Category: Help Net Security

Nozomi Networks and Cynalytica have unveiled they have partnered to provide a visibility, monitoring and threat detection solution that encompasses both TCP/IP-based and non-IP based serial bus and analog connections found in OT and IoT environments. The joint solution simplifies…

Read more →

Stellar Cyber announced support for the Amazon Security Lake from Amazon Web Services (AWS). Organizations using the Stellar Cyber Open XDR Platform and AWS can directly ingest data from the Amazon Security Lake into Stellar Cyber, automatically enabling richer data…

Read more →

Safe Security announced Cyber Risk Cloud of Clouds for predicting and preventing cyber breaches. In contrast to the rest of the industry that takes a reactive approach, SAFE’s Cyber Risk Cloud of Clouds enables organizations to make informed and predictive…

Read more →

Code42 Software has announced the appointment of Wayne Jackson to its board of directors. Jackson boasts an impressive career in enterprise security software and currently serves as the CEO of Sonatype. “We are pleased to welcome Wayne Jackson to Code42’s…

Read more →

Resecurity announced the appointment of Shawn Loveland as its Chief Operating Officer (COO). With an impressive track record of over 35 years in technology and cybersecurity, Mr. Loveland brings extensive experience and expertise to the Resecurity team. His illustrious career…

Read more →

Syxsense announced a partnership with VLCM, an IT solutions and services provider focused on meeting customer needs for cybersecurity, networking, cloud, big data, and more. VLCM is one of Syxsense’s platinum channel partners and offers Syxsense Manage, Syxsense Secure, and…

Read more →

Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident responders “Google Workspace…

Read more →

CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-2023-28771 is a vulnerability that allows unauthenticated attackers to…

Read more →

In this Help Net Security interview, Jay Chaudhry, CEO at Zscaler, talks about connecting and securing remote employees and their devices to access organizational resources from any location. He discusses the potential risks of remote VPN access, the increasing reliance…

Read more →

The cloud is the future of enterprise architecture. It’s economical (to a degree), it’s scalable, it’s flexible and – best of all – it’s someone else’s responsibility. Again, to a point. That’s because the cloud comes with its own set…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Aqua Security, Axiado, Bitwarden, Cloudflare, ComplyAdvantage, Dashlane, Delinea, Enzoic, Feedzai, Immersive Labs, Intruder, Nebulon, NETSCOUT, Neurotechnology, Nozomi Networks, OpenVPN, Private AI, Radware, Satori, Trua, Vanta,…

Read more →

A 25% increase in the use of phishing kits has been recorded in 2022, according to Group-IB. The key phishing trends observed are the increasing use of access control and advanced detection evasion techniques. The rise in evasive tactics, such…

Read more →

Ransomware has become an ever-present threat to individuals, businesses, and even entire nations. In this Help Net Security round-up, we present parts of previously recorded videos from experts in the field that shed light on the pressing ransomware issues. Complete…

Read more →

An essential aspect of organizational operations is effectively responding to and returning from a disruptive event, commonly called disaster recovery. The primary objective of DR techniques is to restore the utilization of crucial systems and IT infrastructure following a disaster.…

Read more →

Bitdefender unveiled GravityZone Security for Mobile, designed to provide organizations with advanced Mobile Threat Detection (MTD) and security for Android, iOS and Chromebook devices, including Chrome extensions. The new offering helps enterprises, managed service providers (MSPs) and their customers gain…

Read more →

Rezilion released its new Smart Fix feature in the Rezilion platform, which offers critical guidance so users can understand the most strategic, not just the most recent, upgrade to fix vulnerable components. Patching is a complicated and noisy process, which…

Read more →

PingSafe launched KSPM module to provide an end-to-end security solution that encompasses the entire container lifecycle, from development to production, helping organizations securely navigate the dynamic landscape of container orchestration. By tightly integrating into PingSafe’s CNAPP platform, KSPM module, along…

Read more →

ConnectSecure is adding deep attack surface scanning and the Exploit Prediction Scoring System (EPSS) to its cybersecurity platform for managed service providers (MSPs) that protect small and midsize businesses. The new capabilities will be fully integrated into the ConnectSecure platform,…

Read more →

If you’re running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else’s behalf. The attack Indicators of the ongoing campaign were first…

Read more →

Permit.io has launched FoAz which enables frontend developers to take access controls into their own hands. Short for frontend-only authorization, FoAz is a technology that empowers frontend developers to use sensitive APIs directly from the frontend, without requiring any backend…

Read more →

Netskope announced an integration between Netskope’s Intelligent Security Service Edge (SSE) platform and Amazon Security Lake from AWS. Amazon Security Lake is a service that automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers, on-premises,…

Read more →

Zyxel has patched a high-severity authenticated command injection vulnerability (CVE-2023-27988) in some of its network attached storage (NAS) devices aimed at home users. About the vulnerability (CVE-2023-27988) The vulnerability was discovered in the devices’ web management interface. “An authenticated attacker…

Read more →

Ping Identity announced PingOne Protect, a new fraud detection and risk management service to prevent account takeover and fake accounts while solving multi-factor authentication (MFA) fatigue for end users. PingOne Protect takes a unique approach to threat protection, combining Identity…

Read more →

Hitachi Vantara introduced Hitachi Data Reliability Engineering (DRE), a suite of consulting services helping organizations improve the quality and consistency of business-critical data. Amid a surge of data from connected devices and applications, organizations are challenged with increasingly complex data…

Read more →

Mirantis announced Lens Control Center, to enable large businesses to centrally manage Lens Pro deployments by standardizing configurations, consolidating billing, and enabling control over outbound network connections for greater security. Over 1 million people use Lens to make them significantly…

Read more →

Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers. By analyzing a year’s worth of APT campaign data they collected from the 200,000+ SMBs that have their security…

Read more →

Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2023.2 Aside from updates for existing tools, a new Kali version usually comes with new tools.…

Read more →

In this Help Net Security interview, Deepika Chauhan, CPO at DigiCert, talks about the importance of maintaining high trust assurance levels for businesses in today’s digital landscape. How does DigiCert define “digital trust,” and why is it essential for businesses…

Read more →

Organizations of all sizes are increasingly falling victim to ransomware attacks and inadequately protecting against this rising cyberthreat, according to Veeam. One in seven organizations will see almost all (>80%) data affected as a result of a ransomware attack –…

Read more →

Protecting operational technology (OT) systems is now more critical than ever as more organizations connect their OT environments to the internet, according to Fortinet. Although IT/OT convergence has many benefits, it is being hampered and handicapped by advanced and destructive…

Read more →

In this Help Net Security video, Jason Lewkowicz, Chief Services Officer at Optiv, discusses mental health in cybersecurity, which needs more attention. There is a confluence of factors – from the cybersecurity talent shortage and reductions in force to volatile…

Read more →

Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability (CVE-2023-2868) resulted in the deployment of three types of malware and data exfiltration. The company did not say how many organizations have…

Read more →

API calls make up the majority of our digital lives. Take, for example, the everyday use of a cloud-based food delivery app, which could involve up to 25 API calls. Between the order being placed, transmission to the restaurant, the…

Read more →

Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organization, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. Barracuda Networks research finds 24% of organizations studied had at least…

Read more →

Threat actors are abusing generative AI to carry out child sex abuse material (CSAM), disinformation, fraud and extremism, according to ActiveFence. “The explosion of generative AI has far-reaching implications for all corners of the internet,” said Noam Schwartz, CEO and…

Read more →

Building a custom cracking rig for research can be expensive, so penetration tester Max Ahartz built one on AWS. In this Help Net Security interview, he takes us through the process and unveils the details of his creation. What motivated…

Read more →

Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. Any vulnerabilities within this software supply chain can jeopardize your and your customers’ safety. In this Help Net Security video,…

Read more →

Over the past year, 4 in 5 financial companies had experienced an increase in the number of verification cases involving foreign documents, according to Regula. The post Digital nomads drive changes in identity verification appeared first on Help Net Security.…

Read more →

65% of organizations in the enterprise sector suffered a cyberattack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to Netwrix. Larger organizations are a more frequent target for cyberattacks The…

Read more →

Media and entertainment (M&E) companies are rapidly turning to cloud storage in efforts to upgrade their security measures, according Wasabi. Survey findings highlighted that, while M&E organizations are still relatively new to cloud storage (69% of respondents had been using…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Wireless Broadband Alliance CEO on key drivers for Wi-Fi adoption in enterprise networks This Help Net Security interview with Tiago Rodrigues, CEO at Wireless Broadband…

Read more →

Edgewater Wireless Systems has announced its next-generation of Wi-Fi Spectrum Slicing powered silicon solutions targeting residential, enterprise and prosumer applications. Building on the latest Wi-Fi standard, WiFi7 (802.11BE), Edgewater’s platform offers more physical channel capacity than single-channel, legacy Wi-Fi architectures…

Read more →

Keysight Technologies introduces the Keysight E5081A ENA-X, the midrange vector network analyzer (VNA) that produces error vector magnitude (EVM) measurements and accelerates the characterization of 5G component designs by up to 50%. Demand for ever-increasing data speeds with ultra-low latency…

Read more →

Coalesce has announced a new partner program to expand training options and teamwork, as well as to help Snowflake Data Cloud customers more effectively manage their modern data stack. The Coalesce Partner Program now features three tiers – Select, Premier,…

Read more →

Hopr has secured $500K in funding from TEDCO, that has invested an additional $300K, doubling down on their initial investment of $200K, which occurred last year. “The outlook for startups has been rocky over the past 12 months due to…

Read more →

Cognigy has entered into a strategic reseller partnership with Black Box. By combining Cognigy’s conversational AI-based technology with Black Box’s comprehensive CX solution practice, including a global network of CX professionals, the companies will deliver AI-based solutions that drive customer…

Read more →

Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low volume, targeted, and use trusted cloud services to send emails and host content (Microsoft and Adobe),” say Trustwave researchers…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Axiado, Delinea, Netscout, Radware, and Veriff. Delinea Cloud Suite updates reduce the risk of lateral movement in cybersecurity breaches Delinea Cloud Suite updates include more…

Read more →

A newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems. Use of public exploits One notable aspect of the attackers leveraging the Buhti ransomware is their…

Read more →

Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low volume, targeted, and use trusted cloud services to send emails and host content (Microsoft and Adobe),” say Trustwave researchers…

Read more →

Cybercriminals are increasingly posing as multi-factor authentication vendors and small businesses are becoming more popular targets, according to VIPRE. Attachment-based malspam is on the rise Financial institutions (48%) are still the most targeted sector by a wide margin. Insider attacks…

Read more →

In this Help Net Security video, Tracy Reinhold, Chief Security Officer at Everbridge, talks about ISO 31030, the officially recognized International Standard for travel risk management, guiding how to manage risks to organizations and travelers. The global pandemic has been…

Read more →

Perception Point’s team has identified a 356% increase in the number of advanced phishing attacks attempted by threat actors in 2022. Overall, the total number of attacks increased by 87%, highlighting the growing threat that cyber attacks now pose to…

Read more →

In its inaugural 2023 Offensive Security Vision Report, NetSPI unveils findings that highlight vulnerability trends across applications, cloud, and networks. Vulnerability patterns The report offers a look back — and forward — at some of the most significant vulnerability patterns…

Read more →

NordPass has unveiled that its password manager now offers new features. NordPass Premium users can attach up to 3GB of files to items stored in NordPass. The company is also allowing its customers to customize their password items. The latest…

Read more →

Tufin announced the R23-1 release of its Tufin orchestration platform. The latest release extends security teams’ visibility and control into the cloud, enabling enterprises to better bridge the gaps between network and cloud security. With R23-1, Tufin customers can confidently…

Read more →

Corvus Insurance has unveiled Corvus Signal, the risk prevention solution that brings together brokers, policyholders, and Corvus security experts in partnership. Corvus Signal has been shown to reduce cyber breach frequency and cost by up to 20 percent. The announcement…

Read more →

A clever phishing campaign aimed at stealing users’ business email account credentials by impersonating OpenAI, the company behind the ChatGPT chatbot, has been spotted by Inky researchers. The attack ChatGPT has quickly gained popularity and is used widely by individuals…

Read more →

The National Security Agency (NSA) and Five Eyes partner agencies have identified indicators of compromise associated with a People’s Republic of China (PRC) state-sponsored cyber actor dubbed Volt Typhoon, which is using living off the land techniques to target networks…

Read more →

A vulnerability (CVE-2023-2868) in Barracuda Networks’ Email Security Gateway (ESG) appliances has been exploited by attackers, the company has warned. About CVE-2023-2868 CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001…

Read more →

The widespread adoption of remote and hybrid working practices in recent years has brought numerous benefits to various industries, but has also introduced new cyber threats, particularly in the critical infrastructure sector. These threats extend not only to IT networks…

Read more →

In March 2023, the total number of breaches reported was higher than those reported in the previous three years combined, according to Ivanti. Ransomware groups are continuously weaponizing vulnerabilities and adding them to their arsenal to mount crippling and disruptive…

Read more →

To achieve a diverse and well-trained cybersecurity workforce, organizations recognize the value of a quality training program supported by the pursuit of cybersecurity certifications, according to Security Innovation and Ponemon Institute. The report revealed a growing embrace of realistic simulations…

Read more →

According to Imperva, bad bot traffic grew to 30.2%, a 2.5% increase over 2021. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses malicious bot activity. This is a substantial threat for businesses, leading to…

Read more →

DataRobot has partnered with Microsoft to accelerate AI adoption in the enterprise. The collaboration will include integrations with Microsoft Azure OpenAI Service, Azure Machine Learning, and Azure Kubernetes Service (AKS), making it possible for data scientists to use large language…

Read more →

Wipro has expanded partnership with Google Cloud to bring its advanced generative artificial intelligence (AI) capabilities to clients across the globe. Wipro will integrate Google Cloud’s full suite of generative AI products and services—including Vertex AI, Generative AI App Builder,…

Read more →

Kasten by Veeam released its new Kasten K10 V6.0 Kubernetes data protection platform. The new release includes features that will help customers scale their cloud native data protection more efficiently, better protect their applications and data against ransomware attacks, and…

Read more →

Kyndryl has unveiled new services and capabilities to help Red Hat OpenShift customers enhance and expand their ability to more consistently modernize and move core business applications to hybrid cloud environments. Kyndryl’s new integrated services and capabilities, which are part…

Read more →

Dell Technologies introduces Project Fort Zero to provide an end-to-end zero trust security solution for global organizations to protect against cyberattacks. The solution will be validated by the U.S. Department of Defense and is part of a Dell Security portfolio…

Read more →

Honeywell released its operational technology (OT) cybersecurity solution, Honeywell Forge Cybersecurity+ | Cyber Insights, to assist customers in improving the availability, reliability and safety of their industrial control systems and operations. Cyber Insights is designed to integrate information from multiple…

Read more →

Memcyco, the real-time website impersonation detection and prevention solution, has completed a $10 million seed round led by Capri Ventures and Venture Guides. Brandjacking is among the most common forms of cyberattacks globally. Twenty percent of consumers collectively lost more…

Read more →

Cohesity expands partnership with Google Cloud to help organizations unlock the power of generative AI and data. In addition, Cohesity unveiled Cohesity Turing, a unique, comprehensive, and rapidly evolving set of AI technologies that brings the power of AI to…

Read more →

Appdome has released Build-to-Test which enables mobile developers to streamline the testing of cybersecurity features in mobile apps. The new capability allows Appdome-protected mobile apps to recognize when automated mobile app testing suites are in use and securely completed without…

Read more →

Red Hat announced Red Hat Service Interconnect, simplifying application connectivity and security across platforms, clusters and clouds. Based on the open source project, Skupper.io, Red Hat Service Interconnect empowers developers to more seamlessly create trusted connections between services, applications and…

Read more →

Axiado introduced the AX3000 and AX2000 trusted control/compute units (TCUs), a fully integrated AI-driven hardware security platform solutions designed to help detect cybersecurity and ransomware attacks on next-generation servers and infrastructure elements in cloud datacenters, 5G networks, and network switches.…

Read more →

Dell introduces Dell NativeEdge, an edge operations software platform, designed to help businesses simplify and optimize secure edge deployments. Customers can streamline edge operations across thousands of devices and locations from the edge to core data centers and multiple clouds.…

Read more →

A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorized access to a computer with intent to commit other offences, after pleading guilty during a hearing at Reading Crown Court, England. IT…

Read more →

GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft’s Azure DevOps Services. Enabling GitHub Advanced Security for Azure DevOps (Source: Microsoft) What is GitHub Advanced Security for Azure DevOps? GitHub Advanced…

Read more →

Sekoia.io raised €35 million in a new round of financing from Banque des Territoires, European investor Bright Pixel (former Sonae IM) and its historical investors Omnes Capital, Seventure and BNP Paribas Développement. The fundraising follows a previous round of €10M…

Read more →

Opti9 has been selected by Wasabi Hot Cloud Storage as a Technical Alliance Partner to offer integrated disaster recovery and artificial intelligence (AI) powered ransomware detection services. As result of this trusted partnership, Wasabi clients can now natively integrate a…

Read more →

Researchers from Cado Labs recently encountered an update to the emerging cloud-focused malware family, Legion. This sample iterates upon the credential harvesting features of its predecessor, with a continued emphasis on exploiting PHP web applications. In this Help Net Security…

Read more →

ESET researchers have discovered a trojanized Android app named iRecorder – Screen Recorder. It was available on Google Play as a legitimate app in September 2021, with malicious functionality most likely added in August 2022. During its existence, the app…

Read more →

The presence of each third-party application increases the potential for attacks, particularly when end users install them without proper oversight or approval. IT security teams face challenges in obtaining comprehensive knowledge about the apps connected to their corporate SaaS platforms,…

Read more →

Samsung’s recent discovery that employees had uploaded sensitive code to ChatGPT should serve as a reminder for security leaders to tread carefully when it comes to integrating new artificial intelligence tools throughout their organizations. Shadow AI Employees are using the…

Read more →

Legal and compliance leaders should address their organization’s exposure to six specific ChatGPT risks, and what guardrails to establish to ensure responsible enterprise use of generative AI tools, according to Gartner. “The output generated by ChatGPT and other large language…

Read more →

In this Help Net Security interview, we sit down with Dr. Atsushi Yamada, the newly appointed CEO of ISARA, a security solutions company specializing in creating quantum-safe cryptography. With over two decades of experience in cryptography and cybersecurity, Dr. Yamada…

Read more →

Red Hat Advanced Cluster Security Cloud Service brings together Kubernetes-native security capabilities with the convenience and support of a fully Red Hat-managed offering. The cloud service enables organizations to take a security-forward approach to building, deploying and maintaining cloud-native applications…

Read more →

Hornetsecurity launched 365 Permission Manager – a user-friendly, admin-centred solution to manage permissions, enforce compliance policies, and monitor violations within Microsoft 365 (M365). This innovative solution brings ease and order to the tracking of employee access to M365 sites, files…

Read more →

Delinea announced the latest version of Cloud Suite, part of its Server PAM solution, which provides privileged access to and authorization for servers. Delinea Cloud Suite updates include more granular support for just-in-time (JIT) and just-enough privilege access automation, and…

Read more →

NETSCOUT has introduced Arbor Sightline Mobile and MobileStream to answer mobile network operators’ (MNO) need for scalable, real-time visibility, detection, and mitigation of threats that can impact the performance and availability of 4G/5G mobile consumer services and network infrastructure. NETSCOUT…

Read more →

Red Hat announced Red Hat Trusted Software Supply Chain, a comprehensive solution that enhances resilience to software supply chain vulnerabilities. As part of this solution, two new cloud services, Red Hat Trusted Application Pipeline and Red Hat Trusted Content, join…

Read more →

Stytch’s new offering enables B2B products and applications to build and deliver the enterprise-grade authentication requirements that their customers require, while maintaining a frictionless user experience to maximize conversion and adoption. Authentication is a key requirement for any B2B software…

Read more →

Veriff announced its new Age Estimation solution, built to further streamline the age verification process for customers. Veriff Age Estimation uses facial biometrics to enable users to easily estimate their age with a selfie, rather than having to provide an…

Read more →

Vaultree announces a major leap forward in healthcare data protection, bringing its Fully Functional Data-In-Use Encryption solution to the sector. Coupled with a groundbreaking software development kit and encrypted chat tool, Vaultree’s technology revolutionizes the data encryption landscape, providing full-scale…

Read more →

Radware has introduced a new Cloud Web DDoS Protection solution to minimize the growing gap between standard DDoS mitigation and an emerging generation of more aggressive, layer 7 (L7), HTTPS Flood attacks—also known as Web DDoS Tsunami attacks. Radware’s solution…

Read more →

Conceal has announced a new strategic partnership with White Rock Cybersecurity. “White Rock Cybersecurity is committed to delivering innovative, scalable, and manageable solutions in information technology,” said James Range, CEO of White Rock Cybersecurity. “With the inclusion of Conceal’s Zero…

Read more →

IRONSCALES has partnered with the Infinigate Group to distribute IRONSCALES’ cloud email security platform in the Benelux, the Nordics, and Switzerland regions, with a view to widen the partnership across the wider EMEA territory. “Infinigate is a key partnership for…

Read more →

Fusion Risk Management announced expanded functionality of its third-party risk management (TPRM) offering. The enhanced solution delivers continuous monitoring of third parties beyond its traditional instance as well as an evaluation of potential operational and business impacts that those third…

Read more →

Mastercard and HealthLock have partnered to offer millions of Americans help in protecting themselves against medical bill fraud, claim errors and overcharges. Consumers who link their insurance accounts to the HealthLock platform gain the ability to monitor all healthcare claims…

Read more →

WithSecure has released Cloud Security Posture Management, a new module for its WithSecure Elements security platform, that identifies insecure cloud configurations attackers use to compromise networks. It’s now become commonplace for organizations to incorporate cloud-based infrastructure-as-a-service (IaaS) offerings into their…

Read more →