Category: Help Net Security

Accenture and Google Cloud announced an expansion of their global partnership to help businesses better protect critical assets and strengthen security against persistent cyber threats. Together, they are providing the technology, trusted infrastructure, and security expertise organizations need to build…

Read more →

NetRise announced $8 million in funding, led by Squadra Ventures, with participation by existing major investors Miramar Digital Ventures, Sorenson Ventures and DNX Ventures. NetRise has developed a cloud-based SaaS platform that analyzes and continuously monitors the firmware of Extended…

Read more →

Deep Instinct announced a new partnership with eSentire to protect eSentire customers from unknown and zero-day attacks. As ransomware and data exfiltration become more prevalent and damaging to businesses, the need for proactive cybersecurity has never been greater. Gartner projects…

Read more →

At RSA Conference 2023, Cyera has introduced new operational capabilities in its AI-powered data security platform, to help security teams stop data exfiltration and remediate sensitive data exposures in real time. The company’s Unified Data Explorer provides a way for…

Read more →

Cisco unveiled at the RSA Conference 2023 the latest progress towards its vision of the Cisco Security Cloud, a unified, AI-driven, cross-domain security platform. Cisco’s new XDR solution and the release of advanced features for Duo MFA will help organizations…

Read more →

SecurityScorecard announced at RSA Conference 2023 the launch of a security ratings platform that integrates with OpenAI’s GPT-4 system. With this natural language processing capability, cybersecurity leaders can find immediate answers to high priority cyber risks. The solution was developed…

Read more →

At RSA Conference 2023, Palo Alto Networks Unit 42 unveiled the expansion of its Digital Forensics and Incident Response (DFIR) global service to help organizations understand evolving threats quickly and take swift action to remediate them. The Global Digital Forensics…

Read more →

Even though the adoption of SaaS apps started more than ten years ago, CISOs are still finding it challenging to tackle the accumulated security debt. Significant deficiencies The prevalence of phishing and account takeover attacks has raised significant concerns, as…

Read more →

At the RSA Conference 2023, Thales introduced a new secrets management solution as part of its CipherTrust Data Security platform which unifies the discovery, classification, protection, and control of sensitive data across cloud, on-premises and hybrid environments. Thales’s new secrets…

Read more →

At RSA Conference 2023, Abnormal Security launched three new products focused on expanding security detection for Slack, Microsoft Teams and Zoom. The company is also extending the platform to better model identity behavior through the ingestion of signals from additional…

Read more →

VMware has unveiled new capabilities that deliver lateral security across multi-cloud environments so customers can better see and stop more threats and innovations to its Workspace ONE platform that will better enable organizations to secure their hybrid workforce. VMware Contexa,…

Read more →

At RSA Conference 2023, Ridge Security announced Ridge Security RidgeShield, an automated, cloud workload protection and testing solution. As organizations increasingly move their workloads to the cloud, they face new and complex security challenges that traditional security solutions are not…

Read more →

Google has made available a new tool for Google Workspace admins and security teams to make an assessment of the risk different Chrome extensions may present to their users: Spin.AI App Risk Assessment. The tool is available through the Chrome…

Read more →

GrammaTech and ArmorCode announced a technology integration partnership to help customers automate product security across development, testing, feedback and deployment. The GrammaTech CodeSonar SAST (static application security testing) platform provides deep safety and security vulnerability intelligence to ArmorCode for orchestrating…

Read more →

AWS has unveiled three new capabilities for Amazon GuardDuty, AWS’s threat detection service, that further strengthen customer security through expanded coverage and continuous enhancements in machine learning, anomaly detection, and integrated threat intelligence. GuardDuty is part of a broad set…

Read more →

IBM unveiled at the RSA conference 2023, its new Security QRadar Suite designed to unify and accelerate the security analyst experience across the full incident lifecycle. The IBM Security QRadar Suite represents a major evolution and expansion of the QRadar…

Read more →

An unauthenticated RCE flaw (CVE-2023-27350) in widely-used PaperCut MF and NG print management software is being exploited by attackers to take over vulnerable application servers, and now there’s a public PoC exploit. About the vulnerability According to PaperCut, the attacks…

Read more →

Cyberattackers leveraged more than 500 unique tools and tactics in 2022, according to Sophos. The data, analyzed from more than 150 Sophos Incident Response (IR) cases, identified more than 500 unique tools and techniques, including 118 “Living off the Land”…

Read more →

MITRE is launching its MITRE Caldera for OT tool, which allows security teams to run automated adversary emulation exercises that are specifically targeted against operational technology (OT). At RSA Conference 2023, MITRE is also showcasing its Infrastructure Susceptibility Analysis (ISA)…

Read more →

Arista Networks announced at the RSA Conference 2023 a cloud-delivered, AI-driven network identity service for enterprise security and IT operations. Based on Arista’s flagship CloudVision platform, Arista Guardian for Network Identity (CV AGNI) expands Arista’s zero trust networking approach to…

Read more →

IBM unveiled at the RSA conference 2023, its new Security QRadar Suite designed to unify and accelerate the security analyst experience across the full incident lifecycle. The IBM Security QRadar Suite represents a major evolution and expansion of the QRadar…

Read more →

In this Help Net Security video interview, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, discusses the 12th annual Cybersecurity Insights Report, released at RSA Conference 2023. This comprehensive survey aims to provide insights into the current state of…

Read more →

As digital transformation revolutionizes the healthcare industry, its use of API (application programming interfaces) technology is skyrocketing. APIs, which help users and apps interact and exchange information, are essential tools for healthcare systems striving to achieve greater interoperability. The ability…

Read more →

Phishing scams are a growing threat, and cybercriminals’ methods are becoming increasingly sophisticated, making them harder to detect and block, according to Zscaler report. The report found that a majority of modern phishing attacks rely on stolen credentials and outlined…

Read more →

The lack of visibility into the software supply chain creates an unsustainable cycle of discovering vulnerabilities and weaknesses in software and IT systems, overwhelming organizations, according to Lineaje. Diversity and complexity of the open-source community Lineaje Data Labs analyzed 41,989…

Read more →

As user credentials continue to be a top vector for cyberattacks, organizations are under tremendous pressure to rethink the effectiveness of current authentication initiatives, according to SecureAuth. Additionally, cyber insurance carriers are requiring companies to demonstrate strong controls over authentication…

Read more →

Cybercriminals around the world are using generative artificial intelligence (AI) to execute malicious attacks that can take down companies and governments. SentinelOne plans to use the same technologies to defeat them. The company has unveiled a threat-hunting platform that integrates…

Read more →

The National Cybersecurity Alliance (NCA) launched their Historically Black Colleges and Universities Scholarship Program. Established in partnership with One In Tech, an ISACA Foundation, the initiative will provide support to individuals who are currently underrepresented in the industry by ensuring…

Read more →

At RSA Conference 2023, the key theme for Mend is automation. Their focus is on helping people put their application security programs on autopilot. They encourage and enable the automation of as much of AppSec as possible because the manual…

Read more →

At RSA Conference 2023, Akamai Technologies unveiled Brand Protector, a new solution that detects and disrupts phishing sites, fake stores, and brand impersonations. Brand Protector enables organizations to retain and grow customer loyalty while minimizing loss, drops in productivity and…

Read more →

Flashpoint has released Ignite, a new intelligence platform that accelerates cross-functional risk mitigation and prevention across CTI, vulnerability management, national security, and physical security teams. Ignite combines Flashpoint’s intelligence with an integrated user experience to help organizations streamline workflows, find…

Read more →

D3 Security will unveil its MSSP Client Portal this week at the 2023 RSA Conference. The MSSP Client Portal is a one-stop shop for managed security service providers (MSSPs) and their clients to manage interactions and share information. Taking inspiration…

Read more →

Pieces of the 3CX supply chain compromise puzzle are starting to fall into place, though we’re still far away from seeing the complete picture. In the meantime, we now also know that: The source of the 3CX breach was a…

Read more →

Global median dwell time drops to just over two weeks, reflecting the essential role partnerships and the exchange of information play in building a more resilient cybersecurity ecosystem, according to Mandiant. Modern cyber defense capabilities The report reveals the progress…

Read more →

At RSA Conference 2023, Trellix announced it has expanded its Threat Intelligence portfolio to increase threat expertise and actionable intelligence to help global customers stay ahead of cyber adversaries. The new offerings include Vulnerability Intelligence and Trellix Intelligence as a…

Read more →

VMware has fixed two vulnerabilities (CVE-2023-20864, CVE-2023-20865) in VMware Aria Operations for Logs (formerly vRealize Log Insight), a widely used cloud solution for log analysis and management. About the vulnerabilities (CVE-2023-20864, CVE-2023-20865) CVE-2023-20864, a deserialization vulnerability, could be exploited by…

Read more →

Product security has been driving major changes throughout the automotive, medical, and industrial sectors. However, just a few short years ago, it was a term few knew and even less considered its own discipline. Slava Bronfman, Co-Founder & CEO of…

Read more →

Resecurity is excited to announce its participation at RSA Conference 2023, the cybersecurity event that brings together industry leaders and professionals to share knowledge and insights on the latest trends, threats, and solutions. The event will take place from April…

Read more →

More than ever, organizations are relying on third parties to streamline operations, scale their business, expand and leverage expertise, and reduce costs. In the complex and fast-moving world of cybersecurity-meets-regulations, working with third parties requires diligent third-party risk management oversight…

Read more →

Although interest in passwordless technology, which aims to eliminate the need for passwords, is relatively low, 65% of consumers are receptive to using new technology that simplifies their lives, according to 1Password. Passkeys, the newest and most secure passwordless technology,…

Read more →

Critical exposures outside of an organization’s firewall are the greatest source of cybersecurity threats, according to CybelAngel. Across all industries, these vulnerabilities, composed of unprotected or compromised assets, data and credentials, have proven to be an increasing challenge for organizations…

Read more →

Due to the increasing importance of multi-cloud and the intricate nature of cloud infrastructure, obtaining a comprehensive understanding of the various cloud workloads operating within your system, and ensuring their security, can be challenging. In this Help Net Security video,…

Read more →

Ransomware operators have been increasingly launching frequent attacks, demanding higher ransoms, and publicly exposing victims, leading to the emergence of an ecosystem that involves access brokers, ransomware service providers, insurance providers, and ransom negotiators, according to Deepwatch. Evolving threats The…

Read more →

Expel has released Expel Vulnerability Prioritization, a new solution that highlights which vulnerabilities pose the greatest risk, so organizations can take immediate, informed action. The solution empowers security teams to understand their most urgent risk areas within their detection and…

Read more →

Patented.ai has released its introductory tool, LLM Shield that allows companies to safeguard their most sensitive data – proprietary source code, private customer information, unreleased financial data, legal documents, board reports and more – from large language models (LLM), such…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Balancing cybersecurity with business priorities: Advice for Boards In this Help Net Security interview, Alicja Cade, Director, Financial Services, Office of the CISO, Google Cloud,…

Read more →

The last decade of digital transformation has turned most organizations today into true digital businesses. But the effectiveness and economics of cloud operating models have become top concerns. How to best secure, optimize, and automate hybrid cloud environments in the…

Read more →

Onapsis has unveiled a series of new product updates for the Onapsis Platform. Enriched with the threat intelligence, the Onapsis Platform further simplifies business application security for CISOs and CIOs alike with a new Security Advisor, new updates to its…

Read more →

Next DLP has unveiled the addition of ChatGPT policy templates to the company’s Reveal platform, which uncovers risk, educates employees and fulfills security, compliance, and regulatory needs. The launch of these new policy templates is in response to the dramatic…

Read more →

Virsec has unveiled a suite of capabilities that automates the path to zero trust workload protection to increase the speed of protection, stopping attacks—including zero-days—in milliseconds. Its distinctive feature-set strikes the right balance between granular control, ease of onboarding, and…

Read more →

Fraudsters are taking advantage of the widening fraud knowledge gap, outlining the urgent need for banks to educate and protect their customers with technology, according to Feedzai. The report reveals that while 56% of respondents have been a victim of…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Armorblox, Cofense, D3 Security, Sotero, Venafi, Veracode, Versa Networks, and Zyxel Networks. Zyxel SCR 50AXE boosts network security for small businesses and remote workers The…

Read more →

There was a time, not too long ago, when most IT leaders believed shadow IT was a negligible element in their companies. They felt their IT organizations were so in control of what applications were purchased and who was granted…

Read more →

Bugcrowd has released new capabilities in its Penetration Testing as a Service (PTaaS) offering that enables buyers to purchase, set up, and manage pen tests directly online without a need for lengthy sales calls and scoping sessions. PTaaS is one…

Read more →

Cofense has released Cofense Protect+, a fully integrated and automated email security solution specifically designed to protect mid-size organizations from ever-evolving cyber threats. Today’s mid-market organizations are faced with growing attack surfaces and email threats that are increasing in complexity.…

Read more →

Armorblox has released its newest product, Graymail and Recon Attack Protection, developed to decrease the time security teams spend managing graymail and mitigate the security risks from malicious recon attacks. This is in addition to the announcement of new capabilities…

Read more →

Sotero has launched Sotero Ransomware Protection, giving organizations the ability to proactively protect unstructured data from attack by utilizing behavior-based detection. Most currently available ransomware solutions use a signature-based approach that detects only currently known ransomware strains – a method…

Read more →

47% of employees report feeling stressed in their everyday life, but nearly 70% believe their employer would support them in a time of need, according to Mercer Marsh Benefits. The report surveyed over 17,500 employees in 16 markets across the…

Read more →

Talon Cyber Security has integrated the Talon Enterprise Browser with Microsoft Azure OpenAI Service to provide enterprise-grade ChatGPT access to customers. “The productivity gains that ChatGPT enables for organizations are too game changing for us to not make an enterprise-level…

Read more →

Dashlane has unveiled an integration of AWS Nitro Enclaves into its security architecture, starting with the launch of Dashlane Confidential SSO in public beta. Leveraging AWS Nitro Enclaves to create isolated computing environments to further protect and securely process highly…

Read more →

Intruder has joined the Google Cloud Partner Advantage program as a technology partner, giving organisations the ability to easily monitor their cloud systems for potential security breaches and vulnerabilities. As part of the collaboration, customers are able to connect Intruder…

Read more →

Orange Cyberdefense has been selected to carry out cyber crisis management exercises by the GIP SESAN (Groupement Régional d’Appui au Développement de l’eSanté d’Île-de-France) and by CAIH (Centrale d’Achat de l’Informatique Hospitalière) to support healthcare players in the region. These…

Read more →

Too many people have access to company data they don’t need. Also, too many companies focus on authentication (verifying identity) as a security measure and overlook the importance of authorization (verifying right to access). While it’s important to give employees…

Read more →

Almost all IT and security leaders (96%) globally are concerned their organization will be unable to maintain business continuity following a cyberattack, according to Rubrik. Data security is becoming increasingly complex Data security is becoming increasingly complex and the datasets…

Read more →

A recent Code42 report reveals a rapidly growing number of inside risk incidents and a concerning lack of training and technology, further exacerbated by increasing workforce turnover and cloud adoption. In this Help Net Security video, Joe Payne, President at…

Read more →

Venafi has introduced Venafi Firefly, the lightweight machine identity issuer that supports highly distributed, cloud native environments. Part of the Venafi Control Plane for Machine Identities, Firefly enables security teams to easily and securely meet developer-driven machine identity management requirements…

Read more →

NICE Actimize has launched its Suspicious Activity Monitoring (SAM-10) solution. Built to detect more suspicious activity while reducing false positives, NICE Actimize’s SAM-10 introduces enhancements to its anti-money laundering solution, incorporating multiple layers of defense which strengthen the others and…

Read more →

Picus Security has announced the expansion of its continuous threat exposure management (CTEM) solution to help CISOs better answer the question: “what is our cyber risk?”. The company’s new capabilities – Picus Cyber Asset Attack Surface Management (CAASM) and Picus…

Read more →

Worldwide IT and business services revenue is expected to grow (in constant currency) from $1.13 trillion in 2022 to $1.2 trillion in 2023, or 5.7% year-over-year growth, according to IDC. In nominal dollar-denominated revenue based on today’s exchange rate, the…

Read more →

Organizations experienced a significant increase in ransomware – from an average of four attacks over five years in 2021 versus four attacks over the course of one year in 2022, according to ExtraHop. Of those who fell victim, 83% admitted…

Read more →

Tentacle has announced Tentacle AI Control Mapping; a machine learning and natural language processing-fueled feature expected to transform an organization’s ability to centralize and leverage critical cyber security information. AI Control Mapping is the first of a series of machine…

Read more →

VMware has unveiled VMware Cross-Cloud managed services, a set of prescriptive offers with enhanced partner and customer benefits that will enable skilled partners to expand their managed services practices. Cross-Cloud managed services will make building managed services faster for partners…

Read more →

Daon has unveiled TrustX, its next-generation cloud-based platform for identity proofing and authentication to support the creation and deployment of user journeys across their entire digital identity lifecycle. Daon TrustX is optimized by artificial intelligence (AI) and machine learning (ML)…

Read more →

Oracle is introducing new capabilities across Oracle Fusion Cloud Applications Suite that help customers accelerate supply chain planning, increase operational efficiency, and improve financial accuracy. The updates include new planning, usage based pricing, and rebate management capabilities within Oracle Fusion…

Read more →

Digi International has released its latest value-added service — Digi WAN Bonding — to deliver true Gigabit speeds for enhanced network performance. This solution, which is fully integrated into the Digi technology stack, also improves Internet reliability and increases bandwidth…

Read more →

LogRhythm and Zscaler work together to help organizations around the globe increase network insight and address a variety of cloud access security challenges faced by the modern SOC. LogRhythm SIEM and the Zscaler Zero Trust Exchange platform provide visibility and…

Read more →

Looking at configuration data, 56% of decommissioned routers disposed of and sold on the secondary market contained sensitive corporate data, according to ESET. Of the networks that had complete configuration data available: 22% contained customer data 33% exposed data allowing…

Read more →

As cyberattacks increase in frequency and sophistication, small and medium-sized businesses (SMBs) become more vulnerable to cyber threats. Unlike larger enterprises, SMBs often lack the financial and technical resources to secure their networks and data against malicious actors effectively. With…

Read more →

Healthcare, manufacturing, and utilities are suffering long-term financial impact of major cyber attacks, according to ThreatConnect. “With the National Cyber Strategy coming out of the White House focusing on decreasing cyber risk from critical infrastructure and the new SEC Cyber…

Read more →

Destructive ransomware attacks impact enterprises, governments, airlines, hospitals, hotels, and individuals, causing widespread system downtime, economic loss, and reputational damage. In this Help Net Security video, AnnMarie Nayiga, Lead MDR Analyst at Malwarebytes, talks about the dangers of ransomware reinfection.…

Read more →

Mention IT security, and most people immediately think of software-based protections against software-based threats: ransomware, viruses, and other forms of malware. But recognition of the importance of hardware security—upon which all software security is built—is (thankfully) also growing. Established hardware…

Read more →

Versa Networks launched Versa Zero Trust Everywhere, delivering zero trust security for both remote and on-premises users, with optimized user-to-application performance. Hybrid cloud and hybrid work have changed where and how users work, challenging organizations to find ways to secure…

Read more →

With cybersecurity teams struggling to manage the remediation process and monitor for vulnerabilities, organizations are at a higher risk for security breaches, according to Cobalt. As enterprises prioritize efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures…

Read more →

Veracode launches Veracode Fix, a new AI-powered product that suggests remediations for security flaws found in code and open-source dependencies. Shifting the paradigm from merely ‘find’ to ‘find and fix’ “For far too long, organizations have had to choose between…

Read more →

Phylum has added Open Policy Agent (OPA) and continuous reporting to its policy engine. Customers now have more flexibility when creating and enforcing custom policies, and can show compliance with key software supply chain frameworks, regulations and guidelines. “We built…

Read more →

Armis enhanced its Cybersecurity Asset Attack Surface Management (CAASM) Solution giving security teams’ abilities to overcome asset visibility and exposure challenges. Security teams will be able to improve their overall security position by ensuring security controls, security posture, and asset…

Read more →

LastPass has unveiled LastPass University, a training platform featuring live and on-demand coursework to help business administrators, their end users and partners deepen their LastPass product knowledge and password management skills. LastPass University training modules range from basic to comprehensive,…

Read more →

Edgio has released Advanced Bot Management solution that proactively mitigates a wide range of evolving malicious bots while providing observability into good bots. Leveraging massive amounts of data continuously drawn from the platform’s extensive global deployment, Advanced Bot Manager applies…

Read more →

Styra has appointed Mark Pundsack as CEO, effective immediately. Pundsack brings more than thirty years of experience to the role with deep expertise in the software development industry, where he has spent much of his career leading product development teams…

Read more →

DigiCert has unveiled its new unified partner program, designed to provide partners with a comprehensive portfolio that delivers digital trust for the real world. The new program includes more sales motions for all partner types; training, support and tools that…

Read more →

Allurity has closed the acquisition of two new cybersecurity companies, CloudComputing and Securix. The former brings a complete and robust offering in identity, zero trust and information security. The latter adds substantial reinforcement in the areas of identity security, observability…

Read more →

Swimlane announced a strategic partnership with AWS, bringing the power of security automation to AWS environments via a cost-effective solution. The company today also announced Swimlane Turbine is now a cloud-native platform, helping customers automate responses to security data, which…

Read more →

Korea Trade-Investment Promotion Agency (KOTRA) will host 10 Korean cybersecurity companies as Korea Pavilion with Korea Information Security Industry Association (KISIA) at RSA Conference 2023. KOTRA and KISIA will feature companies from across a range of fields including network security,…

Read more →

A well-tuned data breach playbook can provide security teams with a clear roadmap for working through the breach response process. Foreseeing every possible twist and turn of a breach may be impossible, but through extensive wargaming, teams can simulate diverse…

Read more →

In this Help Net Security video, Michael Peters, Principal Software Engineer at Red Hat, discusses how to implement a zero-trust system that uses workload identity across a service mesh in Kubernetes to provide explicit authorization between services, as well as…

Read more →

Within the largest financial institutions, insurers, and retailers, the rise and adoption of AI, an impending recession, and the return of pre-pandemic fraud techniques are driving record rates of fraud attacks for consumers and enterprises alike, according to Pindrop. Researchers…

Read more →

In today’s rapidly evolving technological landscape, it’s more important than ever for Boards and executives to stay informed about the latest advancements and potential risks in technology and digital capability. In this Help Net Security interview, Alicja Cade, Director, Financial…

Read more →

D3 Security has launched its Smart SOAR platform, which expands beyond traditional SOAR with hyperscalable, risk-based autonomous triage and incident remediation across the entire stack. The new capabilities of Smart SOAR build on D3 Security’s designed and maintained integrations, which…

Read more →

Recent warnings by the FBI and FCC have highlighted the risks associated with using public USB chargers. Hackers have created ways to use public USB ports to introduce malware and monitoring software onto the phones of unsuspecting users. Battery Bird‘s…

Read more →

Zyxel Networks enhanced network security and productivity for small and home office users and remote workers with the launch of SCR 50AXE AXE5400 Tri-band WiFi 6E Secure Cloud-managed Router. The new business-class router delivers security and high-performance WiFi 6E as…

Read more →