Category: Help Net Security

Aggregated honeypot data, over a six-month period, showed that more than 50% of the attacks focused on defense evasion, according to Aqua Security. Threat actors avoid detection These attacks included masquerading techniques, such as files executed from /tmp, and obfuscated…

Read more →

IT leaders are losing sleep over improving overall IT performance (60%), data security (50%), process risk and compliance (46%), and the need to improve agility (41%), according to Rocket Software. To overcome these challenges, IT organizations are turning to hybrid…

Read more →

Threat actors are well-aware of the vulnerability of our cloud infrastructure. The internet we have today is not equipped to serve the data needs of the future. When data is stored in the cloud, it can end up across several…

Read more →

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches…

Read more →

In this Help Net Security video, Charl van der Walt, Head of Security Research at Orange Cyberdefense, discusses cyber extortion attacks and their expansion to new regions. A recent report revealed that cyber extortion activity reached the highest volume ever…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Bitdefender, Cequence Security, ConnectSecure, Cymulate, Cytracom, Datadog, Delinea, Edgescan, Enveedo, ESET, Index Engines, Island, iStorage, Lacework, NetApp, Netscout, Netskope, NinjaOne, Okta, Permit.io, PingSafe, Quantinuum,…

Read more →

As more businesses experience resource and cost constraints, 86% of MSPs and MSSPs customers are outsourcing their security needs to consolidate security tools, according to OpenText. “Staffing issues that have plagued the security industry for years are getting worse due…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unlocking internet’s secrets via monitoring, data collection, and analysis In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring,…

Read more →

CobolCloud and Kubo Labs sign a partnership agreement to secure legacy applications in Kubernetes environments. “CobolCloud is the very latest generation of COBOL tools allowing on the one hand, the recompilation of existing applications without modifying the source code, and…

Read more →

Attain Insight released Attain Insight Security 4X version 4.0, an upgrade to its flagship security software. This latest release introduces new features and enhancements designed to fortify data protection, streamline compliance processes, and bolster user management across diverse enterprise environments.…

Read more →

Total Assure announced its spinout from IBSS. Total Assure partners with its customers to identify security gaps, develop attainable cybersecurity objectives, and deliver comprehensive cybersecurity solutions that protect their businesses from modern cybersecurity threats. On account of the cybersecurity talent…

Read more →

Nokod Security announced its $8 million seed round, which will be used to establish a presence in the United States market, as well as to expand the R&D teams and support novel research of security vulnerabilities in the low-code/no-code domain.…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Cequence Security, Delinea, Index Engines, and NetApp. Delinea Privilege Manager enhancements reduce phishing effectiveness Based on Delinea’s deep expertise and customer feedback, the new Workstation…

Read more →

IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months when more employees are often traveling or working remotely, according to ThreatX. With more endpoints and applications in use, and often personal rather…

Read more →

In the dynamic business landscape where third-party relationships assume a critical role, organizations confront various risks that can profoundly affect their security and compliance requirements, according to Panorays. Even amidst tough economic times, the crucial nature of these risks necessitates…

Read more →

In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring, collecting, and analyzing internet data to gain a profound understanding of the internet. This insight plays a vital role in protecting and empowering customers.…

Read more →

Perception Point reveals its latest detection innovation, developed to counter the emergent wave of AI-generated email threats. The AI-powered technology leverages Large Language Models (LLMs) and Deep Learning architecture to effectively detect and prevent BEC attacks, a cyber threat which…

Read more →

WISeKey has unveiled a major upgrade to its digital identity and privacy platform, WISeID.com, designed to provide users with enhanced protection against identity theft and increase privacy in today’s hyper-connected digital world. The new generation of WISeID builds upon WISeKey’s…

Read more →

Keepit launched new backup and recovery service for Microsoft Azure DevOps. “Azure DevOps has limited disaster recovery coverage. If a company loses its Azure DevOps data, it loses access to development operations, which means it loses the ability to track,…

Read more →

Immuta launched its latest platform enhancements to deliver simplified data security and monitoring in Snowflake so that joint customers can unlock more value, reduce costs, and speed up innovation. These new features include strengthened data mesh support, enhanced security for…

Read more →

Skyhigh Security announced it’s enabling organizations to adopt artificial intelligence applications in a secure manner that protects sensitive, confidential, and business critical information through its Security Service Edge (SSE) portfolio. Skyhigh Security’s technology protects data and stops threats in the…

Read more →

Daon announces the addition of AI.X technology to expand the capabilities of its IdentityX and TrustX platforms. Designed for emerging identity threats from generative AI technology, AI.X includes pioneering technology that protects against deepfakes across voice, face, and document verification.…

Read more →

An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found – and…

Read more →

Twilio and Frame AI announced a partnership to leverage AI to enhance customer engagement delivered within Twilio Flex. With the help of Frame AI’s platform, Twilio Flex (the cloud-based digital engagement solution for personalized interactions across contact centers, sales, and…

Read more →

In this Help Net Security video, Mitja Kolsek, CEO at Acros Security, discusses micropatches, a solution to a huge security problem. With micropatches, there are no reboots or downtime when patching and no fear that an official update will break…

Read more →

Many popular generative AI projects are an increased security threat and open-source projects that utilize insecure generative AI and LLMs also have poor security posture, resulting in an environment with substantial risk for organizations, according to Rezilion. Advancements in LLMs…

Read more →

In 2022, the total number of DDoS attacks worldwide increased by 115.1% over the amount observed in 2021, according to Nexusguard. The data also showed that cyber attackers continued to alter their threat vectors by targeting the application platforms, online…

Read more →

Attack surface expansion is a byproduct of doing business today, especially for enterprises that rely on the cloud. As businesses adapt and scale, the assets and platforms they use inevitably grow and change. This can result in attack surface exposures,…

Read more →

Fewer than one in ten CIOs can claim that they have avoided a network outage, according to Opengear. This finding is among new research by Opengear of both CIOs and network engineers globally. The scale and frequency of network outages…

Read more →

NetApp announced new capabilities in NetApp BlueXP, offering cohesive data protection through a single point of control. In today’s technology landscape, data has never been more valuable or more vulnerable. Data powers operations, fuels innovation, and creates exceptional customer experiences.…

Read more →

Red Access announced a true agentless secure browsing platform suited for hybrid work environments. The Red Access agentless browsing security platform is browser-agnostic, giving company workforces the ability to use any web browser they want and benefit from enterprise-grade secure…

Read more →

Astrix Security has secured $25 million in Series A funding led by CRV with participation from existing investors Bessemer Venture Partners and F2 Venture Capital. This new investment brings Astrix’s total funding to almost $40 million. Fueled by the increased…

Read more →

Cybellum unveiled a new brand identity and new platform capabilities reinforcing its commitment to the product security community. The new brand channels the company’s focus on the multiple teams involved in today’s product security operations. Now more than ever, product…

Read more →

Betacom introduced Betacom AirGap Protection, a network architecture aimed at enhancing cybersecurity for its flagship offering, Betacom 5G as a Service (5GaaS). The new cyber defense enhancements provide multi-layered security to reduce the risk, complexity and cost of adding industrial…

Read more →

Bitdefender has agreed to acquire Horangi Cyber Security to address the growing demand for advanced, streamlined management of cybersecurity, compliance, and governance of multi-cloud environments. As organizations continue to accelerate cloud adoption, they struggle to manage the thousands of configuration…

Read more →

Lockbit 3.0 is currently the most active ransomware group, NCC Group says in its most recent Threat Pulse report, but new ransomware groups like 8Base and Akira are rising in prominence. Collectively, the various ransomware groups revealed 436 victim organizations…

Read more →

Cynerio has unveiled the further integration of generative AI into its existing offerings. “It is clear that the healthcare industry will continue to face increasing cyber attacks,” said Leon Lerman, CEO of Cynerio. “With 89% of hospitals experiencing cyber attacks…

Read more →

Bishop Fox has expanded its social engineering testing services, which are an integral part of the company’s Red Team portfolio. In contrast to narrow and rudimentary security awareness solutions, Bishop Fox’s services emulate complex, multistage and multilayer adversarial attack behavior,…

Read more →

Fortanix has released Fortanix Confidential Data Search, a solution that supports highly scalable searches in encrypted databases with sensitive data, without compromising data security or privacy regulations. Current solutions that enable secure searches of encrypted data are predominantly based on…

Read more →

Socure acquired Berbix, a San Francisco-based startup that developed a high-accuracy document verification solution with a patent-pending forensics engine able to detect spoofed IDs – including AI-generated fakes – that are visually indistinguishable to the human eye. The approximately $70…

Read more →

Thales announced a new partnership with Google Cloud to develop new data security capabilities powered by generative AI that will improve companies’ ability to discover, classify and protect their most sensitive data. The partnership is part of Thales’ generative AI…

Read more →

AWS announced AWS AppFabric, a no-code service that enhances companies’ existing investment in software as a service (SaaS) applications with improved security, management, and productivity. With just a few clicks in the AWS Management Console, information technology (IT) and security…

Read more →

In today’s data-driven world, organizations that can harness the power of big data and derive actionable insights are positioned to succeed. However, the sheer number of big data companies vying for attention has made it crucial for entrepreneurs to differentiate…

Read more →

Our healthcare systems are at risk of infiltration by threat actors, potentially disrupting services, compromising sensitive data, and even jeopardizing patient outcomes. Among the people addressing these challenges is Dennis Fridrich, VP of Cybersecurity at TRIMEDX, who not only understands…

Read more →

The current economic conditions are leading companies of all sizes to reassess their operations and business strategies to remain competitive and profitable, according to Kaseya. Business growth key driver for it budgets Budgets and resources may be shrinking, but workloads…

Read more →

Cequence Security announced new updates to the Unified API Protection (UAP) platform that strengthen customers’ ability to discover, manage risk and protect APIs. With the latest capabilities, organizations can rapidly deploy API Security Testing with built-in generative AI automation, protect…

Read more →

Delinea announced the latest release of Privilege Manager, its solution for providing privilege elevation controls for users and applications on workstations. The latest enhancements significantly improve ease of use for customers by preconfiguring five of the most common privilege elevation…

Read more →

Index Engines announced CyberSense 8.3, which features several user experience updates highlighted by additional metrics after a ransomware attack is detected, a new setup wizard and system configuration interface. CyberSense scans backup data and snapshots to validate their integrity and…

Read more →

BeeKeeperAI has closed $12.1 million in Series A financing. The round was led by Sante Ventures, with participation from the Icahn School of Medicine at Mount Sinai, AIX Ventures, Continuum Health Ventures, TA Group Holdings, and UCSF. The new funding…

Read more →

CalypsoAI has raised $23 million in a Series A-1 financing. Paladin Capital Group led the round, with participation from existing investors including Lockheed Martin Ventures, new investors Hakluyt Capital and Expeditions Fund, and strategic angels, including Auren Hoffman and Anne…

Read more →

LexisNexis Risk Solutions has launched an end-to-end customer lifecycle management platform to help businesses effortlessly integrate multiple information sources to make better risk decisions and provide smoother customer journeys. LexisNexis RiskNarrative leverages automation and decisioning technology to provide a sophisticated,…

Read more →

BigID announced an expanded partnership with Databricks to provide data security, privacy, and governance solutions to customers. This joint effort aims to automate data discovery and classification, alleviate the workload of data professionals, and streamline governance processes. BigID’s integration with…

Read more →

Worldwide, 6558 arrests follow the dismantling of EncroChat, a tool favored by organized crime groups (OCGs). 197 of those arrested were high-value targets. This result is detailed in the first review of EncroChat, presented today by the French and Dutch…

Read more →

In this Help Net Security video, Fawaz Rasheed, Field CISO at VMware, discusses how cyber insurance remains the high tide that rises ships. For organizations choosing to purchase cyber insurance, the requirements set forth towards them are beneficial in advancing…

Read more →

Learn how NetSPI’s always-on solution allows companies to improve visibility, inventory, and understanding of known and unknown assets and exposures on their global attack surface and distill signal from noise. After all, the discovery of assets and vulnerabilities is table…

Read more →

European organizations experienced a greater volume and frequency of BEC attacks over the last year, as compared to organizations in the United States, according to Abnormal Security. BEC attacks volume and frequency The data is based on an analysis of…

Read more →

Although numerous respondents acknowledged employing risky practices and behaviors within their cloud environments, they strongly believe in the effectiveness of their security tools and processes to safeguard their organizations against meticulously planned attacks, according to Permiso. That high confidence level…

Read more →

Snowflake announced an expanded partnership with Microsoft, enabling new product integrations across AI, low code/no code application development, data governance, and more. The two companies will also implement new programs to enhance joint go-to-market strategies and improve field collaboration, bringing…

Read more →

Immuta has announced key enhancements to its Data Security Platform for Databricks that enable data teams to leverage Immuta’s full platform capabilities, unlocking value from data, reducing costs, and speeding up innovation while maintaining strong data security posture. These updates…

Read more →

While mobile users are increasingly falling victims of cybercriminals, organizations are raising their spending in mobile endpoint detection and response solutions (Mobile EDR). To tackle these new cybersecurity threats, they are turning to their Managed Security Service Providers (MSSPs) to…

Read more →

49% of organizations around the world had to deal with fake or modified physical identity documents in 2022, as Regula’s survey revealed. With this fraud always on the rise, Regula is reinforcing its solution for document verification with extra features,…

Read more →

New Relic has launched New Relic APM 360, that goes beyond incident troubleshooting insights for select experts to daily performance, security & development insights for all engineers. APM 360 correlates all essential telemetry data across the application stack and development…

Read more →

Databricks has entered into a definitive agreement to acquire MosaicML, a generative AI platform. Together, Databricks and MosaicML will make generative AI accessible for every organization, enabling them to build, own and secure generative AI models with their own data.…

Read more →

The compromise of PBI Research and The Berwyn Group’s MOVEit installation has resulted in the theft of data belonging to several pension systems and insurance companies – and millions of their users. PBI + Berwyn Group – a population management…

Read more →

In this Help Net Security interview, Brett Harris, Cybersecurity Officer for the Americas at Siemens Healthineers, discusses the long-term impacts of cyberattacks on healthcare institutions and what healthcare providers can do to protect patients’ personal data and medical devices. Can…

Read more →

Attackers typically find exposed “secrets” – pieces of sensitive information that allow access to an enterprise cloud environment — in as little as two minutes and, in many cases, begin exploiting them almost instantly, highlighting the urgent need for comprehensive…

Read more →

Cryptography In this course, you’ll learn how to protect information to ensure its integrity, confidentiality, authenticity, and non-repudiation. You will develop a basic understanding of cryptographic concepts and how to apply them, implement secure protocols, key management concepts, critical administration…

Read more →

Moving critical data and workloads to the cloud has significantly changed information security teams. But most don’t have the resources to be successful in their cloud attack modeling—not to mention the deployment of measurable controls to defend against these evolving…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unraveling the multifaceted threats facing telecom companies In this Help Net Security interview, Georgia Bafoutsou, Cybersecurity Officer at the European Union Agency for Cybersecurity (ENISA),…

Read more →

Wallarm announced its API Abuse Prevention feature to address one of the most critical API threats: bot-based attacks. Wallarm can now accurately identify and mitigate API bot activity, protecting systems against API abuse, account takeover (ATO), and price scraping. This…

Read more →

Proof-of-concept (PoC) exploit code for the high-severity vulnerability (CVE-2023-20178) in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows has been published. About the vulnerability Cisco Secure Client Software – previously known as Cisco…

Read more →

Privacera announced the private preview of Privacera AI Governance (PAIG). From the continuous scanning and classification of training data to the securing and auditing of AI models, model outputs, and user requests, PAIG empowers organizations to efficiently manage the entire…

Read more →

Tanium released major enhancements to the Tanium Software Bill of Materials (SBOM) that now include Common Vulnerability and Exposures (CVE) information. Software supply chain attacks continue to spike due in part to the increasing reliance of organizations on numerous third-party…

Read more →

Celerium released its latest cybersecurity solution, Compromise Defender. As an integral part of Celerium’s Cyber Defense Network , this innovative solution combines rapid implementation and automation to provide early detection and defense of compromise activity. Research by IBM found that…

Read more →

Security researchers have uncovered a bug that could allow attackers to deliver malware directly into employees’ Microsoft Teams inbox. “Organisations that use Microsoft Teams inherit Microsoft’s default configuration which allows users from outside of their organisation to reach out to…

Read more →

McAfee announced McAfee Business Protection, a new comprehensive security solution for small business owners in collaboration with Dell Technologies. McAfee Business Protection helps Dell small business customers stay ahead of cyber threats and vulnerabilities with security, identity and dark web…

Read more →

Aviatrix announced the appointment of Doug Merritt as CEO and President. He will also join the Aviatrix Board of Directors as Chairman. Merritt will succeed Steve Mullaney, who for the past four years has built Aviatrix into an industry-defining enterprise…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Cymulate, Edgescan, ESET, iStorage, and Netskope. iStorage launches datAshur PRO+C with Type-C USB interface iStorage’s new datAshur PRO+C is a user-friendly USB 3.2 (Gen 1)…

Read more →

Some organizations have bought into the idea that workloads in the cloud are inherently more secure than those on premises. This idea is reinforced by the concept that the cloud service provider (CSP) assumes responsibility for security. However, while a…

Read more →

Only 3.54% of of insurance companies have correctly implemented basic phishing and spoofing protection, according to EasyDMARC. DMARC standard adoption Insurers operate using highly sensitive, private information that they’ve been trusted by clients and customers to protect. They function in…

Read more →

As data transformation progresses, cyber attacks are among the most significant growing threats to the enterprise. As seen in the recent MOVEit situation, enterprises must immediately enact cybersecurity solutions that are right for them. Every enterprise is unique, so a…

Read more →

Exabeam has unveiled that Adam Geller has been appointed as CEO. Michael DeCesare is stepping down as CEO and President, but will continue to serve as a Board advisor. Geller is a well-respected Silicon Valley leader who has built a…

Read more →

The industry’s first-ever directory of virtual CISO (vCISO) service providers has gone live. This list of vCISO providers means that SMBs can tap the expertise of qualified cybersecurity professionals to protect their digital assets and ensure compliance. To help organizations…

Read more →

Apple has released patches for three zero-day vulnerabilities (CVE-2023-32434, CVE-2023-32435, CVE-2023-32439) exploited in the wild. The first two have been reported by Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko and Boris Larin following their discovery of the iOS spyware implant they…

Read more →

Infosecurity Europe is taking place at ExCeL London from 20-22 June 2023 and Help Net Security is on site. The first gallery is available here, and the second gallery is here. Here’s a closer look at the conference featuring: Swimlane,…

Read more →

ChatGPT can be used to generate phishing sites, but could it also be used to reliably detect them? Security researchers have tried to answer that question. Can ChatGPT detect phishing sites based on URLs? Kaspersky researchers tested 5,265 (2322 phishing…

Read more →

Technologies like Kubernetes and K3S are synonymous with the success of cloud native computing and the power of open source. It is no accident they have steamrolled the competition. As enterprises look to secure cloud-native environments, open source is the…

Read more →

In today’s interconnected world, telecom companies serve as gateways, connecting individuals, businesses, and governments. However, this role also makes them prime targets for cyberattacks. From DDoS attacks to sophisticated spyware infiltration, telecom providers face a wide range of threats that…

Read more →

Not only are macroeconomic headwinds causing more significant stress for security and DevOps teams, but the increasing number of threats against shrinking teams is causing an uneven playing field. In this Help Net Security video, Ev Kontsevoy, CEO at Teleport,…

Read more →

Security teams are stretched, with not enough people, skills or budget to cope with all their priorities, according to Panaseer. Average cybersecurity budgets increase in 2023 The survey of over 400 cybersecurity decision makers and practitioners across the US and…

Read more →

Exabeam has announced the general availability of Outcomes Navigator, an advanced visualization feature within the New-Scale SIEM product portfolio. Outcomes Navigator helps cybersecurity leaders overcome one of their most significant challenges –– having a clear understanding and way to visualize…

Read more →

Cloudflare has partnered with Databricks to enable organizations to safely, simply, and affordably share and collaborate on live data. With Cloudflare and Databricks, joint customers can eliminate the complexity and dynamic costs that stand in the way of the full…

Read more →

Habu has joined the Amazon Web Services (AWS) Partner Network (APN) and has launched a new solution to integrate its Data Clean Room offering with AWS Clean Rooms, and enable customers and their partners to analyze their collective data sets…

Read more →

Island announced an enterprise-grade set of Data Loss Prevention (DLP) capabilities for all popular interactive AI-type applications including ChatGPT, Bard and others, within its Enterprise Browser. These features are available in multiple deployment modes to accommodate various interaction types; integrated…

Read more →

The importance of software bills of materials (SBOMs) has grown substantially in recent years as organizations recognize the need for greater transparency in the software supply chain. This focus on SBOMs is a response to increasing cybersecurity threats and legislative…

Read more →

Compromised credentials were found within the logs of info-stealing malware traded on illicit dark web marketplaces over the past year, according to Group-IB. The number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May 2023.…

Read more →

Infosecurity Europe 2023 is taking place at ExCeL London from 20-22 June 2023 and Help Net Security is on site. The first gallery is available here. Here’s a closer look at the conference featuring: Island, ThreatAware, Adaptiva, Infoblox, Noetic Cyber,…

Read more →

Infosecurity Europe 2023 is taking place in London this week, and this video provides a closer look at this year’s event. The post Infosecurity Europe 2023 video walkthrough appeared first on Help Net Security. This article has been indexed from…

Read more →

CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being exploited in the wild. There are no workarounds to mitigate the risk of exploitation – enterprise admins are advised to…

Read more →

IT teams have made security efforts and progress in zero-trust implementation strategies to establish a new sense of normalcy following the network upheaval caused by the start of the global pandemic. They have also addressed the need to secure remote…

Read more →