Category: Help Net Security

Cyber-risk levels have improved from “elevated” to “moderate” for the first time, but insiders represent a persistent threat for global organizations, according to Trend Micro. Jon Clay, VP of threat intelligence at Trend Micro: “For the first time since we’ve…

Read more →

AppOmni announced free Salesforce Community Cloud Scanner to help organizations secure their Salesforce Community websites from data exposure risks and misconfigurations. Salesforce data leaks recently identified by Krebs on Security have resulted in exposure of numerous Salesforce Community Cloud customers’…

Read more →

The City of Dallas, Texas, has suffered a ransomware attack that resulted in disruption of several of its services. What do we know so far? “Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a…

Read more →

Airgap Networks announced that it is bringing the power of AI to its Zero Trust Firewall with ThreatGPT. Built on an advanced AI/ML model designed to protect enterprises from evolving cyber threats, ThreatGPT delivers a new level of insight and…

Read more →

HUB Security entered into an agreement for up to $16 million in gross proceeds from Lind Global Asset Management VI LLC, an investment entity managed by The Lind Partners, a New York based institutional fund manager (together, “Lind”). This investment…

Read more →

Criminal IP, an OSINT-based search engine provided by AI Spera, launched a new WordPress plugin called Anti-Brute Force, Login Fraud Detector, also known as Criminal IP FDS (Fraud Detection System). This latest development promises to revolutionize the digital security landscape…

Read more →

Arthur introduced a powerful addition to its suite of AI monitoring tools: Arthur Shield, a firewall for large language models (LLMs). This patented new technology enables companies to deploy LLM applications like ChatGPT more safely within an organization, helping to…

Read more →

Intruder has launched its continuous attack surface monitoring capabilities. The company’s new premium plan offering takes vulnerability management to the next level with continuous coverage, increasing visibility and transparency of external attack surfaces. On average, 65 new vulnerabilities are discovered…

Read more →

Protecto announced it has been able to boost the performance of its privacy models on NVIDIA GPUs, allowing the discovery of privacy issues up to 10x faster than before. With the help of powerful NVIDIA GPU technology, Protecto has delivered…

Read more →

Employing proprietary architecture, the Aegis NVX is the first Apricorn encrypted device to feature an NVME SSD inside, to address the immediate protection of raw data delivered directly from its source at high speeds. Initial capacity offerings will be 500GB,…

Read more →

“Since the beginning of 2023 until the end of April, out of 13,296 new domains created related to ChatGPT or OpenAI, 1 out of every 25 new domains were either malicious or potentially malicious,” Check Point researchers have shared on…

Read more →

BSidesLjubljana 0x7E7, a non-profit conference organized by the information security community, will take place on June 16, 2023, at the C111 Computer Museum. The deadline for the call for papers (CFP), initially set for April 30, has been extended for…

Read more →

The success of ChatGPT, a text-generation chatbot, has sparked widespread interest in generative AI among millions of people worldwide. According to Jumio’s research, 67% of consumers globally are aware of generative AI technologies, and in certain markets, such as Singapore,…

Read more →

Ensuring the security of the open-source software that modern organizations depend on is a crucial responsibility of the open source maintainers, especially as attacks on the software supply chain are increasingly common, according to Tidelift. Open source software security In…

Read more →

75% of organizations typically change or update their APIs on a daily or weekly basis, creating a significant challenge for protecting the changing API attack surface, according to Data Theorem and ESG. Insecure APIs plague organizations In a related finding,…

Read more →

Amazon Inspector is designed to manage vulnerabilities by continuously scanning your AWS workloads for software vulnerabilities and unintended network exposure across your entire organization. Upon activation, Amazon Inspector automatically detects all your Amazon Elastic Compute Cloud (EC2) instances, container images…

Read more →

Avetta has released the Cyber Risk Solution, providing a quantitative score that evaluates cyber health in 10 areas and delivers an aggregate grade for each supplier. The Avetta One feature offers a diagnostic cyber health check that identifies potential risk…

Read more →

Keysight Technologies has launched a new cybersecurity partnership program for managed security service providers (MSSP) to improve the security posture of organizations using the breach and attack simulation (BAS) capabilities of Keysight Threat Simulator. Cyberattacks are on the rise and…

Read more →

Dashlane introduced Passwordless Login, a technology that eliminates the need to create a master password to access Dashlane. The company was the first password manager to offer an extension that supports passkeys and this is the next step in that…

Read more →

Five years ago, security researcher Fernandez Ezequiel discovered a vulnerability (CVE-2018-9995) in many digital video recorder (DVR) brands and released a tool for exploiting it. The vulnerability is still being exploited in the wild, FortiGuard Labs warns: the company’s intrusion…

Read more →

ManageEngine announced that its identity security solution, ADSelfService Plus, now offers offline MFA for Windows. This new feature allows organizations to secure their data with next-gen authentication methods that prevent unsecured access to remote machines even when they are disconnected…

Read more →

Vanta launched Vendor Risk Management (VRM) solution, enabling organizations to accelerate, automate and simplify third-party vendor security reviews and due diligence. Featuring vendor auto-discovery and continuous vendor assessment and remediation workflows, Vanta’s VRM offering significantly reduces the time and costs…

Read more →

Users can now create passkeys for their Google account, the company has announced on Wednesday. Passkeys will enable users to sign in to their Google account on all major platforms and browsers with their fingerprint, face recognition, or a local…

Read more →

Location-tracking devices help users find personal items like their keys, purse, luggage, and more through crowdsourced finding networks. However, they can also be misused for unwanted tracking of individuals. Apple and Google jointly submitted a proposed industry specification to help…

Read more →

Immersive Labs announced the launch of the Immersive Labs Resilience Score. The score measures an organization’s workforce preparedness for cyber attacks and breaches based on Immersive Labs’ years of benchmarking data across industry verticals. The score will help organizations identify…

Read more →

T-Mobile has revealed a second data breach that occurred in 2023, which reportedly exposed customer data and account PINs, leaving many T-Mobile users vulnerable to potential fraud and identity theft. What happened? The attack started on February 24 and lasted…

Read more →

In September 2023, Google Chrome will stop showing the lock icon when a site loads over HTTPS, partly due to the now ubiquitous use of the protocol. The misunderstood Lock icon It took many years, but the unceasing push by…

Read more →

Attackers are finding new ways to evade detection and blend in with normal network traffic using HTTP and HTTPS to deliver malware, according to Netskope. On average, five out of every 1,000 enterprise users attempted to download malware in Q1…

Read more →

Development teams utilize automation through Infrastructure as Code (IaC) to facilitate rapid and frequent changes to their cloud-native architectures. Security teams must adopt automation and incorporate security measures into code to keep up with the quickly evolving software development. Now,…

Read more →

As outside economic pressures continue to shape how organizations think and allocate resources, data security continues to be a high priority. Due to their dependence on data to innovate and reduce expenses, many businesses are significantly more exposed to the…

Read more →

Veza has unveiled Veza for SaaS Apps, a solution to deliver access security and governance across SaaS applications, including Salesforce, JIRA, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. The solution allows customers to automate access reviews, find and fix privilege…

Read more →

KnectIQ has introduced SelectiveTRUST, the zero trust-based platform that prevents credential misuse to mount initial intrusions and credential-based privilege escalation by bad actors. Additionally, the security architecture and flexibility of SelectiveTRUST: Assures Trusted Connectivity, secure communication, and data sharing, at…

Read more →

Hopefully, you’ve been working with the Center for Internet Security (CIS) on securing your cloud infrastructure for a while now. Initially, you might have used our CIS Benchmarks and other free resources to manually configure your operating systems in the…

Read more →

Box unveiled Box AI, a new suite of capabilities that will natively integrate advanced AI models into the Box Content Cloud, bringing Box’s enterprise-grade standards for security, compliance, and privacy to this breakthrough technology. Box AI will make it easier…

Read more →

CYTRIO has introduced a data privacy UX platform that includes consent and preference management, do not sell my information, Data Subject Access Request (DSAR) management, and policy templates in one data privacy compliance platform. Businesses of all sizes can now…

Read more →

Trellix expanded support for Amazon Security Lake from AWS, designed to automatically centralize security data from cloud, on-premises, and custom sources into a purpose-built data lake. This offering is designed to enable simpler and faster delivery of Trellix XDR solutions…

Read more →

Spin.AI has partnered with Google to integrate its new Chrome Extension Risk Assessment in Chrome Browser Cloud Management. This free tool gives administrators increased visibility into browser extensions detected across the Chrome ecosystem and allows SecOps teams to better assess…

Read more →

Conceal announced partnership with Moruga to help organizations of all sizes monitor and detect malicious activity at the edge. Moruga’s proprietary Cybhermetics security platform aggregates industry-leading cybersecurity companies to create the Zero Day Protection Suite. This cybersecurity bundle combines a…

Read more →

Appdome has released a pre-built integration between its platform and GitLab that is part of Appdome’s Dev2Cyber Partner initiative to accelerate delivery of secure mobile apps globally. “This new integration allows mobile brands to use GitLab to build any of…

Read more →

A recently patched vulnerability (CVE-2023-21932) in Oracle Opera, a property management system widely used in large hotel and resort chains, is more critical than Oracle says it is and could be easily exploited by unauthenticated remote attackers to access sensitive…

Read more →

There has been a noted increase in malvertising via Google Ads this year, aimed at tricking users into downloading malware; among these malicious payloads is LOBSHOT, an infostealer that can also establish and keep long-term remote control of target computers…

Read more →

The security updating of iPhones, iPads and Macs has entered a new stage: Apple has, for the first time, released a Rapid Security Response to owners of the devices running the latest versions of its operating systems. Apple Rapid Security…

Read more →

Researchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that’s capable of copying saved credentials from the Google Chrome login data folder. ChatGPT has not released an official desktop client, but this bogus version looks remarkably similar…

Read more →

Private AI launched PrivateGPT, a new product that helps companies safely leverage OpenAI’s chatbot without compromising customer or employee privacy. “Generative AI will only have a space within our organizations and societies if the right tools exist to make it…

Read more →

Onfido announced that its Real Identity Platform services are now available for Salesforce Financial Services Cloud customers. Financial Services Cloud customers now have access to a suite of Onfido’s services, including Onfido’s library of global identity verification tools, Studio, Onfido’s…

Read more →

Security analysts face the demanding task of investigating and resolving increasing volumes of alerts daily, while adapting to an ever-changing threat landscape and keeping up with new technology. To complicate matters further, the cybersecurity workforce gap – which increased by…

Read more →

Organizations have strengthened security measures and become more resilient, but threat actors are still finding ways through, according to BakerHostetler. “We launched the Data Security Incident Response Report nine years ago because we recognized that organizations were making data-driven decisions…

Read more →

Insider attacks such as fraud, sabotage, and data theft plague 71% of U.S. businesses, according to Capterra. These schemes can cost companies hundreds of thousands of dollars and the vast majority of businesses (79%) say they take longer to uncover…

Read more →

In this Help Net Security interview, Filipe Beato, Lead, Centre for Cybersecurity, World Economic Forum, shares his expertise on the correlation between the digitization of the manufacturing sector and the rise in cyberattacks. He delves into the far-reaching impact of…

Read more →

Excessive privileges are a continuing headache for security professionals. As more organizations migrate assets to the cloud, users with excessive permissions can expand the blast radius of an attack, leaving organizations open to all sorts of malicious activity. Cloud environments…

Read more →

Companies’ operating models today are significantly more complex than they were just a couple of years ago, according to BeyondTrust. Remote employees accessing key systems and data, more applications, and information stored and flowing through the cloud, are all helping…

Read more →

Bot attacks were previously seen as relatively inconsequential type of online fraud, and that mentality has persisted even as threat actors have gained the ability to cause significant damage to revenue and brand reputation, according to HUMAN. Bad bot traffic…

Read more →

In this Help Net Security video interview, cybersecurity entrepreneur, founder, innovator, and investor William Lin discusses his new book – The VC Field Guide. In this book, Lin demystifies the inner workings of venture capital. He offers a guide on…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Abnormal Security, Arista Networks, Armorblox, BigID, Binarly, Cofense, Cyera, Cynalytica, D3 Security, Eclypsium, GitGuardian, Guardz, Halo Security, Immuta, Malwarebytes, ManageEngine, Netskope, Obsidian Security, Searchlight Cyber,…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RSA Conference 2023 RSA Conference 2023 took place at the Moscone Center in San Francisco. Check out our microsite for related news, photos, product releases,…

Read more →

The UK Cyber Security Councilv has launched the first phase of its certification mapping tool. It has been created to map all available cyber security certifications onto the 16 specialisms identified by the Council, with the first phase now available.…

Read more →

Codenotary has unveiled SBOMcenter, providing a central, secure place for software producers and consumers to freely generate, store and share Software Bills of Materials (SBOMs). In May 2021, the US government issued an executive order requiring federal agencies to adopt…

Read more →

CSI has released its new robust IT Governance Services, which is available within its Advisory Services offering. Coupled with CSI’s Compliance & Risk Management Services, IT Governance Services combines domain expertise with leading compliance technology. The result is a holistic…

Read more →

The Commission adopted the first designation decisions under the Digital Services Act (DSA), designating 17 Very Large Online Platforms (VLOPs) and 2 Very Large Online Search Engines (VLOSEs) that reach at least 45 million monthly active users. These are: Very…

Read more →

Password resets could unnecessarily cost FTSE 100 businesses over $156 million every month, according to MyCena Security Solutions. This raises the question of the necessity of password resets, at a time when organisations must identify cost savings to survive the…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, Arista Networks, Cyera, Eclypsium, Halo Security, Immuta, ManageEngine, and Traceable AI. Abnormal Security expands its platform and launches new products Abnormal Security launched…

Read more →

Generative AI has captured the imagination of millions worldwide, largely driven by the recent success of ChatGPT, the text-generation chatbot. Our new research showed that globally, 67% of consumers have heard of generative AI technologies, and in some markets, like…

Read more →

5G connectivity has reached a tipping point globally as 5G networks are now active in 47 of the world’s 70 largest economies by GDP, according to Viavi. VIAVI revealed that there are 2,497 cities globally with commercial 5G networks, across…

Read more →

Over the last two years, respondents reported a continued reliance on the least secure forms of authentication, including traditional usernames and passwords and one-time passwords (OTPs), according to Yubico. Not all MFA is equal The results are surprising considering 59%…

Read more →

With the iShield Key Pro, Swissbit is expanding its range of hardware security keys with more than simply another FIDO stick. Thanks to the addition of further security standards and features, the new security key provides even more flexibility for…

Read more →

RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. The Early Stage Expo is an innovation space dedicated to promoting up-and-comers in the…

Read more →

RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part 1 of the photos is here, and Part 2 is here. Here are…

Read more →

At RSA Conference 2023, Thales launched CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP), an optional licensed feature to the CipherTrust Data Security Platform. CTE-RWP will elevate the protection of customer files and folders from ransomware attacks via access management controls and…

Read more →

Skyhigh Security announced the addition of several new capabilities to its Security Service Edge (SSE) portfolio at RSA Conference 2023. The features and functionality converged in the Skyhigh Cloud Platform reinforce Skyhigh Security’s mission to protect the world’s data with…

Read more →

Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers. The detected campaings “Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in…

Read more →

ThreatX announced the expansion of its platform offering with the release of a new Botnet Console and API catalog 2.0. These new dashboards, unveiled at RSA Conference 2023, will help security teams rapidly investigate automated threats and attempts to abuse…

Read more →

GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private vulnerability reporting feature provides a direct collaboration channel that allows researchers to more easily report vulnerabilities,…

Read more →

The use of artificial intelligence can result in the production of deepfakes that are becoming more realistic and challenging to differentiate from authentic content, according to Regula. Companies view fabricated biometric artifacts such as deepfake videos or voices as genuine…

Read more →

Are we moving too fast with AI? This is a central question both inside and outside the tech industry, given the recent tsunami of attention paid to ChatGPT and other generative AI tools. Nearly all tech companies are moving to…

Read more →

Security compliance often feels like the ever-present task that looms over every angle of your role as Chief Information Security Officer. Yet, regardless of the hours spent managing it, something can always slip through the cracks. In this eBook, we’re…

Read more →

As their hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production environments, CISOs find it increasingly difficult to keep their software secure, according to…

Read more →

Travelers should avoid public USB charging stations at airports, hotels, and other venues, as they may harbor malicious software. Designed for both data and power transmission, USB connections lack a solid barrier between the two. Over the years, as smartphones…

Read more →

Tessian launched Tessian Respond, a major improvement in how security teams identify and respond to email threats compared to traditional secure email gateway solutions. Security teams today face a backlog of end-user reported email threats, missed attacks by traditional controls,…

Read more →

Accenture and Palo Alto Networks are collaborating to deliver joint secure access service edge (SASE) solutions powered by Palo Alto NetworksAI-powered PrismaSASE, enabling organizations to improve their cyber resilience and accelerate business transformation efforts. The transition to remote work and…

Read more →

At RSA Conference 2023, Forcepoint extended the depth and breadth of its Data-first SASE (Secure Access Service Edge) offering with the launch of Forcepoint Data Security Everywhere. Forcepoint is simplifying enterprise DLP management across cloud, web and private apps and…

Read more →

Graylog announced at the RSA Conference 2023 Graylog 5.1 with new incident investigation and enhancements to its cybersecurity solution. Currently available in Beta, version 5.1 of Graylog Security and the Graylog Platform will be GA in May 2023. With the…

Read more →

A group of OT cybersecurity leaders and critical infrastructure defenders introduced their plans for ETHOS (Emerging THreat Open Sharing), an open-source, vendor-agnostic technology platform for sharing anonymous early warning threat information across industries with peers and governments. Founding ETHOS community…

Read more →

RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part 1 of the photos is available here. Here are a few photos from…

Read more →

Eclypsium released Supply Chain Security Platform, enabling an organization’s IT security and operations teams to continuously identify and monitor the bill of materials, integrity and vulnerability of components and system code in each device, providing insight into the overall supply…

Read more →

Cynet announced its presence at RSA Conference 2023 with new updates to its cybersecurity solution. The company is on track to release the latest version of its platform in Q2 2023, with all new domain filtering capabilities, enhanced Playbook Summary…

Read more →

An insecure default configuration issue (CVE-2023-27524) makes most internet-facing Apache Superset servers vulnerable to attackers, Horizon3.ai researchers have discovered. Administrators in charge of Apache Superset instances should check whether they are among that lot, upgrade them to a fixed version,…

Read more →

At RSA Conference 2023, Uptycs unveiled the ability to collect and analyze GitHub audit logs and user identity information from Okta and Azure AD to reveal suspicious behavior as the developer moves code in and out of repositories and into…

Read more →

RSA Conference 2023 is taking place in San Francisco this week, and this video provides a closer look at this year’s event. The post RSA Conference 2023 video walkthrough appeared first on Help Net Security. This article has been indexed…

Read more →

ExtraHop launched ExtraHop IDS, which integrates with the ExtraHop Reveal(x) platform to offer a new, simplified approach to intrusion detection for deeper coverage and full-spectrum investigation. As part of its release, ExtraHop also announced several product enhancements, including Automated Retrospective…

Read more →

At RSA Conference 2023, Code42 announced that it has added real-time blocking capabilities to the Incydr IRM solution. The enhancement allows security teams to prevent unacceptable data exfiltration without the management burden, inaccuracy, and endpoint impact of content-based policies. Insider…

Read more →

Traceable AI launched Zero Trust API Access to help organizations better protect sensitive data, stop API abuse, and align data security programs with broader innovation and business objectives. Traceable’s Zero Trust API Access actively reduces attack surface by minimizing or…

Read more →

At RSA Conference 2023, Sophos announced that its vendor-agnostic Managed Detection and Response (MDR) service has grown its customer base by 33% in the first six months since introducing the service’s ability to ingest and analyze telemetry from third-party security…

Read more →

VMware has fixed one critical (CVE-2023-20869) and three important flaws (CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) in its VMware Workstation and Fusion virtual user session software. The former allows users to run multiple x86-based operating systems on one PC, while the latter runs…

Read more →

ManageEngine, the enterprise IT management division of Zoho Corporation, launched the MSSP Edition of its cloud-based SIEM solution, Log360 Cloud. According to a recent ManageEngine study, organizations are currently facing a shortage of cybersecurity staff. With budgeting constraints and the…

Read more →

Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync (effectively: back up) their codes to their Google account. A long-awaited option Before this update, losing one’s mobile device…

Read more →

In this Help Net Security interview, Eve Maler, CTO at ForgeRock, talks about how digital identities continue to play a critical role in how we access online services securely. Maler also highlights the challenges encountered by various industries in implementing…

Read more →

The increase in reported ransomware victims across Q1 2023 reflects the continued prevalence of ransomware as a worldwide, industry agnostic threat, according to GuidePoint Security. The report is based on data obtained from publicly available resources, including threat groups themselves,…

Read more →

In just under a year’s time, organizations will have had to comply with several new requirements under version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS). About PCI DSS PCI DSS comprises 12 requirements to protect payment…

Read more →

A study conducted among CISOs worldwide from various industries sheds light on their strategies amid a challenging threat environment, identifies obstacles from business functions, and highlights their requirements for achieving success. “Our research shows CISOs are motivated by a mission…

Read more →

Web properties are increasingly relying on third-party JavaScript to increase functionality, but this can also bring inherent risks. A report from Source Defense, which scanned the 4,300 highest-trafficked websites globally, found an average of four third-party scripts per page. Often,…

Read more →