Category: Help Net Security

Fortinet has released several versions of FortiOS, the OS/firmware powering its Fortigate firewalls, without mentioning that they include a fix for CVE-2023-27997, a remote code execution (RCE) flaw that does not require the attacker to be logged in to exploit…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cl0p announces rules for extortion negotiation after MOVEit hack The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by…

Read more →

The Forum of Incident Response and Security Team (FIRST) has elected a new chair and appointed a new cyber security expert to its Board of Directors. Bringing a wealth of knowledge and experience, current board member Tracy Bills was chosen…

Read more →

Kyndryl unveiled a Cybersecurity Incident Response and Forensics (CSIRF) service to help customers proactively prepare for and respond to threats by applying the latest threat intelligence and experience from Kyndryl’s deep domain security experts. The new service helps customers investigate…

Read more →

eSentire introduces MDR for Network on AWS offering, extending its proprietary, on-premises network software to AWS cloud environments as a SaaS-based solution. As organizations continue to scale in the cloud, more than half of network detections will be cloud-based by…

Read more →

Barracuda Networks is urging customers running phyisical Email Security Gateway (ESG) appliances to replace them immediately, “regardless of patch version level.” Vulnerability identification and disclosure Barracuda has identified a critical vulnerability (CVE-2023-2868) in their ESG appliances on May 19, 2023,…

Read more →

Guardz has unveiled a new AI-powered Multilayered Phishing Protection solution to help small and medium-sized enterprises (SMEs) and managed service providers (MSPs) prevent phishing attacks before their security is compromised. The solution uses AI to provide small businesses and the…

Read more →

Gigamon announced that its Deep Observability Pipeline now delivers network-derived application metadata intelligence (AMI) into Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers,…

Read more →

Insight Enterprises is launching a new service offering designed to help unlock the vast potential of generative AI to drive value to clients’ businesses. Insight Lens for GenAI builds on Insight’s deep capabilities in enterprise applications, data platforms, technical architecture…

Read more →

OneTrust announces new data source connectors for OneTrust Data Discovery, bringing the total number of out-of-the-box connectors to over 200. This allows organizations to scan, classify, inventory, and remediate data from virtually any data source. “Data is created at unprecedented…

Read more →

VanDyke Software released the VShell 4.9 server, adding public key to the authentication methods supported by SFTP virtual roots. SFTP virtual roots allow system administrators to configure VShell to automatically transfer files to a remote SFTP server. Files uploaded to…

Read more →

Deepwatch announced a global strategic partnership with Lacework to offer organizations comprehensive and proactive security solutions. This strategic partnership combines Deepwatch’s MDR expertise with Lacework’s advanced cloud security analytics, providing enterprises with an unmatched level of protection against modern cyber…

Read more →

Blackpoint Cyber has received a $190 million growth investment led by Bain Capital Tech Opportunities, with participation from Accel. Bain Capital Tech Opportunities and Accel join existing investors including Adelphi Capital Partners, Telecom Ventures, Pelican Ventures and WP Global Partners.…

Read more →

The odd month-to-month pattern of CVEs addressed by Microsoft continued with the May Patch Tuesday. After seeing high numbers for April, we saw 20 and 23 CVEs fixed for Windows 11 and 10, respectively, in May. And after 62 CVEs…

Read more →

As cyberattacks intensify, more and more organizations recognize the need to have a strong security culture for all employees, according to Fortinet. Employee cybersecurity awareness The most recent report from Fortinet’s FortiGuard Labs found that ransomware threats remain at peak…

Read more →

In this Help Net Security video interview, Alan Watkins, CIS Controls Ambassador, CIS, talks about his new book – Creating a Small Business Cybersecurity Program, Second Edition. This book provides guidance and essential steps small businesses with 25-50 employees should…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Datadog, Enveedo, Lacework, and NinjaOne. Lacework simplifies cloud security with risk calculation on users’ permissions Lacework announced new CIEM functionality to address the complex…

Read more →

Security executives are overwhelmingly craving more AI solutions in 2023 to help them battle the growing cybersecurity threat landscape, according to Netrix Global. 22% of respondents said that they would like to see more AI used in cybersecurity this year,…

Read more →

The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them – or they will post their…

Read more →

Open-source GitHub cybersecurity projects, developed and maintained by dedicated contributors, provide valuable tools, frameworks, and resources to enhance security practices. From vulnerability scanning and network monitoring to encryption and incident response, the following collection encompasses a diverse range of projects…

Read more →

Businesses have been using artificial intelligence for years, and while machine learning (ML) models have often been taken from open-source repositories and built into business-specific systems, model provenance and assurance have not always necessarily been documented nor built into company…

Read more →

In this Help Net Security video, Mattias Fridström, Chief Evangelist at Arelion, talks about the DDoS threat landscape during 2023. DDoS attacks reflect significant geo-political challenges and social tensions and have become an increasingly important part of the hybrid warfare…

Read more →

Despite economic headwinds and IT budget challenges, the world’s CIOs are bullish about the power of technology to deliver value for their organizations, according to Lenovo. Innovation investment concerns among CIOs Despite their optimism, the risks are real, as 83%…

Read more →

Despite prevailing economic headwinds, the market for cybersecurity products and services remains buoyant, according to CCgroup. The study found that 78% of enterprises in the U.S. and 58% in the UK have increased cybersecurity investment in the last year, while…

Read more →

Wipro launched a managed private 5G-as-a-Service solution in partnership with Cisco. The new offering enables enterprise customers to achieve better business outcomes through the seamless integration of private 5G with their existing LAN/WAN/Cloud infrastructure. The changing nature of work and…

Read more →

Elevate Security has unveiled the release of integrations with Cisco Duo, Secure Email, Secure Endpoint, and Umbrella. These integrations add Elevate’s high-confidence user risk quantification and management capabilities to Cisco’s core cyber security offerings, enabling defenders to predict which users…

Read more →

Sentra announced Sentra ChatDLP Anonymizer, a new feature that redacts Personal Identifiable Information (PII) from ChatGPT and Google Bard prompts. ChatDLP enhances organizations’ data security by minimizing the vulnerability of critical data, enabling enterprises to leverage the advantages of new…

Read more →

Cyera’s integration with Azure OpenAI enables Cyera customers to make faster, more informed decisions about data security, privacy, and governance. Cyera’s data security platform empowers security teams to take action by automatically deriving business context and understanding the intent behind…

Read more →

With Tines Cases, security and IT teams can manage and track incidents, investigate security breaches, and manage response activities. The new solution extends the strength of the Tines platform by empowering teams to collaborate on anomalies and build better automations…

Read more →

Wind River has introduced Wind River Studio Linux Security Scanning Service that provides professional-grade scanning to identify Common Vulnerabilities and Exposures (CVEs). Tuned to the unique needs of embedded Linux development, it also indicates whether a remediation solution is already…

Read more →

Commvault announced new security capabilities across its entire portfolio. Signaling the next phase in its evolution, Commvault is helping businesses secure, defend, and recover their data to meet increasingly sophisticated cyberthreats head on. As part of these capabilities, Commvault has…

Read more →

Island announced the first password manager natively built into an enterprise browser, providing IT teams and employees with powerful new capabilities to eliminate password abuse, help ensure organizational custody of corporate passwords, and embrace passwordless user authentication flows. By offering…

Read more →

SAIC launched Trust Resilience, a holistic approach to support government agencies adopting the mandated zero trust architecture. “Trust Resilience builds security into IT modernization, delivering protection and compliance of mission-critical resources no matter where organizations are on their technology modernization…

Read more →

A number of ransomware gangs have stopped using malware to encrypt targets’ files and have switched to a data theft/extortion approach to get paid; 0mega – a low-profile and seemingly not very active threat actor – seems to be among…

Read more →

Immersive Labs and Accenture are working together to launch the Cyber Million program that aims to solve the cybersecurity talent deficit by increasing access to one million entry-level cybersecurity operations jobs over the next decade. The beta version of the…

Read more →

CoSoSys announced that it will provide same-day support for the upcoming macOS Sonoma release. MacOS Sonoma (macOS 14) is scheduled for release later in 2023. CoSoSys customers using its Endpoint Protector solution for Device Control and DLP, will be able…

Read more →

Velotix has released a three-tiered architecture for its security platform that enables enterprises to transition towards fully automated data access. By beginning with data discovery and auto-tagging, and then evolving towards AI powered data access and automatic policy generation, Velotix…

Read more →

Cisco launched a Full-Stack Observability Platform—a vendor-agnostic solution that harnesses the power of the company’s full portfolio. It delivers contextual, correlated, and predictive insights that allow customers to resolve issues more quickly and optimize experiences, while also minimizing business risk.…

Read more →

Network Perception introduced its next-generation NP-View platform, providing improved scalability and throughput, making OT network path analysis and reporting more comprehensive. The new NP-View platform, version 4.2, powered by a second-generation path analysis algorithm, offers significant performance improvements, including faster…

Read more →

Cloudbrink launched a software-only solution that replaces hardware based VPN and SD-WAN appliances for power users in the hybrid workplace. The Cloudbrink app with bridge mode delivers 30 times the performance of small branch office and home routers while reducing…

Read more →

Nile announced a new integration with Palo Alto Networks. With the integration, joint customers can now benefit from a highly integrated solution that brings together Nile Access Service for enterprise campus (NaaS) and Palo Alto Networks Next-Generation Firewalls (NGFWs). Globally,…

Read more →

Prism Infosec has identified two high-risk vulnerabilities within the Aspect Control Engine building management system (BMS) developed by ABB. ABB’s Aspect BMS enables users to monitor a building’s performance and combines real-time integrated control, supervision, data logging, alarming, scheduling and…

Read more →

Google has fixed a high-severity vulnerability in the Chrome browser (CVE-2023-3079) that is being exploited by attackers. About the vulnerability CVE-2023-3079 is a vulnerability that stems from a type confusion in the V8 JavaScript engine, and has been uncovered by…

Read more →

In my last post I discussed how developers can be your security secret weapon… but how to help them love doing security work? That’s a whole other challenge! Stories of the tension between developers and security teams are a longstanding…

Read more →

Many recent breaches and data leaks have been tied back to SaaS apps, according to Adaptive Shield. “We wanted to gain a deeper understanding of the incidents within SaaS applications and how organizations are building their threat prevention and detection…

Read more →

Applications developed by public sector organizations tend to have more security flaws than applications created by the private sector, according to Veracode. The findings are notable because increased numbers of flaws and vulnerabilities in applications correlate with increased levels of…

Read more →

In this Help Net Security video, Ed Adams, CEO of Security Innovation, discusses the shifts in cybersecurity training. 60% of companies now include realistic simulations in their cybersecurity training programs compared to 36% in 2020. According to Security Innovation research,…

Read more →

DigiCert has partnered with ReversingLabs to enhance software security by combining advanced binary analysis and threat detection from ReversingLabs with DigiCert’s enterprise-grade secure code signing solution. DigiCert customers will benefit from improved software integrity through deep analysis that shows their…

Read more →

Lacework announced new CIEM functionality to address the complex and growing challenges in managing identity threats and unnecessary risk within public cloud environments. With over 35,000 granular permissions across hyperscale cloud providers, organizations can struggle to maintain an overview and…

Read more →

Trulioo released new capabilities for automated business and person verification workflows. The latest update bolsters Trulioo global leadership by expanding geographic coverage and localization for person verification and further automating business verification processes to reduce costly manual reviews. With the…

Read more →

NinjaOne announced enhancements to NinjaOne Patch Management, delivering the latest automated patching solutions to maintain business operations and keep organizations secure. Patching is a tedious, time-consuming task but also a critical step to secure modern IT environments, where technology experts…

Read more →

BlackBerry announced a partnership with Upstream Security to enable automakers to strengthen the overall security posture of their vehicles, by leveraging the rich telemetry data and edge compute capabilities from BlackBerry IVY. Upstream’s cloud-native Vehicle Detection and Response (V-XDR) platform…

Read more →

Datadog released Workflow Automation, a new product that enables teams to automate end-to-end remediation processes—with out-of-the-box actions and pre-built templates—across all systems, apps and services to help identify, investigate and resolve service disruptions and security threats faster. DevOps, SRE and…

Read more →

Fingerprint launched Fingerprint Pro Plus, featuring the company’s latest innovation, Smart Signals. These new capabilities provide real-time, actionable intelligence that builds on Fingerprint’s browser and device identification signals which more than 6,000 companies use to help fight and prevent fraud.…

Read more →

Appdome has integrated its platform with GitHub to accelerate the delivery of secure mobile apps globally. GitHub Actions is now part of the Appdome Dev2Cyber Agility Partner Initiative to accelerate the delivery of secure mobile apps globally. With this new…

Read more →

Enveedo has launched its Strategy Execution Platform for Security that enables organizations to build and maintain cyber resiliency. The platform includes a risk management engine, on-demand access to vCISO guidance, and a real-time centralized view of the organization’s systems, assets,…

Read more →

Verizon Business today released the results of its 16th annual Data Breach Investigations Report (2023 DBIR), which analyzed 16,312 security incidents and 5,199 breaches. Chief among its findings is the soaring cost of ransomware – malicious software (malware) that encrypts…

Read more →

1Password begins to offer customers the ability to save and sign into online accounts with passkeys. This summer, early adopters can begin unlocking their 1Password account with a passkey. “Our mission is to help people safeguard their digital identities and…

Read more →

IDnow announces the expansion of its platform to include fully automated document liveness capabilities, data checks and Financial Risk Checks as well as new fraud prevention features. The platform expansion will also include a central, no-code workflow management tool. Document…

Read more →

Zoom has introduced a new range of privacy enhancements and tools to make sure users have control over their data and their privacy preferences. These enhancements not only cater to global customers but also include features specifically designed for users…

Read more →

The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Victimized organizations The confirmed victims so far are Zellis, “UK…

Read more →

In this Help Net Security video, Michael Rinehart, VP of Artificial Intelligence at Securiti.ai, discusses a dark side to generative AI that isn’t talked about enough. Organizations must remember that anything that goes into the learning process can never be…

Read more →

Apple announced its latest privacy and security innovations, including major updates to Safari Private Browsing, Communication Safety, and Lockdown Mode, as well as app privacy improvements. Additionally, Apple introduced new features designed with privacy and security at their core, including…

Read more →

“Once a new technology rolls over you, if you’re not part of the steamroller, you’re part of the road.” – Stewart Brand The digital world is vast and ever-evolving, and central to this evolution are large language models (LLMs) like…

Read more →

67% of consumers are aware of generative AI technologies but they overestimate their ability to detect a deepfake video, according to Jumio. Generative AI awareness among consumers Awareness of generative AI and deepfakes among consumers is high — 52% of…

Read more →

CISOs and ITDMs (IT security decision-makers) continue to be most occupied with business, IT and security program strategy, but they are spending less time on threat research, awareness and hunting compared to 2022, according to Nuspire. The ever-evolving cybersecurity landscape…

Read more →

Traceable AI announced API Security Reference Architecture for Zero Trust. This reference architecture serves as a guide for security leaders as the industry addresses the urgency of integrating API Security into zero trust security initiatives. Zero trust, a cybersecurity framework…

Read more →

After making passkeys available for consumers in early May, Google is now rolling them out for Google Workspace and Google Cloud accounts. This feature will soon be available (in open beta) for more than 9 million organizations and aims to…

Read more →

LogicGate introduced a new OpenAI integration that will help automate and inform GRC processes, including policy generation. Founded in 2015 by seasoned risk consultants, LogicGate automates and centralizes tedious, time-consuming governance, risk, and compliance (GRC) workflows with Risk Cloud, its…

Read more →

The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many…

Read more →

With the availability of the BigID Data Classification App on the ServiceNow Store, this expanded relationship provides more advanced security and privacy capabilities for workflow automations. BigID automates the discovery and classification of personal, regulated, critical, and sensitive data in…

Read more →

AntChain announced a new collaboration with Intel to launch AntChain Massive Data Privacy-Preserving Computing Platform (MAPPIC), a new privacy-preserving computing platform that brings a data privacy protection solution for large-scale AI machine learning. As a Software-as-a-Service (SaaS) platform, MAPPIC is…

Read more →

Malicious bots are taking new forms – a burst of spam and scam text messages led to 18,000+ consumer complaints at the FCC last year. One of the newest scams – artificial inflation of traffic (AIT) – targets the SMS…

Read more →

In today’s rapidly evolving digital landscape, organizations face constant cyber threats that can compromise their sensitive data, disrupt operations, and damage their reputation. Staying informed about the latest cyberattacks and understanding effective protection methods is crucial. This list of free…

Read more →

Are you watching your employees? Though the question may incite thoughts of “Big Brother” and an all-seeing or all-knowing entity, it isn’t quite as ominous as you might think. Employee productivity surveillance technology, or EPST, often tracks statistics such as…

Read more →

As the digital revolution changes the claims process, both carriers and customers are increasingly concerned about data privacy, according to LexisNexis Risk Solutions. More than 60% of consumers have concerns over the security of their personally identifiable information when they…

Read more →

Forced verification and deepfake cases multiply at alarming rates in the UK and continental Europe, according to Sumsub. In Germany alone, forced verification grew by 1500% as a proportion of all fraud cases, from 0.3% in the full year 2022…

Read more →

Katie Boswell spent years on the front lines securing the most critical national infrastructure in energy and life sciences. Yet, earlier in her career, she was told that senior leadership was not for her if she planned on becoming a…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: MOVEit Transfer zero-day attacks: The latest info Progress Software has updated the security advisory and confirmed that the vulnerability (still without a CVE number) is…

Read more →

Digi International has released the latest version of Digi SkyCloud, a solution for monitoring, analyzing and controlling field data. The 23.5 update of SkyCloud introduces a range of new features, giving users effortless systems integrations with remote monitoring and control…

Read more →

OffSec launched a newly expanded OffSec Global Partner Program. With cyber threats becoming increasingly sophisticated, organizations are seeking reliable partners to address the ever-growing demand for skilled cybersecurity professionals. In response to this market need, OffSec’s new program introduces a…

Read more →

Google has tripled the full reward amount for the first security bug report that includes a functional full chain exploit of its popular Chrome browser. Six months of higher rewards for a Chrome full chain exploit The Chrome Vulnerability Rewards…

Read more →

ON2IT announces the addition of the CISA Zero Trust Maturity Model into its Zero Trust as a Service platform, AUXO. Organizations can use ON2IT’s Zero Trust as a Service platform to strengthen cyber defenses and easily embrace Zero Trust. With…

Read more →

Galvanick announced its $10 million seed round. Major investors included MaC Venture Capital, Founders Fund, Village Global, Countdown Capital, Hanover Technology Investment Management, Shrug Capital, 8090 Industries, and over 25 angel investors specializing in cybersecurity, manufacturing, finance, and defense. Galvanick…

Read more →

There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice Progress Software has…

Read more →

Qakbot (aka Qbot) – banking malware-turned-malware/ransomware distribution network – has been first observed in 2007 and is active to this day. The neverending adaptability of this threat is key to its long-term survival and success. “Qakbot operators tend to reduce…

Read more →

As the world’s most powerful military and economic power, the United States also holds another, less impressive distinction: Cyber threat actors target the US more than any other country in the world. In 2022 alone, the FBI received more than…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Bitdefender, ConnectSecure, CYTRACOM, Permit.io, and PingSafe. Permit.io launches FoAz to give frontend developers the keys to security Short for frontend-only authorization, FoAz is a technology…

Read more →

Despite rising labor costs, economic inflation, and companies making an effort to cut back, the salary outlook for IT professionals is positive, according to InformationWeek. Work-life balance and base pay top the list as what matters most to IT professionals…

Read more →

According to Egress, the evolving attack methodologies currently used by cybercriminals are designed to get through traditional perimeter security. “The evolution of phishing emails continues to pose a major threat to organizations, emphasizing the need to enhance defenses to prevent…

Read more →

In this Help Net Security video interview, Rick Howard, CSO of N2K, Chief Analyst, and Senior Fellow at the Cyberwire, discusses his book – Cybersecurity First Principles: A Reboot of Strategy and Tactics. In the book, Howard challenges the conventional…

Read more →

The 1Kosmos BlockID distributed identity cloud service, which unifies identity verification and passwordless authentication, is now available in the AWS Marketplace. This listing makes it easy for customers to test and deploy BlockID, as well as directly procure it in…

Read more →

Resecurity’s Digital Identity Product (IDP) is a solution designed to enhance online security and protect enterprises’ and individuals’ digital identities in an increasingly interconnected world. With the ever-present risk of cyber threats compromising personal information, IDP offers a robust framework…

Read more →

New Relic has announced an integration with the newly launched Amazon Security Lake. With this integration, New Relic customers can access and monitor their Amazon Security Lake security log data and events in New Relic. This allows users to leverage…

Read more →

Cobalt Iron launched Compass NAS Protector, a new set of features in its Cobalt Iron Compass enterprise SaaS backup platform. Intended to aid enterprise NAS and backup administrators, Compass NAS Protector speeds up backups, simplifies management of NAS data, and…

Read more →

WithSecure’s USB armory is an open-sourced, single board computer with a unique form factor and capabilities. It has been used in a variety of applications, including (but not limited to) encrypted storage solutions, hardware security modules (HSM), enhanced smart cards,…

Read more →

Secureworks has launched two new offerings to unify the way industrial organizations prevent, detect, and respond to threats across the OT and IT landscapes. The convergence of OT and IT in the industrial sector brings technological and economic benefits, but…

Read more →

Uptycs has integrated with Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes security data from across AWS environments, SaaS providers, on-premises, and cloud sources into a purpose-built data lake. Amazon Security Lake manages data throughout…

Read more →

CYTRACOM announces a significant update to its ControlOne platform, enabling MSPs to prevent managed clients from evading security requirements and create a passwordless experience for end-users. Managed users are now always on the virtual corporate network, secured by unified global…

Read more →

A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential unauthorized access to the environment,” the company warned…

Read more →