Category: Help Net Security

N-able is collaborating with the Joint Cyber Defense Collaborative (JCDC) to help create a more secure global ecosystem and work towards helping reduce security risk for MSPs and their customers. The Cybersecurity and Infrastructure Security Agency (CISA) established JCDC in…

Read more →

Error messages that ChatGPT and other AI language models generate can be used to uncover disinformation campaigns, hate speech and fake reviews via OSINT collection and analysis, says Nico Dekens, director of intelligence at ShadowDragon. AI-generated content found via Google…

Read more →

Integrating an acquired company into a single organization is a daunting task that can take weeks, months, or even years to complete. To have a successful conclusion to the mergers and acquisitions (M&As) process, identity and access management (IAM) teams…

Read more →

30% of adults have fallen victim or know someone who has fallen victim to an online scam while trying to save money when booking travel, according to McAfee. 34% of those who had money stolen have lost over $1,000 before…

Read more →

While API security remains a top cybersecurity concern this year, there is still an alarming lack of implementation for most companies, according to Traceable AI. Companies overlook API security Companies are struggling with unchecked API sprawl, lack of clarity on…

Read more →

In the fast-evolving landscape of technology and connectivity, ensuring the security of operational technology (OT) systems has become a paramount concern for organizations worldwide. In this Help Net Security video, Daniel Bren, CEO at OTORIO, discusses a significant discrepancy between…

Read more →

Google Cloud announced the opening of its Doha cloud region at an official launch event attended by ministers from the Qatari Cabinet and executives from leading Qatari businesses, with the cooperation of the Ministry of Communications and Information Technology (MCIT)…

Read more →

Onfido acquired Airside Mobile to deliver user-controlled, shareable digital identity designed with data privacy and time-saving convenience at its core. Airside’s shareable digital identity technology has been used by over 10 million travelers and is trusted by major U.S. government…

Read more →

A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after publishing a technical analysis and a PoC script that triggers the vulnerability and achieves a reverse…

Read more →

IBM announced a 10-year, $100 million initiative with the University of Tokyo and the University of Chicago to develop a quantum-centric supercomputer powered by 100,000 qubits. Quantum-centric supercomputing is an entirely new, and as of now, unrealized, era of high-performance…

Read more →

With an increasing number of endpoints and expanding attack surfaces, dodgy apps can offer a way around your firewall. Due to data privacy concerns, Montana has passed the first bill in the United States to ban TikTok. Previously, India has…

Read more →

Managing compliance doesn’t have to be draining, time-consuming, or overly complicated. In this Help Net Security video, Wesley Van Zyl, Senior Manager, Compliance Success at Scytale, discusses how keeping track of all your security controls can be challenging, particularly when…

Read more →

The identity verification market is experiencing a significant surge in growth. In recent years, many solutions have emerged to assist businesses in establishing trust and facilitating remote user onboarding. This demand arises from the alarming rise in identity fraud, which…

Read more →

The demand for robust, reliable, and high-speed connectivity is increasing rapidly in the era of relentless digital transformation. This Help Net Security interview with Tiago Rodrigues, CEO at Wireless Broadband Alliance (WBA), delves into the future of enterprise networking, exploring…

Read more →

Before taking on the role as GM of IAI’s cyber division, Esti Peshin was a member of Israel’s parliament, wielding both legislation and regulation to strengthen the country’s renowned high-tech ecosystem. Despite her commitments, Esti shared with the Left to…

Read more →

The majority of organizations use six or more communication tools, across channels, with email remaining the channel seen as the most vulnerable to attacks (38%), according to Armorblox. Respondents mentioned multi-channel attacks are gaining momentum and frequency. More than half…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409) Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for…

Read more →

Zerto has announced the launch of Zerto 10 for Microsoft Azure, delivering enhanced disaster recovery (DR) and mobility for complete infrastructure flexibility. Zerto 10 delivers a new replication architecture for scale-out efficiency and native protection of Azure Virtual Machines (VMs).…

Read more →

Accenture has made a strategic investment, through Accenture Ventures, in SpiderOak. SpiderOak’s OrbitSecure product suite brings zero trust security to zero gravity environments. OrbitSecure leverages a combination of no-knowledge encryption and distributed-ledger technology in order to meet the demands of…

Read more →

New Relic has unveiled a new, integrated experience for its infrastructure monitoring and application performance monitoring (APM) capabilities that correlates the health and performance of applications and hosts in real-time. Engineers, DevOps, and ITOps can now diagnose application and infrastructure…

Read more →

NTT and Cisco have announced a collaboration to develop and deploy joint solutions that empower organizations to improve operational efficiencies and advance sustainability goals. Leveraging NTT’s Edge as a Service portfolio and Cisco’s IoT capabilities, solutions developed by the two…

Read more →

Zerto launched a new real-time encryption detection mechanism and air-gapped recovery vault for enhanced hybrid cloud protection and security against cyber threats. These new features are part of Zerto 10, which includes advanced detection mechanisms that allow users to monitor…

Read more →

Check Point announces its Next-Generation Cloud Firewall natively integrated with Microsoft Azure Virtual WAN to provide customers with improved security. The integration provides advanced threat prevention and multi-layered network security across public, private and hybrid-clouds, enabling businesses to confidently migrate…

Read more →

Juniper Networks and ServiceNow have formed a partnership to deliver end-to-end automation for managed service providers and enterprises. With this newly formed collaboration leveraging Juniper Mist Cloud and ServiceNow Telecom Service Management and Order Management for Telecom, joint customers can…

Read more →

Strata Identity has unveiled the latest version of the Maverics platform that enables customers to unify ID Orchestration functions between legacy on-premises, modern cloud, and multi-vendor environments without rewriting their applications. With Maverics, businesses easily create a vendor-agnostic identity fabric…

Read more →

Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that “may have been actively exploited.” The notes accompanying the updates also revealed that…

Read more →

Researchers have developed DarkBERT, a language model pretrained on dark web data, to help cybersecurity pros extract cyber threat intelligence (CTI) from the Internet’s virtual underbelly. DarkBERT pretraining process and evaluated use case scenarios (Source: KAIST/S2W) DarkBERT: A language model…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Bitwarden, Cloudflare, ComplyAdvantage, Enzoic, Neurotechnology, Nozomi Networks, and Satori. ComplyAdvantage Fraud Detection identifies and prevents transaction fraud Fraud Detection uses AI and machine learning algorithms…

Read more →

DDoS attacks appear to reflect major geo-political challenges and social tensions and have become an increasingly significant part in the hybrid warfare arsenal, according to Arelion. As the Ukrainian authorities sought a safe harbour for digital state registries and databases,…

Read more →

AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive vulnerability chase, according to Backslash Security. Costly ‘defensive tax’ Notably, 58% of…

Read more →

Phishing scams pose an escalating danger as cybercriminals employ increasingly sophisticated techniques, rendering their detection and prevention more challenging. In this Help Net Security video, Abhilash Garimella, Head of Research at Bolster, talks about the evolution of phishing and scam…

Read more →

1Password has launched Passage by 1Password — a standalone authentication solution that enables businesses to implement passkeys for apps and websites. Passage by 1Password allows businesses to eliminate the hassle of passwords and reduce cart abandonment without building their own…

Read more →

Bitwarden released Bitwarden Passwordless.dev, the developer toolkit with an extensive, easy-to-deploy API for integrating FIDO2 WebAuthn-based passkeys into consumer websites and enterprise applications. The news comes as public interest in passwordless technology is on the rise. Recent research found that…

Read more →

ServiceNow and NVIDIA have joined forces to develop generative AI capabilities that can transform business processes with workflow automation. Using NVIDIA software, services, and accelerated infrastructure, ServiceNow is developing custom large language models trained on data specifically for its ServiceNow…

Read more →

Komprise has released new governance and self-service capabilities that simplify departmental use of Deep Analytics, a query-based way to find and tag file and object data across hybrid cloud storage silos. IT organizations need to maintain data governance and data…

Read more →

Concentric AI announced a deep-learning driven detection capabilities to find any type of hardcoded secrets and key credentials (e.g. API keys, encryption keys, tokens, passwords, etc.) in today’s most popular enterprise on-premise and cloud data repositories, as well as email…

Read more →

ExtraHop released a new capability that offers organizations visibility into employees’ use of AI as a Service (AIaaS) and generative AI tools, like OpenAI ChatGPT. Organizations can now benefit from a better understanding of their risk exposure and whether or…

Read more →

Kyndryl has expanded strategic partnership with SAP focused on developing new solutions to help customers solve their most complex digital business transformation challenges. Under their expanded collaboration, the companies have leveraged SAP Business Transformation Center and vast ERP systems know-how,…

Read more →

Teradata and FICO announced they plan to bring to market integrated advanced analytic solutions for real-time payments fraud, insurance claims, and supply chain optimization. Bringing data, analytics and insights together in one environment streamlines the development of solutions for use…

Read more →

New Relic has announced an integration with AWS Systems Manager Distributor to provide a native experience to automatically deploy the New Relic monitoring infrastructure agent via the AWS Command Line Interface (CLI) and any AWS infrastructure-as-code (IaC) tooling to streamline…

Read more →

BeeKeeperAI has released EscrowAI, a zero trust collaboration platform. EscrowAI leverages Azure confidential computing to resolve the challenges of data sovereignty, privacy, and security. In healthcare, EscrowAI enables HIPAA-compliant research on full PHI without exposing the patient data, thereby reducing…

Read more →

Aqua Security integrates with the ServiceNow to enable joint customers to identify vulnerabilities in running containers with the broadest coverage across operating systems and programming languages, and with the highest accuracy. Security and application teams can automate vulnerability triage, identify…

Read more →

Nine vulnerabilities – 4 of them critical – have been found in a variety of Cisco Small Business Series Switches. PoC exploit code is available (but not public), and there is no indication that they are being exploited in the…

Read more →

A steady increase in cyberattacks and evolving threat landscape are resulting in more organizations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams’ real-world cyber capabilities, according Immersive…

Read more →

In this Help Net Security video interview, Or Weis, Co-Founder and CEO of Permit.io, discusses an innovative approach to managing permissions and access control within applications. We will explore policy as code and how it addresses organizations’ challenges in managing…

Read more →

In this Help Net Security interview, we meet a prominent industry leader. Brian Behlendorf, CTO at the Open Source Security Foundation (OpenSSF), shares insights on the influence of his experiences with the White House CTO office, World Economic Forum, and…

Read more →

The Identity Theft Resource Center (ITRC) has documented incidents of identity theft reported during 2022 and the first quarter of 2023, highlighting the use of strategies by criminals to convince people to willingly share protected information. The number of reported…

Read more →

Acronis has announced the general availability of Acronis Advanced Security + Endpoint Detection & Response (EDR) for Acronis Cyber Protect Cloud. With new capabilities such as AI-based attack analysis, Acronis EDR reduces complexity and simplifies workflows for a more streamlined…

Read more →

Enzoic launched an identity monitoring offering, enabling organizations to continuously track and ensure their users’- whether its customers or employees– personally identifiable information (PII) has not been exposed. This reduces the risk of identity theft and the data being used…

Read more →

Satori has released Posture Management, a new capability within Satori’s platform that monitors the authorization of users to data across all of a company’s data stores. In addition, Satori announced the availability of Data Store Discovery, which scans and monitors…

Read more →

Boomi has released Boomi AI – a conversational user experience that harnesses generative AI to connect and integrate applications, data, processes, people, and things across organizations – creating business outcomes faster than ever before. “The introduction of Boomi AI marks…

Read more →

Next DLP (“Next”) has unveiled a new integration between Splunk and the company’s Reveal platform. The new technology partnership bolsters visibility, protection, and leverages customer’s investment in existing security solutions to improve incident response effectiveness. “Data is constantly in-use and…

Read more →

Barracuda Networks announced a new platform called Barracuda SecureEdge, a SASE solution that helps make hybrid and remote work easier to secure. Barracuda SecureEdge integrates Barracuda’s Secure SD-WAN, Firewall-as-a-Service, Zero Trust Network Access, and Secure Web Gateway capabilities. Using a…

Read more →

Cleo has entered into a global partnership with Cognizant to power the Cognizant Cloud Integration Brokerage (CCIB) for the enterprise market. This new B2B platform-as-a-service solution, which comprises elements from Cleo’s offering, the Cleo Integration Cloud, will be named “CCIB,…

Read more →

ServiceNow has announced new generative AI capabilities for the Now Platform to help deliver workflow automation. The new solutions—ServiceNow Generative AI Controller and Now Assist for Search—expand ServiceNow’s AI functionality with built-in capabilities that apply the power of generative AI…

Read more →

Neurotechnology announced the expansion of the MegaMatcher product line with the release of the MegaMatcher Identity Management System (IDMS). The new end-user-focused system is capable of handling a variety of different tasks from identity registry formation to comprehensive administration for…

Read more →

Ammune.ai (Formerly L7 Defense), has integrated its API security solution ammune, with the Intel NetSec Accelerator Reference Design, providing node-based protection for Kubernetes clusters from API attacks. The deployment architecture incorporates the integration of ammune RT-units with the Intel NetSec…

Read more →

Inseego has launched the next-generation 5G indoor router FX3100, with UScellular. The new upgraded FX3100, which includes the Qualcomm Snapdragon X62 5G Modem-RF System, adds new capabilities to the current generation FX2000. The new FX3100 solution brings fast broadband internet…

Read more →

With BlindBox, you can use Large Language Models without any intermediary or model owner seeing the data sent to the models. This type of solution is critical today, as the newfound ease-of-use of generative AI (GPT4, MidJourney, GitHub Copilot…) is…

Read more →

A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still unfixed and that…

Read more →

Zscaler announced that Syam Nair has been appointed as the company’s Chief Technology Officer and EVP of Research and Development. In this role, Nair will be responsible for driving the research and development engines to expand Zscaler’s Zero Trust Exchange…

Read more →

Amartus has partnered with ServiceNow to offer Enterprises and Service Providers a combined solution for rapid implementation of MEF LSO (Life-cycle Service Orchestration) industry standard processes and APIs to automate trading & operation of services that underpin todays Enterprise Network…

Read more →

Veza has unveiled that the Veza Authorization Platform is now available on the Snowflake Data Cloud. With this integration, joint customers can now manage access permissions and secure their sensitive data at scale. By leveraging the Snowflake Data Cloud, Veza…

Read more →

Entro announced $6 million in seed funding led by StageOne Ventures and Hyperwise Ventures. Founded by CEO Itzik Alvas and CTO Adam Cheriki to address secret-based breaches, Entro continuously monitors and protects secrets and programmatic access to cloud services and…

Read more →

Eagle Eye Networks and Brivo announced one of the largest investments to date in cloud physical security. SECOM, one of the largest security integration companies in the world, according to Forbes Global 2000, has made a primary equity investment of…

Read more →

A Chinese state-sponsored APT group implanted malicious firmware into TP-Link routers as part of attack campaigns aimed at European foreign affairs entities, say Check Point researchers. Custom malicious firmware for TP-Link routers The malicious firmware was exclusively created for TP-Link…

Read more →

A week after Twitter announced it will be removing idle accounts after 30 days of inaction, Google has updated its account inactivity policy. Updates to the Google account inactivity policy Google says that the updated policy is effective immediately, but…

Read more →

Sophos researchers uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users. These apps have popped up in the Google Play and Apple App Store. Because the free versions have near-zero functionality and constant ads, they coerce unsuspecting users…

Read more →

A new risk emerges in the digital era, where open-source software has become a fundamental pillar in developing innovative applications. The threat? Malicious open-source components. In this Help Net Security video, Henrik Plate, Lead Security Researcher at Endor Labs, discusses…

Read more →

In 2021, the Biden Administration published the Executive Order on Improving the Nation’s Cybersecurity (EO 14028), setting off an agency-wide security initiative with the ultimate objective of standardizing security requirements across the Department of Defense (DoD) and the Federal Civilian…

Read more →

The Center for Internet Security (CIS) recently celebrated 20 years of bringing confidence to the connected world with consensus-based security guidance. The first CIS Benchmark was released in 2000. Today, there are more than 100 CIS Benchmarks configuration guidelines across…

Read more →

Infostealer malware, which consist of code that infects devices without the user’s knowledge and steals data, remains widely available to buy through underground forums and marketplaces, with the volume of logs, or collections of stolen data, available for sale increasing…

Read more →

Aqua Security has launched Real-Time CSPM, a next-gen cloud security posture management (CSPM) solution, which provides a complete view of multi-cloud security risk, pinpoints threats that evade agentless detection, and reduces noise so security practitioners can identify, prioritize, and remediate…

Read more →

Circle Security has unveiled a joint integration with the ForgeRock Identity Platform. The pre-built on-premises integrated node will help businesses stay ahead of evolving threats and achieve their security goals by integrating identity authentication and privacy protection capabilities into customer…

Read more →

Scality announced its newest release of Scality ARTESCA, its secure S3 object storage software for data deployments starting at a few terabytes. Over a dozen innovations in ARTESCA 2.0 strengthen cyber resiliency through a hardened, reduced attack surface that minimizes…

Read more →

Leostream has unveiled federated identity management with Zero-Trust Network Access (ZTNA) for secure remote computing. Built to protect and connect users across virtual desktop infrastructure (VDI), desktops-as-a-service (DaaS), and end-user computing (EUC) applications in Amazon Web Services (AWS) environments, the…

Read more →

Criminals have never had more avenues through which to defraud people. This has been fueled by the proliferation of technology ranging from instant messaging to new forms of remittance, like P2P and real-time payments. That’s why ComplyAdvantage launched Fraud Detection,…

Read more →

Veriff has partnered with MassPay to provide enhanced identity verification (IDV) services and know your customer (KYC) offerings through its Global Payment Orchestration Platform. With this partnership, Veriff expedites the IDV process for MassPay and its growing customer base, while…

Read more →

Nozomi Networks has introduced Vantage IQ, the AI-based analysis and response engine designed to address security gaps and resource limitations in mission critical operational infrastructure. Available as an add-on to Vantage, Nozomi Networks’ SaaS-based security management platform, Vantage IQ uses…

Read more →

Island announced Self-Protection for the Enterprise Browser, delivering a fundamentally new approach and level of security to enterprise work. Island has introduced the ideal solution for organizations with extremely sensitive data and applications, to ensure safe operation even on devices…

Read more →

Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. A clever payment request fraud The fraud attempt begins with an email containing a…

Read more →

IBM has acquired Polar Security, an innovator in technology that helps companies discover, continuously monitor and secure cloud and SaaS application data – and addresses the growing shadow data problem. This news marks IBM’s 5th acquisition in 2023. Since Arvind…

Read more →

CellTrust is teaming up with Proofpoint to help organizations manage mobile communication information risk and improve investigative readiness. As the number of mobile communication channels (text, chat, voice, app to app) grows, highly regulated organizations are relying on technology to…

Read more →

Confluent has unveiled new Confluent Cloud capabilities that give customers confidence that their data is trustworthy and can be easily processed and securely shared. With Data Quality Rules, an expansion of the Stream Governance suite, organizations can resolve data quality…

Read more →

SolarWinds announces it’s adding transformative artificial intelligence (AI) and machine learning (ML) capabilities to its IT service management (ITSM) solutions. The new AI features include a virtual agent to help users solve everyday IT problems and guided incident resolution to…

Read more →

French electronics manufacturer Lacroix closed three factories as a result of a cyberattack they “intercepted” over the weekend, the company has announced on Monday. Lacroix designs and produces electronic equipment for the automotive, home automation, aerospace, industrial and health sectors,…

Read more →

As part of Google’s commitment to building a strong cybersecurity workforce, the Google Cybersecurity Certificate offers an affordable and accessible pathway to a career in cybersecurity. In this Help Net Security interview, Phil Venables, CISO at Google Cloud, sheds light…

Read more →

Meta has unveiled Chat Lock within WhatsApp, a feature that allows users to keep sensitive and intimate conversations safe from prying eyes. WhatsApp Chat Lock (Source: WhatsApp) Enabling Chat Lock By tapping on a one-to-one or group conversation, users can…

Read more →

Corvus Insurance analyzed data from the dark web and ransomware leak sites. Researchers uncovered a 60% increase in ransomware victims in March 2023, marking the highest monthly victim count observed in the past two years. In this Help Net Security…

Read more →

Zero trust adoption is beginning to accelerate as networks get more complex. Gartner predicts that by 2026, 10% of large enterprises will have a comprehensive, mature, and measurable zero-trust program in place (compared to just 1% today). But adoption has…

Read more →

Parablu has unveiled a multi-year agreement with Microsoft that integrates engineering, go-to-market activities, and co-selling of Parablu’s BluVault and the Ransomware Defense Suite Software-as-a-Service (SaaS) offerings. Parablu will leverage Microsoft Cloud infrastructure and services –– Microsoft Azure and Microsoft 365…

Read more →

SAP has unveiled the next step in its long-standing partnership with Microsoft, using the latest in enterprise-ready generative AI innovation to help solve customers’ most fundamental business challenges. The companies will collaborate on integrating SAP SuccessFactors solutions with Microsoft 365…

Read more →

Everbridge and samdesk have expanded its partnership, building on the integration of samdesk’s crisis detection feeds with Everbridge’s CEM suite of products. As a preferred partner, samdesk now integrates directly with Everbridge Visual Command Center (VCC) through a samdesk connector…

Read more →

Cloudflare has extended its SASE platform, Cloudflare One, to generative artificial intelligence (AI) services. Cloudflare One for AI, a suite of zero trust security controls, will enable enterprises to safely and securely use the latest generative AI tools without putting…

Read more →

Three vulnerabilities in Advantech’s EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level. Source: CyberDanube The vulnerabilities Serial device servers are networking devices that “network-enable” serial devices (e.g., printer, climate control system,…

Read more →

We all have witnessed automated advances creep into our modern threat hunting processes – and with good reason. As the rate of cyberattacks steadily increases, automated threat hunting processes are being integrated to help stem the tide by providing quicker…

Read more →

With an ever-evolving landscape of cyber threats, the necessity for innovative, effective, and user-friendly security products has never been more apparent. Current security solutions, however, seem to lag behind, struggling to adequately address the challenges posed by increasingly sophisticated cyber-attacks.…

Read more →

In 2022, 47.4% of all internet traffic came from bots, a 5.1% increase over the previous year, according to Imperva. The proportion of human traffic (52.6%) decreased to its lowest level in eight years. Bad bot traffic For the fourth…

Read more →

For its recent research focusing on web entities (or content served over HTTP), Censys leveraged its internet-wide scan data to understand better the applications and services that have become core to our existence, evaluating the state of security on the…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Dragos blocks ransomware attack, brushes aside extortion attempt A ransomware group has tried and failed to extort money from Dragos, the industrial cybersecurity firm has…

Read more →