Category: Help Net Security

Censys has unveiled that NOS chose Censys to monitor its attack surface. Censys’ technology provides NOS with complete visibility into its external-facing infrastructure, simplifies its monitoring process and eliminates irrelevant alerts. As an internet provider for both the B2B and…

Read more →

IRONSCALES announced the Beta launch of Themis Co-pilot for Microsoft Outlook, a GPT-powered chat assistant for self-service threat reporting. Powering Themis Co-pilot is PhishLLM, a language model (LLM) hosted within the IRONSCALES infrastructure, which is the first in the IRONSCALES…

Read more →

eSentire launched eSentire AI Investigator, using generative AI powered cybersecurity to augment eSentire XDR Platform users of all levels with expertise to build their organization’s cyber resilience. eSentire’s platform has captured over 1 million expert-led cybersecurity investigations and response actions,…

Read more →

CYE announced a new capability in its Hyver platform that calculates dynamic risk in real-time. Hyver sets a new standard for the industry that will allow CISOs to take mitigation plans to the next level by optimizing real-time data to…

Read more →

Next DLP announced a new ‘Scoped Investigations’ capability in the Reveal platform that protects privacy by time bounding and restricting access to employee activity to only investigators with an approved and legitimate need to access it. A complementary pseudonymization feature…

Read more →

ExaGrid released software Version 6.3, which started shipping in June 2023. With each software update in Version 6, ExaGrid has been adding additional layers of security to its Tiered Backup Storage, which already guards against external threats by utilizing a…

Read more →

Infosecurity Europe is taking place at ExCeL London from 20-22 June 2023 and Help Net Security is on site. Here’s a closer look at the conference featuring: Island, Crowdstrike, Panorays, ManageEngine, Mazebolt, Cobalt, Intruder, TikTok, and CensorNet. The post Photos:…

Read more →

Orange Business, Orange Cyberdefense and Palo Alto Networks have joined forces to deliver a managed Secure Access Service Edge (SASE) solution that meets enterprise customers’ most demanding networking and security requirements with high performance, simplicity, and Zero Trust Network Access…

Read more →

Cymulate released a new solution for organizations to run an informed continuous threat exposure management (CTEM) program. The CTEM program, which was coined by Gartner is designed to diagnose the severity of exposures, create an action plan for remediation and…

Read more →

Edgescan released its new External Attack Surface Management solution, offering visibility and continuous monitoring to help secure organizations of all sizes. Today’s enterprises require a cloud-savvy security solution that effectively inventories, monitors, manages and protects their corporate assets across their…

Read more →

Black Kite released automated cyber risk quantification (CRQ) modeling for ransomware and business interruption scenarios. The new capabilities, which automates FAIR methodology, extends Black Kite’s data breach CRQ model to now provide visibility into all third-party risk scenarios, adds environmental,…

Read more →

Poorly managed Linux SSH servers are getting compromised by unknown attackers and instructed to engage in DDoS attacks while simultaneously mining cryptocurrency in the background. The Tsunami DDoS bot Tsunami, also known as Kaiten, is a type of DDoS bot…

Read more →

Malwarebytes launched the Malwarebytes Reseller Partner Program. The revamped program is dedicated to helping partners create profitable and consistent business growth through innovative endpoint security solutions and leading channel incentives such as lucrative base and multi-year discounts. “Today’s evolving threat…

Read more →

Netskope has released a comprehensive data protection solution to help enterprises securely manage employee use of ChatGPT and other generative AI applications, such as Google Bard and Jasper. As part of its Intelligent Security Service Edge (SSE) platform, Netskope enables…

Read more →

Silobreaker announced that it will be showcasing its enhanced geopolitical threat intelligence capabilities with RANE (Risk Assistance Network + Exchange) at Infosecurity Europe 2023. The tie-up will see Silobreaker integrate global risk intelligence company RANE’s Enterprise Geopolitical Intelligence into its…

Read more →

Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices. About CVE-2023-27992 CVE-2023-27992 is an OS command injection flaw that could be triggered remotely by an unauthenticated attacker, via a…

Read more →

Recon is the initial stage in the penetration testing process. It’s a vital phase allowing the tester to understand their target and strategize their moves. Here are ten open-source recon tools that deserve to be in your arsenal. Altdns Altdns…

Read more →

In this Help Net Security interview, Patricia Thaine, CEO at Private AI, reviews the main privacy concerns when using ChatGPT in a business context, as well as the risks that businesses can face if they betray customers’ trust. Thaine also…

Read more →

Verizon’s recently released 2023 Data Breach Investigation Report (DBIR) provides organizations with a comprehensive analysis of the evolving threat landscape and valuable insights into incident types and vulnerabilities. This year, the report includes the mapping of CIS (Center for Internet…

Read more →

Bradon Rogers, Chief Customer Officer at Island, provides an overview of the Island Enterprise Browser. Learn more at Infosecurity Europe 2023 – June 20-22, 2023. The post What if the browser was designed for the enterprise? appeared first on Help…

Read more →

The rapid pace of globalization, digital transformation, and AI advancements have created a renewed demand for digital and human skills among US learners, according to Coursera. “The rise of digital jobs and remote work is creating unprecedented opportunities for local…

Read more →

In this Help Net Security video, Michael Crandell, CEO of Bitwarden, discusses the future of passwords and authentication. Although interest in passwordless technology, which aims to eliminate the need for passwords, is relatively low, 65% of consumers are receptive to…

Read more →

ESET expanded its unified cybersecurity platform, ESET PROTECT, with a new subscription tier for businesses requiring all-in-one prevention, detection and response. Available immediately, ESET PROTECT Elite delivers enterprises, small and midsize businesses (SMBs), and channel partners with enterprise-grade XDR for…

Read more →

iStorage added a new encrypted flash drive to its highly successful datAshur range. The new datAshur PRO+C, with the Type-C interface, is the flash drive pending the new FIPS 140-3 Level 3 validation scheme. This offers robust guarantees as to…

Read more →

IBM announced plans to expand its longstanding partnership with Adobe to help brands successfully accelerate their content supply chains through the implementation of next-generation AI including Adobe Sensei GenAI services and Adobe Firefly (currently in beta), Adobe’s family of creative…

Read more →

The Microsoft 365 and Azure Portal outages users expirienced this month were caused by Layer 7 DDoS attacks, Microsoft has confirmed on Friday. The DDoS attacks against Microsoft 365 and Azure Portal Throughout the first half June 2023 Microsoft confirmed,…

Read more →

Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web application in less that a month. Previously, the Cl0p cyber extortion gang exploited CVE-2023-34362 to grab…

Read more →

In this Help Net Security video, Nick Mistry, SVP and CISO at Lineaje, offers tips to simplify the process of compliance with U.S. Executive Order 14028. A key part of U.S. Executive Order 14028 is for organizations that work with…

Read more →

When employees, contractors and service providers leave an organization, they take with them knowledge, capabilities, and professional achievements. They should leave behind any proprietary or confidential data belonging to the organization, but Osterman Research found that 69% of organizations polled…

Read more →

Organizations that closely align their cybersecurity programs to business objectives are 18% more likely to achieve target revenue growth and market share and improve customer satisfaction, as well as 26% more likely to lower the cost of cybersecurity breaches/incidents, on…

Read more →

In this Help Net Security round-up, we present parts of previously recorded videos from experts in the field that discuss about how AI technologies will impact the cybersecurity industry in the next few years. AI is a powerful tool in…

Read more →

Decades ago, Tony Turner, CEO of Opswright and author of Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, faced an SQL Slammer worm. Having been one of the 75,000 infected users, he called upon his skills…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building a culture of security awareness in healthcare begins with leadership In this Help Net Security interview, Ken Briggs, General Counsel at Salucro, discusses how…

Read more →

Virtana acquired cloud observability platform, OpsCruise, a purpose-built cloud-native, and Kubernetes observability platform. OpsCruise’s solution empowers ITOps/DevOps/SRE teams to predict performance degradation and pinpoint its cause. This is enabled by the deep understanding of Kubernetes and popular technologies used in…

Read more →

BSidesLjubljana 0x7E7 is taking place today at the Computer History Museum, and Help Net Security is on site. Here’s a look at the event featuring Solar Designer (Openwall), Boris Sieklik (MongoDB), Darko Kukovec (Infinum), and Daniel Poposki. The post Photos:…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from NETSCOUT, Okta, Quantinuum, Seceon, and Zilla Security. Okta Device Access enables businesses to secure access to both devices and applications As part of Okta’s Workforce…

Read more →

This year, against the backdrop of attacks on everyone from healthcare institutions and schools to financial services organizations, as well as the introduction of legislation across the UK and EU to move security up the agenda, cybersecurity has undoubtedly become…

Read more →

In this Help Net Security video interview, Thomas Roccia, Senior Security Researcher at Microsoft, discusses his new book – Visual Threat Intelligence. The book covers a wide range of topics, including: Threat intelligence fundamentals and methodologies TTP, Diamond Model of…

Read more →

Despite a hardening economic climate, heightened global tensions and the onset of new technology making cybercrime easier, 76% of the CISOs, suggested that no material breaches had occurred and 60% said that no material cybersecurity incident had occurred in the…

Read more →

After two years of pandemic-induced disruption, 2022 was a return to business as usual for the world’s cybercriminals, according to Proofpoint. As COVID-19 medical and economic programs began to wind down, attackers had to find new ways to make a…

Read more →

Coalition announced the Coalition Exploit Scoring System (Coalition ESS), a vulnerability scoring system that helps risk managers mitigate potential cyber threats. Developed by Coalition Security Labs, the company’s research and innovation center, Coalition ESS is a security risk prioritization scoring…

Read more →

T-Mobile and Google Cloud are working together to combine the power of 5G and edge compute, giving enterprises more ways to embrace digital transformation. T-Mobile will connect the 5G ANS suite of public, private and hybrid 5G networks with Google…

Read more →

anecdotes launched an updated version of its Risk Manager Application. Powered by data and automation, the Risk Manager delivers enterprise-level risk management insights and monitoring capabilities, enabling organizations to apply a risk-first approach to a broader Compliance management context. The…

Read more →

OneSpan announced expanded features for OneSpan Notary, a next-generation, all-in-one, cloud-connected solution that enables organizations to transform the way notaries and customers complete agreements and notarize documents in a secure and trusted environment. These new capabilities will now support Remote…

Read more →

VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network Insight), its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-20887, CVE-2023-20888,CVE-2023-20889) CVE-2023-20887 is a pre-authentication command injection vulnerability that…

Read more →

In this Help Net Security video, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber, discusses how cybercriminals employ specialized strategies when targeting energy companies. This is primarily due to the sensitive and valuable information these organizations hold and their…

Read more →

Digital key technology allows mobile devices to streamline approval for everyday access points, making it a fitting solution for the automotive industry. While there are a few different approaches to implementing digital keys for automotive use, a secure digital key…

Read more →

The tension between difficult economic conditions and the pace of technology innovation, including the evolution of AI, is influencing the growth of identity-led cybersecurity exposure, according to CyberArk. The CyberArk’s report details how these issues – allied to an expected…

Read more →

Fiddler Auditor is an open-source tool designed to evaluate the robustness of Large Language Models (LLMs) and Natural Language Processing (NLP) models. LLMs can sometimes produce unwarranted content, potentially create hostile responses, and may disclose confidential information they were trained…

Read more →

What if the enterprise had complete control over the browser? What would it do for security, productivity, for work itself? Ari Yablok, Head Of Brand at Island, invites you to visit Island at Infosecurity Europe 2023 (Stand S75) to learn…

Read more →

The use of MFA has nearly doubled since 2020 and that phishing-resistant authenticators represent the best choice in terms of security and convenience for users, according to Okta. MFA authentication gains traction MFA authentication has steadily gained traction across organizations…

Read more →

Zilla Security announced Zilla Secure and Segregation of Duties (SOD), two SaaS solutions that enable enterprise-wide identity security for cloud-based applications and infrastructure, SaaS, and legacy applications. “Organizations today face a stark reality around their cloud security posture,” said Deepak…

Read more →

Quantinuum launched Quantum Origin Onboard, an innovation in cryptographic key generation that provides quantum computing hardened cyber protection for a wide range of connected devices by maximizing the strength of keys generated within the devices themselves. The risk of cyberattacks…

Read more →

Absolute Software has expanded its differentiated Security Service Edge (SSE) solution with the launch of the Absolute Secure Web Gateway Service. Optimized for hybrid and mobile work models, this new extended offering builds on existing capabilities available in Absolute Secure…

Read more →

HPE announced that Rom Kosla has been appointed Chief Information Officer (CIO). “The performance and agility of our IT team is critical to ensuring our customers and partners have great experiences doing business with us, and that our team members…

Read more →

Zscaler has debuted four new cybersecurity services and capabilities which further extend the power of its Zscaler Zero Trust Exchange cloud security platform. The innovations not only enhance the monitoring and remediation of sophisticated attacks but also deliver a new…

Read more →

Rezilion released Agentless solution, allowing user connection and access to Rezlion’s full feature functionality across multiple cloud platforms. It enables security teams to monitor exploitable attack surfaces in runtime without using an agent to simultaneously minimize security and operational risk.…

Read more →

Kodem has launched from stealth and announced $25M in funding from Greylock and TPY Capital. Kodem will use the funds to launch its platform globally and expand its go-to-market team. The modern software supply chain is viral. Every software component…

Read more →

Silent Push launches with a total of $10M in seed funding led by global cybersecurity specialist investor Ten Eleven Ventures. Silent Push takes a unique approach to identifying emerging cyber threats by providing the most comprehensive view of global internet-facing…

Read more →

Deloitte is working with Amazon Web Services (AWS) to deliver ConvergeSECURITY, a cloud focused security and compliance service. ConvergeSECURITY allows enterprises to accelerate their cloud transformation efforts through a combination of artificial intelligence (AI)-enabled cloud security and compliance product solutions,…

Read more →

Echoworx announced that passkeys have been added to their authentication options. This versatile, advanced authentication method adds to their existing suite of security offerings and provides organizations with another layer of assurance that their data is safe. Organizations that use…

Read more →

Okta announced Okta Device Access, a new product that enables organizations to extend Okta’s Identity and Access Management (IAM) capabilities to secure access to corporate devices for a hybrid workforce. As part of Okta’s Workforce Identity Cloud, the solution will…

Read more →

Sycope is introducing version 2.3 of its network monitoring and security tool. The solution is based on real-time flow analysis enriched with business context and supports companies in securing performance and improving IT security. The new version brings numerous improvements…

Read more →

As a launch partner for the Wiz Integrations (WIN) platform, ContrastContrast Security brings the power of the Contrast Secure Code Platform to WIN, so that customers can seamlessly integrate Contrast’s application security and protections into their existing Wiz workflows. The…

Read more →

Swiss government websites are under DDoS attacks, but several ransomware gangs have also turned their sights on Swiss government organizations, cantonal governments, cities and companies in the last few months. Government sites under DDoS attacks “Several Federal Administration websites are/were…

Read more →

Eviden, an Atos business, announces AIsaac Cyber Mesh, a next generation of cybersecurity detection and response, reinforced by AWS Security Data Lake and powered by generative AI technologies. AIsaac Cyber Mesh offers an advanced end-to-end detection, response, and recovery solution,…

Read more →

Zscaler has unveiled a set of security solutions designed for IT and security teams to leverage the full potential of generative AI while preserving the safety of enterprises’ intellectual property and their customers’ data. By employing its vast data pool,…

Read more →

For many people, life’s fundamental activities are now conducted online. We do our banking and shopping online, turn to the digital realm for entertainment and to access medical records, and pursue our romantic interests via dating sites. That means apps…

Read more →

Business leaders worldwide understand they need to invest in digital transformation to meet a new innovation imperative, despite ongoing macroeconomic pressures and an increasingly uncertain, competitive business environment, according to Insight. The pandemic accelerated transformation in every industry as organizations…

Read more →

According to ESG, 70% of cybersecurity pros expect budget cuts or freezes this year, which, in turn, will trigger project delays and greater vendor scrutiny. Understaffing and low budgets are ever-present challenges, but security teams are uniquely affected by alert…

Read more →

Compliance obligations that support data privacy and cyber risk are nearly ubiquitous. Not only that, but they’re expanding. According to Gartner, government regulations covering these areas of emphasis will apply to five billion citizens and more than 70% of global…

Read more →

61% of SMBs have been hit by a successful cyberattack in the last year, according to BlackFog. The research study, which examined the business impact of cybersecurity for organizations in the US and UK, also revealed the growing importance of…

Read more →

For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today! Microsoft has previously fixed CVE-2023-3079, a type confusion vulnerability in…

Read more →

Open-source code repositories have become integral to developers, enabling them to work faster and more flexibly with the added benefit of collaborating with other developers. While these platforms encourage agility, they can also create security concerns. oak9 has added a…

Read more →

HashiCorp has unveiled new products and solutions to expand HashiCorp’s identity-based security portfolio. These include a new addition for privileged access management (PAM), HashiCorp Boundary Enterprise, and a simplified secrets management SaaS offering, HashiCorp Cloud Platform (HCP) Vault Secrets. These…

Read more →

Google has announced the Google Cyber NYC Institutional Research Program, allocating $12 million to stimulate the cybersecurity ecosystem and establish New York City as the global leader in cybersecurity. The $12 million will go towards research conducted at four of…

Read more →

Cynerio collaborates with Microsoft to integrate with their cloud-native SIEM and SOAR offering Microsoft Sentinel. This collaboration aims to provide the healthcare industry with a comprehensive solution to address the growing security challenges posed by medical and IoT devices. As…

Read more →

Seceon announced two new products designed to quantify and report on the value of the platform for its partners and their clients. Seceon aiSecurity Score360 service provides comprehensive scanning and risk assessments of attack surfaces. It quantifies, prioritizes and benchmarks…

Read more →

GuidePoint Security has announced the availability of its Breach & Attack Simulation as a Service (BASaaS) offering. The new service is designed to help organizations maximize the value from their BAS tools and improve their security posture and the ROI…

Read more →

OneTrust announces enhancements to OneTrust’s data policy engine designed to identify data security, privacy, and governance violations and automatically set and enforce data policies across the entire data ecosystem. Coupled with powerful automation, OneTrust’s data discovery, classification, and governance solutions…

Read more →

Dragos launched the Dragos Global Partner Program to comprise OT cybersecurity technology, services, and threat intelligence. The Dragos Partner Program extends even further by offering training that prepares partners as experts who can offer their customers assessment services based on…

Read more →

NETSCOUT has introduced its Visibility Without Borders (VWB) platform to help organizations keep goods and services flowing by uniting performance, security, and availability under one common data framework. By proactively identifying areas of complexity, fragility, and risk, the platform unlocks…

Read more →

As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. CVE-2023-34362 PoC exploit released Horizon3…

Read more →

Automation Anywhere and Google Cloud announced an expanded partnership that combines the power of generative AI and intelligent automation to accelerate the adoption of AI and make it accessible to every enterprise. Automation Anywhere is utilizing Google Cloud’s large language…

Read more →

Accenture announced a $3 billion investment over three years in its Data & AI practice to help clients across all industries rapidly and responsibly advance and use AI to achieve greater growth, efficiency and resilience. “There is unprecedented interest in…

Read more →

Security leaders are recognizing that cloud and the way cloud security teams work today are becoming increasingly critical to business and IT operations, according to Trend Micro. As a result, cloud security and the foundational practices of their teams will…

Read more →

The advent of 6G communication systems brings forth new possibilities and advancements compared to previous generations. With hyper-connectivity and machine-to-machine communication at its core, 6G aims to bridge the gap between humanity and the world of machines. In this Help…

Read more →

In this Help Net Security video, Denis Mandich, CTO at Qrypt, talks about quantum computing. If we thought AI turned security and privacy on their head, quantum computing will break how we encrypt data today and risk revealing sensitive data…

Read more →

Cyber resilience is a leading strategic priority today, and most enterprises are now pursuing programs to bolster their ability to mitigate attacks. Yet despite the importance placed on cyber resilience, many organizations struggle to measure their capabilities or track their…

Read more →

VMware has unveiled four enhancements to further its digital employee experience (DEX) solution: the general availability of DEX for 3rd party managed devices, DEX for VMware Horizon, AI-driven Guided RCA, as well as the intent to expand Workspace ONE ITSM…

Read more →

TuxCare launched SecureChain for Java service to bolster software supply chain security via continuously secured and free repository service. With 76% of open source code used in the commercial code bases, threat groups see it as an ever-growing opportunity to…

Read more →

Erik Prusch will join ISACA as its new CEO. Based in Washington state, Prusch brings significant tech and leadership experience as a CEO and board director to the organization. “This is an exciting time for ISACA as we’ve expanded globally,…

Read more →

Stellar Cyber announced a new technology partnership with Mimecast, an email and collaboration security company. This powerful technology integration makes it easy for Stellar Cyber and Mimecast customers to swiftly mitigate the risk of damaging email-based attacks, such as phishing…

Read more →

The 2023 Verizon Data Breach Investigations Report (DBIR) has confirmed what FBI’s Internet Crime Complaint Center has pointed out earlier this year: BEC scammers are ramping up their social engineering efforts to great success. BEC attackers targeting the real estate…

Read more →

Progress Software customers who use the MOVEit Transfer managed file transfer solution might not want to hear it, but they should quickly patch their on-prem installations again: With the help of researchers from Huntress, the company has uncovered additional SQL…

Read more →

In response to growing use of generative AI tools, Darktrace launched a new risk and compliance models to help its 8,400 customers around the world address the increasing risk of IP loss and data leakage. These new risk and compliance…

Read more →

Regulatory bodies are taking potential data privacy violations much more seriously this year after a relatively quiet period that followed the enactment of regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We…

Read more →

With the rise of modern trends such as cloud computing and remote work, healthcare institutions strive to balance accessibility, convenience, and robust security. In this Help Net Security interview, Ken Briggs, General Counsel at Salucro, discusses how fostering a culture…

Read more →

Organizations are still grappling with identity-related incidents, with an alarming 90% reporting one in the last 12 months, a 6% increase from last year, according to The Identity Defined Security Alliance (IDSA). Protecting digital identities As identities continue to significantly…

Read more →

Cyber extortion attacks have become increasingly prevalent in recent years, posing a significant threat to organizations of all sizes and industries, according to Orange Cyberdefense. Examining data from a total of 6,707 confirmed business victims, the findings show a fluctuation…

Read more →