Category: Help Net Security

Recent warnings by the FBI and FCC have highlighted the risks associated with using public USB chargers. Hackers have created ways to use public USB ports to introduce malware and monitoring software onto the phones of unsuspecting users. Battery Bird‘s…

Read more →

Zyxel Networks enhanced network security and productivity for small and home office users and remote workers with the launch of SCR 50AXE AXE5400 Tri-band WiFi 6E Secure Cloud-managed Router. The new business-class router delivers security and high-performance WiFi 6E as…

Read more →

Imperva and Fortanix signed a partnership agreement, and have each joined the other’s strategic partner program. This partnership brings together two innovative and trusted cybersecurity companies focused on multicloud data protection. The joint offerings from Imperva and Fortanix will provide…

Read more →

lockr has raised $2.5M in pre-seed funding. Mozilla Ventures, Junction Venture Partners, and Grit Capital Partners participated, along with individuals from the digital publishing and data industries. Founded by Keith Petri, an experienced data management executive with two prior 8-figure…

Read more →

Mobb has raised $5.4M in seed funding led by Angel Investor Ariel Maislos and joined by MizMaa Ventures, Cyber Club London and additional investors from US, EU, and Israel. The company has also launched a free community version that allows…

Read more →

With the economy experiencing instability and decline, organizations rely on their technology experts to maintain their innovative edge and generate business value. Despite being instructed to reduce expenses by 65% of the technology team leaders, 72% still intend to boost…

Read more →

Fraudsters are underestimating the power of AI to detect fake IDs, according to a new report from Ondato. Based on an analysis of millions of ID verifications carried out for its customers in 2022, Ondato found that ID cards were…

Read more →

Across all BEC attacks seen over the past year, 57% relied on language as the main attack vector to get them in front of unsuspecting employees, according to Armorblox. In other trends to watch, vendor compromise and fraud are rising…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Making risk-based decisions in a rapidly changing cyber climate In this Help Net Security interview, Nicole reveals the three key indicators she uses to assess…

Read more →

Snowflake has launched the Manufacturing Data Cloud, which enables companies in automotive, technology, energy, and industrial sectors to unlock the value of their critical siloed industrial data by leveraging Snowflake’s data platform, Snowflake- and partner-delivered solutions, and industry-specific datasets. The…

Read more →

CYFIRMA has raised a Pre-Series B round funding from venture fund OurCrowd and Larsen & Toubro’s L&T Innovation Fund. With this, these firms join CYFIRMA’s existing investors Goldman Sachs, Zodius Capital, and Z3 Partners. With the closing of this round,…

Read more →

Khoros and Cerby new partnership allows brands to launch, manage, and analyze their social media profiles quickly and securely from the Khoros platform. Cerby brings security features such as single sign-on (SSO) directly into social accounts and ad accounts for…

Read more →

Tentacle announced a SOC 2 partnership with Oread Risk & Advisory to help organizations achieve SOC 2 reporting goals and establish long-term security infrastructure. With Tentacle’s release of the indexed SOC 2 security framework earlier this year, organizations have access…

Read more →

UltraViolet Cyber has unveiled its launch to provide organizations across the globe with a streamlined approach to address the ever-expanding cyber threat. Created through the combination of four pioneering firms — Metmox, Mosaic451, Stage 2 Security, and W@tchTower — UltraViolet Cyber…

Read more →

Daon is expanding its IdentityX to the healthcare industry to enable organizations to safeguard identities for providers, staff, and patients. As the healthcare industry continues to digitize sensitive healthcare online information, cyber attacks increase and new regulations are established, Daon’s…

Read more →

Cobalt Iron has updated its Compass enterprise SaaS backup platform with new data governance capabilities comprising policy-based controls and an approval framework for decommissioning systems and deleting data. The automation and policy-based discipline for system decommissioning and associated data deletion…

Read more →

Votiro has integrated with Sumo Logic to enable reliable and secure cloud-native applications. Users can now send high-fidelity data and insights discovered by Votiro Cloud into the Sumo Logic Cloud SIEM console. Enterprises are relying on collaboration platforms, cloud workloads…

Read more →

Riskified has unveiled its partnership with Deloitte to empower merchants with real-time insight into how their chargebacks, approval rates and fraud costs compare to similar companies in their space. This benchmarking service is helping retailers formulate a scorecard that can…

Read more →

Thales has joined forces with around twenty deep tech, academic and industry partners, as part of the EuroQCI initiative (European Quantum Communication Infrastructure), which aims to deploy a quantum communication infrastructure for EU member states within three years. By 2040,…

Read more →

WhatsApp will be rolling out three new security features in the coming months, to provide users with increased privacy and control over their messages and to help prevent unauthorized account access and takeover. The new features The first feature is…

Read more →

Cybercriminals have been leveraging social engineering techniques to impersonate the popular US-based digital payments network Zelle and steal money from unsuspecting victims, according to Avanan. The fake Zelle email (Source: Avanan) The phishing email The spoofed email is cleverly crafted…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from BigID, Binarly, Cynalytica, GitGuardian, Netskope, Searchlight Cyber, ThreatX, and Wazuh. Cynalytica OTNetGuard provides visibility into critical infrastructure networks Cynalytica has launced its Industrial Control System…

Read more →

How are data teams conquering the complexity of the modern data stack? Unravel Data has asked 350+ data scientists, engineers, analysts, and others who rely upon real-time data insights for decision-making to share their practices. “For the third year in…

Read more →

On average, organizations store 61% of their sensitive data in the cloud, and most have experienced at least one cybersecurity breach (90%), threat (89%) and/or theft of data (80%), with 75% experiencing all three, according to Skyhigh Security. Overall, the…

Read more →

The illicit market for crypto giveaway scams has expanded, offering various services to facilitate fraudulent activity. The proliferation of fake crypto giveaways can be attributed to the increased availability of tools for scammers, even those with limited technical skills. In…

Read more →

Cymulate has expanded its Attack Surface Management (ASM) solution to close gaps between traditional vulnerability management and ASM. Organizations will now have advanced capabilities to easily visualize risky exposures across hybrid environments. The company achieves this by extending its coverage…

Read more →

Cerbos has released Cerbos Cloud, a managed service offering for Cerbos. Cerbos is an open source authorization layer to easily implement roles and permissions in software applications. It separates authorization logic from the core application code, making the authorization layers…

Read more →

Code42 Software has offered a complete set of response controls to allow security teams to respond to all levels of risk, ranging from unacceptable high risk that must be blocked to the most prevalent user mistakes that require correction. Instructor…

Read more →

Entrust is supporting organizations’ zero trust journey with new foundational identity, encryption, and key management solutions. “Zero trust approaches are reshaping security in a perimeter-less world. While the conversation often starts with identity and network access, organizations are quickly finding…

Read more →

Qwiet AI has released a suite of targeted AppSec and DevSecOps services that help companies address their security function needs without sacrificing time and budget. “We often hear of the notion of doing more with less. However, in today’s environment…

Read more →

DirectDefense has partnered with Claroty which empowers organizations with visibility, protection, and threat detection to secure their Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments. As digital transformation efforts have intensified…

Read more →

SentinelOne has unveiled integrations with key industry players Aruba, Checkpoint, Cisco, Darktrace, Extrahop, Fortinet, Palo Alto Networks and an enhanced collaboration with Vectra AI which expand the company’s firewall and NDR capabilities, and will allow organizations of all sizes to…

Read more →

Google has announced the Google Cloud Assured Open Source Software (Assured OSS) service, which aims to be a trusted source of secure open source packages, and the deps.dev API, which provides access to security metadata for 50+ million open source…

Read more →

To combat the surge of fake LinkedIn accounts in recent years, Microsoft has introduced Entra Verified ID, a new feature that allows users to verify their workplace on the business-focused social media platform. Verified ID automates verification of identity credentials…

Read more →

It used to be that people were the greatest cybersecurity vulnerability, but this is no longer true. The rise of the internet made people more connected than ever. Attackers capitalized on that fact and targeted employees directly to gain access…

Read more →

With over one billion websites worldwide, HTTP/HTTPS application-layer attacks have increased by 487% since 2019, with the most significant surge in the second half of 2022, according to NETSCOUT. The dynamic nature of the DDoS threat landscape Much of the…

Read more →

For the fifth consecutive month, IDC has lowered its 2023 forecast for worldwide IT spending as technology investments continue to show the impact of a weakening economy. 2023 forecast for worldwide IT spending In its monthly forecast for worldwide IT…

Read more →

Access control has become a main concern when it comes to developing secure web applications, and the NSA has a lot to say about it. Especially when it comes to the biggest access management pitfall developers make. In 2021 OWASP…

Read more →

Regula has redesigned Face SDK face liveness detection technology and offers a balance between a simple UX and high reliability by using the zero-trust concept. Every session has its own unique parameters that cannot be reused by fraudsters for tampering,…

Read more →

Binarly has released the Binarly Transparency Platform, delivering transparency for device supply chains enabling device manufacturers and endpoint protection products to analyze both firmware and hardware to identify vulnerabilities, misconfigurations, and malicious code implantation. The Binarly Transparency Platform is designed…

Read more →

Searchlight Cyber has launched Stealth Browser, a virtual machine for cyber professionals to access the dark web and conduct investigations anonymously, without risk to themselves or their organization. Stealth Browser is an enhancement to Searchlight’s Cerberus investigation platform, which is…

Read more →

Fleet has revealed a new programmable MDM, designed to give medium-to-large organizations control of remote workstation security with unsurpassed GitOps and workflow automation. Fleet’s availability as an open-source MDM not only makes it more accessible to organizations working to reduce…

Read more →

CloudCasa by Catalogic launched CloudCasa for Velero, a new offering that combines the simplicity of the service and its advanced cloud awareness with the benefits of Velero. CloudCasa for Velero gives enterprises and service providers the ability to scale their…

Read more →

The Edgio Applications Platform v7 new integrated performance and security features are designed to increase organizational revenues and accelerate developer team velocity through better website performance and multi-layer security. Through the integrated, unified platform, Edgio reduces the need for multiple…

Read more →

Wazuh launched Wazuh 4.4, the latest version of its open source security platform. The latest version adds multiple new features, including IPv6 support for the enrollment process and agent-manager connection, and support for Azure integration within Linux agents. Today’s leading…

Read more →

Cynalytica has launced its Industrial Control System (ICS/SCADA) monitoring sensor, OTNetGuard, that passively and securely captures analog, serial, and IP communications closing the capabilities gap in complete monitoring of OT networks. With the increasing frequency and sophistication of cyberattacks targeting…

Read more →

Rezonate’s ITDR offering detects and responds to active identity threats using both common and sophisticated techniques missed by traditional IAM solutions and endpoint controls. The continuous changes in identities and access privileges across multiple tools and teams at every stage…

Read more →

Armis has formed a strategic partnership and integration with TrueFort to empower customers by enriching the discovery, understanding, and enforcement of security policies for IT, Internet of Things (IoT), and operational technology (OT) environments. “Customers have shared with us just…

Read more →

Syncro has launched a new agreement with Proofpoint to enable Syncro’s MSP partners to offer their customers access to Proofpoint’s email security and security awareness training solutions. “This reseller agreement not only allows our MSPs to give their customers superior…

Read more →

The Cloud Security Alliance (CSA) has announced that registration has opened for the CSA Summit 2023: Mission Critical (San Francisco, April 24) held in conjunction with the RSA Conference. Tima Soni, Chief and Head of the Valencia office of the…

Read more →

Concentric AI has launched its new channel partner program which is aimed at enabling partners’ growth and success delivering the leading solution in the rapidly expanding AI-powered data risk management market to improve customers’ security posture. With Concentric AI’s partner…

Read more →

Raytheon Technologies’ BBN division and SpiderOak have formed a strategic partnership to develop and field a new generation of zero-trust security systems for satellite communications in proliferated low-Earth orbit, or pLEO. SpiderOak’s OrbitSecure solution will be combined with Raytheon BBN’s…

Read more →

The Connectivity Standards Alliance released Zigbee PRO 2023 of the Zigbee protocol stack. The revision brings several enhancements and new features to the technology, allowing mesh networks to have a universal language that enables smart objects to work together. What’s…

Read more →

Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API encryption keys, passwords, and certificates. The vulnerability was an SQL injection vulnerability that potentially could lead to…

Read more →

The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. What happened? The breach did not happen due to a vulnerability. Instead, an unknown attacker used the account of a…

Read more →

3CX has released an interim report about Mandiant’s findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting cryptocurrency companies. They discovered that: The attackers infected targeted 3CX systems with TAXHAUL (aka…

Read more →

GitGuardian launched its new Honeytoken module, providing intrusion detection, code leakage detection and helping companies secure their software supply chains against attackers targeting Source Control Management (SCM) systems, Continuous Integration Continuous Deployment (CI/CD) pipelines, and software artifact registries. “Honeytoken is…

Read more →

The CISO role is currently fraught with novel challenges and escalating workloads. This includes increased paperwork and time spent on risk assessments, which have surged from two to thirty hours per assessment. Furthermore, privacy regulations are expanding, and CISOs are…

Read more →

Cybersecurity threats to organizations are only increasing, not only in number but in scope, according to Team Cymru. The true cost of cyber breaches Proactive threat hunting helps organizations save money by preventing security breaches and reducing the impact of…

Read more →

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to Red Access.…

Read more →

The Qualys Threat Research Unit (TRU) has been hard at work detecting vulnerabilities worldwide, and its latest report is set to shake up the industry. In this Help Net Security interview, Travis Smith, VP of the Qualys TRU, talks about…

Read more →

Netskope unveiled its brand new Endpoint SD-WAN to provide secure, optimized access to endpoint devices from anywhere. Netskope Endpoint SD-WAN will leverage the industry’s first software-based unified SASE client, converging SD-WAN and Security Service Edge (SSE) capabilities so organizations can…

Read more →

AutoRABIT has enhanced their data and metadata security offerings by refining existing products, adding new features, and emphasizing the importance of a full-featured approach to Salesforce DevSecOps. Security continues to be an increasingly difficult consideration. The advent of tools being…

Read more →

11:11 Systems has revealed general availability of 11:11 Managed SteelDome in partnership with SteelDome Cyber. The fully managed service is designed for organizations in need of secure, scalable and cost-efficient storage of their unstructured, on-premises data. Leveraging SteelDome’s InfiniVault application…

Read more →

Xerox has unveiled new and upgraded solutions to improve productivity and security for hybrid workers. These include technologies designed for any organization to advance user experience, make the office a highly productive workplace choice, and enhance security wherever work happens.…

Read more →

In his role as Trelix’s CMO, Ash Parikh will lead global marketing teams to drive brand awareness, demand generation, and go-to-market strategies of the XDR market leader. “Trellix’s XDR platform is helping our customers bolster their cybersecurity programs,” said Bryan…

Read more →

Flashpoint has expanded its partnership with Google Cloud to deploy next-generation intelligence solutions, including generative AI, within the Flashpoint product suite. This initiative will revolutionize how organizations detect security threats and reduce risk, in support of better, faster, and more…

Read more →

It’s April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day (CVE-2023-28252). About CVE-2023-28252 CVE-2023-28252 is a vulnerability in the Windows Common Log File System (CLFS) that allows attackers to gain SYSTEM…

Read more →

Sextortion victims are already in a vulnerable position, and shady companies are taking advantage of this vulnerability to offer “sextortion assistance” services for huge sums – services that they may be unable to render or that won’t help the victims…

Read more →

BigID launched ML-powered solution for finding duplicate and similar data content. The innovative technology uses AI to locate both similar and duplicate data on any data set, enabling organizations to identify duplicate data as well as redundant, obsolete, or trivial…

Read more →

Syxsense has released new updates to the Syxsense product suite designed to extend automated workflow capabilities, improve usability, and enhance overall platform security. Key to this release is the introduction of Cortex Sequences, which uses the power of automation to…

Read more →

ThreatX has unveiled ThreatX Runtime API & Application Protection (RAAP). This patent-pending capability goes beyond basic observability to extend threat detection, tracking and blocking to customers’ runtime environments, without slowing developers or requiring expertise in cloud-native applications. As organizations transition…

Read more →

Apple has pushed out security updates that fix two actively exploited zero-day vulnerabilities (CVE-2023-28205, CVE-2023-28206) in macOS, iOS and iPadOS. Reported by researchers Clément Lecigne of Google’s Threat Analysis Group (TAG) and Donncha Ó Cearbhaill, the head of Amnesty International’s…

Read more →

While applications like Slack and Teams have transformed how we collaborate and communicate, cybersecurity training has not kept pace with these advancements. Most security training is still being delivered through web-based learning management systems, according to CybSafe. Often, important security…

Read more →

Nicole Darden Ford is Global VP & CISO at Rockwell Automation. As the company’s cybersecurity leader, Nicole is entrusted to protect enterprise IT assets with scalable, future-ready platforms that enable the business. In addition to building cybersecurity programs for organizations…

Read more →

Adversaries don’t need to use sophisticated methods to gain access to enterprise systems or to deploy ransomware – they can just buy or steal credentials and log in. By burdening users with the near-impossible task of maintaining “secure passwords,” businesses…

Read more →

As criminal groups increase in size, they adopt corporate-like behavior, but this shift brings about its own set of challenges and costs, according to Trend Micro. “The criminal underground is rapidly professionalizing – with groups beginning to mimic legitimate businesses…

Read more →

Data Subject Requests (DSRs), which are formal requests made by individuals to access, modify, or delete their personal data held by a company, increased by 72% from 2021 to 2022. The increase was primarily driven by deletion and access requests,…

Read more →

MSPs are focusing on automation and integration between their core tools to improve efficiency, service delivery and cost management, according to Kaseya. Automation, cybersecurity and integration About 90% of respondents hailed automation as a crucial technology for their business because…

Read more →

People reveal more personal information when you ask them the same questions a second time – according to new research from the University of East Anglia. A new study reveals how simple repetition can make people over-disclose, and potentially put…

Read more →

Global 5G wireless connections increased by 76% from the end of 2021 to the end of 2022, reaching up to 1.05 billion, and it will touch a mark of 5.9 billion by the end of 2027, according to Omdia and…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Passbolt: Open-source password manager for security-conscious organizations In this Help Net Security interview, Kevin Muller, CEO at Passbolt, delves into the critical concerns linked to…

Read more →

Cryptocurrency thieves are targeting users of Chromium-based browsers – Google Chrome, Microsoft Edge, Brave Browser, and Opera – with an extension that steals credentials and can grab multi-factor authentication (MFA) codes. The malicious extension Dubbed Rilide by Trustwave researchers, the…

Read more →

Phishers are targeting YouTube content creators by leveraging the service’s Share Video by Email feature, which delivers the phishing email from an official YouTube email address (no-reply@youtube.com). How the YouTube phishing email scam works? The email informs the targets of…

Read more →

93% of organizations find the execution of some essential security operation tasks, such as threat hunting, challenging, according to Sophos. IT professionals face challenging security operation tasks These challenges also include understanding how an attack happened, with 75% of respondents…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Guardz, Malwarebytes, Obsidian Security, and Stamus Networks. Malwarebytes unveils WorldBytes to help users reveal the hidden cyber threats around them Powered by Malwarebytes and AI…

Read more →

The answer to the question “Why does software continue to have so many vulnerabilities?” is complex, because the software itself is so complex. There’ve been many articles written that cover the lack of tools to test for vulnerabilities, the security…

Read more →

40% of senior cybersecurity decision makers effectively prioritize risks to Payment Card Industry Data Security Standard (PCI DSS) 4.0 compliance, according to Titania. The study highlights that oil and gas, telecommunications, and banking and financial services organizations are prime targets…

Read more →

Organizations follow a reactive approach to cybersecurity which is stifling their progress in demonstrating value and aligning with business outcomes, according to WithSecure. 83% of respondents surveyed in the study were interested in, planning to adopt, or expanding their adoption…

Read more →

Workspot has launched Workspot Global Desktop, a capability that creates a way for enterprises to deliver end-user computing with the ultimate availability. Through a multi-cloud (private and public) and multi-region approach, the company provides enterprises with a Cloud PC that…

Read more →

The new McAfee+ product suite, launched in Italy, allows users access to identity restoration and lost wallet assistance, as well as the ability to secure all their devices with award-winning protection against threats and viruses. As part of the new…

Read more →

AuthenticID has revealed the launch of its identity document liveness detector. This feature enhancement validates the actual, physical presence of identity documents when used as part of the identity verification process. AuthenticID’s identity document liveness detector utilizes advanced AI and…

Read more →

LastPass has expanded availability of its Security Dashboard and associated dark web monitoring and alerting, making it the only password manager providing proactive credential monitoring for all customers, including those using the product for free. The Security Dashboard is the…

Read more →

In a tightening economic market, addressing enterprise performance can help organizations better weather challenges by reducing costs, creating efficiencies, and coming in on schedule while improving overall quality. ISACA’s Capability Maturity Model Integration, or CMMI, has been doing just that…

Read more →

An unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check Point researchers have found. The solution in question is Palo Alto Networks’ Cortex…

Read more →

Google Play will be pushing Android app developers to allow users to delete their account and associated data from within the app. Users will also be given the option to only delete data where applicable, as some data needs to…

Read more →

Resecurity has recently identified the STYX Innovation Marketplace, a new cybercriminal e-commerce platform with a specialized focus on financial fraud and money laundering. STYX launched at the beginning of 2023. This platform is specifically designed to facilitate financial crime, providing…

Read more →

To help customers stay ahead of the emerging cybersecurity threats, fulfill regulatory and compliance requirements, and implement intelligent automation to accelerate internal processes and reduce operational costs, ImmuniWeb has unveiled many updates. ImmuniWeb AI platform: New CI/CD and DevSecOps integrations…

Read more →

Organizations globally are under tremendous pressure to address evolving threats like ransomware, zero-day vulnerabilities, and espionage, and they face challenges in extending security coverage across multiple environments and dealing with an ongoing skills shortage, according to Bitdefender. “The results of…

Read more →

Researchers at the University of Surrey have developed software that can assess the amount of data that an artificial intelligence (AI) system has acquired from a digital database of an organization, in response to the increasing global interest in generative…

Read more →