of the new…

Read more →

AuthenticID has revealed the launch of its identity document liveness detector. This feature enhancement validates the actual, physical presence of identity documents when used as part of the identity verification process. AuthenticID’s identity document liveness detector utilizes advanced AI and…

Read more →

LastPass has expanded availability of its Security Dashboard and associated dark web monitoring and alerting, making it the only password manager providing proactive credential monitoring for all customers, including those using the product for free. The Security Dashboard is the…

Read more →

In a tightening economic market, addressing enterprise performance can help organizations better weather challenges by reducing costs, creating efficiencies, and coming in on schedule while improving overall quality. ISACA’s Capability Maturity Model Integration, or CMMI, has been doing just that…

Read more →

An unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check Point researchers have found. The solution in question is Palo Alto Networks’ Cortex…

Read more →

Google Play will be pushing Android app developers to allow users to delete their account and associated data from within the app. Users will also be given the option to only delete data where applicable, as some data needs to…

Read more →

Resecurity has recently identified the STYX Innovation Marketplace, a new cybercriminal e-commerce platform with a specialized focus on financial fraud and money laundering. STYX launched at the beginning of 2023. This platform is specifically designed to facilitate financial crime, providing…

Read more →

To help customers stay ahead of the emerging cybersecurity threats, fulfill regulatory and compliance requirements, and implement intelligent automation to accelerate internal processes and reduce operational costs, ImmuniWeb has unveiled many updates. ImmuniWeb AI platform: New CI/CD and DevSecOps integrations…

Read more →

Organizations globally are under tremendous pressure to address evolving threats like ransomware, zero-day vulnerabilities, and espionage, and they face challenges in extending security coverage across multiple environments and dealing with an ongoing skills shortage, according to Bitdefender. “The results of…

Read more →

Researchers at the University of Surrey have developed software that can assess the amount of data that an artificial intelligence (AI) system has acquired from a digital database of an organization, in response to the increasing global interest in generative…

Read more →

Despite the decline in network-detected malware in Q4 2022, endpoint ransomware spiked by 627%, while malware associated with phishing campaigns persisted as a threat, according to WatchGuard. Malware going undetected Despite seeing an overall decline in malware, further analysis from…

Read more →

The impact of identity fraud varies for organizations in the financial services industry, based on whether they belong to the banking or FinTech sector, according to Regula. Specifically, every fourth bank reported experiencing over 100 identity fraud incidents in the…

Read more →

Synopsys has launched the Fast Application Security Testing (fAST) offerings that represent the latest capabilities and features of the Polaris Software Integrity Platform. Synopsys fAST Static and Synopsys fAST SCA enable DevOps teams to quickly find and fix vulnerabilities in…

Read more →

Industrial Defender has unveiled the launch of Phoenix, an OT security solution tailored to the needs of SMBs. Phoenix is revolutionizing how smaller industrial organizations approach OT security by providing visibility into all their OT assets and their associated cyber…

Read more →

Stamus Networks released its latest software release, Update 39 (U39). The new release represents a significant enhancement to the company’s flagship Stamus Security Platform (SSP), arming enterprise cybersecurity defenders with improved visibility while reducing the time it takes to respond…

Read more →

1Kosmos has unveiled the integration of 1Kosmos BlockID with ForgeRock Access Manager which enables customers to modernize the onboarding experience for users and implement identity-based passwordless authentication on all ForgeRock protected applications with the click of a mouse. ForgeRock customers…

Read more →

Fortinet has expanded the Fortinet Security Fabric with new and enhanced products and capabilities to enable advanced threat prevention and coordinated response for a self-defending ecosystem across networks, endpoints, and clouds. The majority of organizations are pursuing a consolidation strategy…

Read more →

Attackers are exploiting the good reputation and “openness” of the popular public JavaScript software registry NPM to deliver malware and scams, but are also simultaneously and inadvertently launching DoS attacks against the service. Malicious package on NPM pointing to a…

Read more →

In Malwarebytes’ most recent report on the current state of malware, the company has identified several high-profile cyber threats that organizations should be on the lookout for in 2023. The 5 most important cyber threats LockBit, an affiliate-based ransomware variant,…

Read more →

During this Help Net Security interview, Nicole Hofmann, CEO at Sentryc, delves into the critical issue of counterfeiting and the detrimental impact it has on industries and brands. Hofmann sheds light on the modus operandi of counterfeiters, who operate with…

Read more →

Many sectors view AI and machine learning with mixed emotions, but for the cybersecurity industry, they present a double-edged sword. On the one hand, AI provides powerful tools for cybersecurity professionals, such as automated security processing and threat detection. On…

Read more →

Akamai introduced an updated managed security service program and premium service offerings. The new capabilities are intended to help customers protect their businesses 24×7 from the most sophisticated attacks with proactive monitoring and rapid response in the event of a…

Read more →

F5 has unveiled new security capabilities to give customers comprehensive protection and control in managing apps and APIs across on-premises, cloud, and edge locations. Specifically, new machine learning enhancements provide F5’s cloud security portfolio with advanced API endpoint discovery, anomaly…

Read more →

Managing insider risk is becoming increasingly difficult. In fact, insider risk is emerging as one of the most challenging threats to detect, mitigate and manage, according to Code42. Although more than 72% of companies indicate they have an Insider Risk…

Read more →

Insecure authentication is a primary cause of cyber breaches, and that cumbersome login methods take an unacceptable toll on employees and business productivity, according to HYPR. Respondents indicate that a passwordless approach would increase productivity (45%), improve user experience (86%),…

Read more →

IBM has unveiled new single frame and rack mount configurations of IBM z16 and IBM LinuxONE 4, expanding their capabilities to a broader range of data center environments. Based on IBM’s Telum processor, the new options are designed with sustainability…

Read more →

Trace3’s acquisition of Set Solutions is a continuation of the company’s strategic expansion plan. The investment allows the combined companies to deepen cybersecurity capabilities to drive success for commercial and enterprise clients. Set Solutions has a longstanding history of alleviating…

Read more →

Push Security has raised $15M in Series A funding. GV (Google Ventures) led the funding with participation from Decibel and notable angels, including Dug Song, former CEO at Duo Security, and Tray.io CEO Rich Waldron. GV General Partner Karim Faris…

Read more →

McAfee has announced a five-year partnership with Acer, to provide Acer customers with a single solution to protect their personal info, privacy, and devices. Beginning April 2023, McAfee LiveSafe will be pre-installed on consumer Acer laptops and desktops. With this…

Read more →

When Adobe released security updates for its ColdFusion application development platform last month, it noted that one of the vulnerabilities (CVE-2023-26360) had been exploited in the wild “in very limited attacks.” Were your servers among those hit? And what should…

Read more →

The Department of Justice (DoJ) declared the confiscation of digital currency valued at approximately $112 million connected to fraudulent cryptocurrency investments. Laundering money from cryptocurrency confidence scams According to court documents, the virtual currency accounts were allegedly used to launder…

Read more →

Obsidian Security released its latest suite of SaaS security solutions. This suite of solutions comprising Obsidian Compliance Posture Management, Obsidian Integration Risk Management, and Obsidian Extend will together enable security and GRC teams to increase their SaaS security and compliance…

Read more →

The rapid pace of cloud transformation and democratization of data has created a new innovation attack surface, leading to 3 in 4 organizations experiencing a cloud data breach in 2022, according to Laminar. 68% of data security professionals have identified…

Read more →

Using structured, machine-readable data in defensive systems can present a significant challenge. In this Help Net Security interview, Giorgos Georgopoulos, CEO at Elemendar, discusses these challenges and how Elemendar’s application can help cyber analysts and CISOs. Giorgos highlights the company’s…

Read more →

Breaking down the silos between disaster recovery (DR) and cybersecurity has become increasingly important to ensure maximum business resiliency against outages, data breaches, and ransomware attacks. Yet, many organizations still operate these functions separately, leading to slower response times, budgeting…

Read more →

Two vulnerabilities affecting various QNAP operating systems (CVE-2022-27597 and CVE-2022-27598) have been uncovered by Sternum. These vulnerabilities enable authenticated remote users to access secret values, requiring owners to take immediate action by updating their operating system(s). Finding CVE-2022-27597 and CVE-2022-27598…

Read more →

Guardz has launched its dedicated cybersecurity platform for MSPs and IT professionals that empowers MSPs to protect their clients with automated remediation plans, to improve their reporting for existing clients and better obtain new ones, and to cut operational and…

Read more →

For SMBs (and startups in particular), breaches can be devastating, according to DigitalOcean. To strengthen their cybersecurity posture, companies must spend valuable resources on maintaining or updating systems, hiring and training staff, and implementing security software — resources and options…

Read more →

Riskified has announced that Jeff Otto has joined the company as Chief Marketing Officer, effective immediately. Otto will be responsible for a global integrated marketing strategy that will amplify Riskified’s brand, strengthen its category leadership and accelerate demand for Riskified’s…

Read more →

Five days have passed since the supply chain attack targeting 3CX customers gained wider public attention, but the software’s manufacturer is yet to confirm how the Windows and macOS desktop apps (based on the Electron software framework) have been compromised…

Read more →

For a fourth consecutive quarter, LogRhythm releases new cybersecurity capabilities that makes it easier for security teams to reduce noise, prioritize work and quickly secure their environments. Analysts gain a simplified experience to focus on detecting, investigating, and responding to…

Read more →

We’ve been developing machine learning-based cybersecurity systems for many years and began developing automation for analysis in our labs in 2005. These early automation projects have since evolved into full-blown machine-learning frameworks. Since then, we’ve been waiting for our enemies…

Read more →

US-based data storage company Western Digital has announced that it has suffered a network security incident that resulted in an unauthorized third party gaining access to a number of the company’s systems and some company data. These are the most…

Read more →

Malwarebytes launched WorldBytes, a next-generation mobile security application that takes the malware scanning technologies that customers know and love and applies them to the first frontier of human evolution: real life interactions. Powered by Malwarebytes and AI technology, WorldBytes empowers…

Read more →

Recent travel meltdowns at Southwest Airlines and the FAA have exposed our dependence on fragile, outdated, or unreliable computer systems. Institutional failures have made updating airline technology even more challenging, with some legacy systems dating back to the 1970s. Airlines…

Read more →

Liran Haimovitch, CTO and co-founder of Rookout, with his extensive background in cybersecurity within the Israeli government, has a unique perspective on the importance of security and its impact on businesses. In this Help Net Security interview, we’ll explore how…

Read more →

In this Help Net Security video, Kevin Muller, CEO at Passbolt, delves into the critical concerns linked to password usage, outlines how the Passbolt password manager guarantees the utmost level of security for businesses, highlights its features in the competitive…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Appdome, Atakama, BreachLock, Elevate Security, Fastly, Forescout, ForgeRock, GrammaTech, HackNotice, Hornetsecurity, HYPR, Kensington, LOKKER, ManageEngine, Nile, Palo Alto Networks, Persona, ReversingLabs, Tausight, Vectra, Veeam…

Read more →

Locating and identifying sensitive data, including defense-in-depth strategies where a series of mechanisms are layered to protect valuable information, should be a critical component of any cloud data security strategy, say experts at Aparavi. Data security refers to protecting digital…

Read more →

Although KEV catalog vulnerabilities are frequent targets of APT Groups, a large and exploitable attack surface remains due to software vendors’ lack of awareness and action, according to Rezilion. The Known Exploited Vulnerabilities (KEV) catalog, maintained by the Cybersecurity and…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Visa fraud expert outlines the many faces of payment ecosystem fraud In this Help Net Security interview, Michael Jabbara, the VP and Global Head of…

Read more →

CloudBees has unveiled the integration of CloudBees’ continuous delivery and release orchestration solution, CloudBees CD/RO, with Argo Rollouts. The integration will enhance customers’ ability to deliver software faster, with higher quality, and at scale in cloud-native environments. This latest integration…

Read more →

Zenoss has launched a free trial for monitoring Kubernetes, the de facto standard platform for running containers in production at scale, including in on-prem and cloud environments. This real-time monitoring of Kubernetes streaming data is another advancement of the Zenoss…

Read more →

Socura has launched its Managed SASE (Secure Access Service Edge) service in partnership with Palo Alto Networks‘ Prisma. Market industry researchers expect SASE to be a $60bn industry by 2027 fuelled by the rise of flexible working, which was enshrined…

Read more →

In this Help Net Security interview, Michal Cizek, CEO at GoodAccess, discusses the crucial balance between leveraging distributed resources and maintaining top-notch security measures. With the growing remote work trend, Cizek highlights the importance of implementing a zero-trust security model,…

Read more →