Category: Help Net Security

BEC attacks are usually aimed at stealing money or valuable information, but the FBI warns that BEC scammers are increasingly trying to get their hands on physical goods such as construction materials, agricultural supplies, computer technology hardware, and solar energy…

Read more →

Cybersecurity is such a complex field that even the best-trained, best-equipped, and most experienced security managers will sometimes struggle to decide which of several paths to take. Let’s consider uncategorized web traffic, for instance. I define this broadly as traffic…

Read more →

Businesses have faced massive disruptions in their workforce – many are requesting employees return to the office, and layoffs are rattling several industries. This disruption in the workforce can open organizations up to significant security breaches. In this Help Net…

Read more →

Despite increased emphasis on cybersecurity from authorities and high-profile breaches, critical gaps in vulnerability management within organizations are being overlooked by executive leadership teams, according to Action1. These gaps leave organizations vulnerable to cyber threats. Key findings Low cybersecurity awareness…

Read more →

93 percent of CISOs are concerned about dark web threats, and almost 72 percent of CISOs believe that intelligence on cybercriminals is “critical” to defend their organization and increase cybersecurity, according to Searchlight Cyber. The report findings show that most…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: These 15 European startups are set to take the cybersecurity world by storm Google has announced the startups chosen for its Cybersecurity Startups Growth Academy.…

Read more →

Opti9 Technologies has launched Observr Software-as-a-Service (SaaS) ransomware detection and standalone managed services – two new standalone service offerings that cater to organizations leveraging Veeam Software. As the complexity of organizations’ IT continues to evolve, technical leaders are increasingly looking…

Read more →

McAfee has expanded partnership with Mastercard to offer Mastercard Business cardholders automatic savings on online protection solutions from McAfee through Mastercard Easy Savings. According to the latest FBI Internet Crime Report, malicious cyber activity resulted in more than $10 billion…

Read more →

Network defenders searching for malicious activity in their Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) cloud environments have a new free solution at their disposal: Untitled Goose Tool. Released by the Cybersecurity and Infrastructure Security Agency (CISA),…

Read more →

Intel has launched the latest Intel vPro platform, which is powered by 13th Gen Intel Core processors and offers a broad range of features, including powerful security measures. The extensive commercial portfolio will offer over 170 laptops, desktops, and entry-level…

Read more →

Over the last several years, endpoints have played a crucial role in cyberattacks. While there are several steps organizations can take to help mitigate endpoint threats – such as knowing what devices are on a network (both on-premises and off-site),…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from ForgeRock, Vectra, Verosint, Vumetric, and Waterfall Security Solutions. Waterfall Security Solutions launches WF-600 Unidirectional Security Gateway Waterfall Security Solutions launched the WF-600 Unidirectional Security Gateway,…

Read more →

MITRE launched its System of Trust risk model manager and established a community engagement group of 30 members. Expanding from its free and open platform, System of Trust now delivers a collaborative community to identify and mitigate threats to supply…

Read more →

Amid economic uncertainty and downturn, organizations are leaning on their technologists to continue to innovate and drive business value, according to Pluralsight. Though 65% of tech team leaders have been asked to cut costs, 72% still plan to increase their…

Read more →

Organizations worldwide pay ransomware fees instead of implementing solutions to protect themselves. The ransom is just the tip of the iceberg regarding the damage a ransomware attack can wreak. In this Help Net Security video, Gerasim Hovhannisyan, CEO at EasyDMARC,…

Read more →

Vectra Match brings intrusion detection signature context to Vectra Network Detection and Response (NDR), enabling security teams to accelerate their evolution to AI-driven threat detection and response without sacrificing investments already made in signatures. “As enterprises transform embracing digital identities,…

Read more →

Zenoss has released advanced identity management capabilities, helping ensure maximum protection of sensitive credentials while in use and at rest throughout the Zenoss Cloud platform. This represents yet another key building block in the security and privacy features Zenoss has…

Read more →

Brivo expands its mobile credential options by introducing support for employee badges in Apple Wallet. Brivo corporate customers can enable employees to add their employee badge to Apple Wallet and simply hold their iPhone or Apple Watch near a reader…

Read more →

Kasm Technologies has partnered with Oracle Cloud Infrastructure (OCI) to offer Workspaces for Oracle, a new Desktop-as-a-Service (DaaS), Remote Browser Isolation (RBI) and Containerized Application Streaming (CAS) solution. This solution combines the benefits of the public cloud with the security…

Read more →

SecureAuth and HashiCorp partnership will enable organizations to leverage SecureAuth’s advanced passwordless authentication and Multi-Factor Authentication (MFA) device recognition. To increase security and deployment velocity for cloud DevOps environments, SecureAuth delivers support for Arculix MFA into the HashiCorp Cloud Platform…

Read more →

BlackBerry and Adobe have partnered to deliver a secure forms solution for mobile. The software solution, which combines BlackBerry UEM and Adobe Experience Manager Forms, is designed for popular mobile device platforms, and meets the rigorous security standards required by…

Read more →

A new Chrome extension promising to augment users’ Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found. While this specific trick isn’t new, this time around the extension also worked as advertised. “Based on…

Read more →

Logged failed logins into a company’s Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. Those credentials can then be used log in to any of the organization’s platforms that…

Read more →

The Transportation Security Administration (TSA) recently issued new cybersecurity requirements for the aviation industry, which follows last year’s announcement for railroad operators. Both announcements are part of the Department of Homeland Security’s effort to improve the nation’s cybersecurity resiliency and…

Read more →

Between January 2021 and October 2022, the EU Agency for Cybersecurity (ENISA) analyzed and mapped the cyber threats faced by the transport sector, identifying prime threats, analyzing incidents, assessing threat actors, analyzing their motivations, and introducing major trends for each…

Read more →

With cybersecurity incidents involving compromised credentials continually the most common cause of a data breach for enterprises – and account takeover for individuals, securing digital identities has become paramount. In this Help Net Security video, Jeff Reich, Executive Director at…

Read more →

Many companies struggle to implement and integrate a bunch of different solutions covering different parts of the IDV process. In fact, according to Regula’s survey, 40% of organizations cite this overly complex technical environment as the largest constraint to deploying…

Read more →

Lightspin launched the Remediation Hub as part of its cloud-native application protection platform (CNAPP) solution. An evolution of Lightspin’s root cause analysis feature, the Remediation Hub provides users the ability to dynamically remediate the most critical cloud environment risks, at…

Read more →

Secureworks bolsters cyber resiliency with launch Of Security Posture Dashboard. Using the 600 billion security events Taegis analyzes daily, the Dashboard empowers customers to understand their cybersecurity posture and how resilient they would be in the face of a cyberattack.…

Read more →

Vumetric Cybersecurity has launched its Penetration Testing as-a-Service (PTaaS) platform, designed to simplify and modernize cybersecurity assessments for organizations of all sizes. The Vumetric PTaaS platform revolutionizes the penetration testing process by providing self-service capabilities that allow organizations to schedule…

Read more →

An average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited, according to Continuity. The findings underscore a significant gap in the state of enterprise…

Read more →

Verosint and Ping Identity partnership enables mutual customers to analyze digital identities across devices at login to determine account fraud risk. Recognized customers are granted a frictionless transaction path, whereas suspicious users are automatically challenged or blocked to prevent fraudulent…

Read more →

Veza announced the appointment of Jason Garoutte as its first Chief Marketing Officer. Garoutte is responsible for building and leading a world-class marketing organization that drives Veza’s continued growth and scale. Garoutte has two decades of marketing and operational leadership…

Read more →

GNOME 44, code-named Kuala Lumpur, is now available. The GNOME Circle now includes many new apps, and both the Software and Files apps have undergone enhancements. The new version features a grid view in the file chooser, improved settings panels…

Read more →

Google has announced the startups chosen for its Cybersecurity Startups Growth Academy. The 15 selected startups are from eight countries and were chosen from over 120 applicants. They have made significant contributions, from securing health applications to protecting educators and…

Read more →

A mere 15% of organizations globally have the ‘mature’ level of readiness needed to be resilient against today’s modern cybersecurity risks, according to a Cisco report. Organizations have moved from an operating model that was largely static – where people…

Read more →

Although OpenAI is an established organization with many years of experience promoting and developing AI systems, the relative immaturity of the ChatGPT application, combined with the lack of security assurance available for OpenAI, can put organizations at risk. In this…

Read more →

“Is cybersecurity recession-proof?” That’s the question on the minds of many security professionals and executives as a possible economic downturn of indeterminate length and severity looms and many organizations are tightening their belts. While research suggests that IT spending is…

Read more →

Not only do security vulnerabilities lurk within software, but they can also be embedded directly into hardware, leaving technical applications open to widespread attack. For their project, the researchers took thousands of microscopic images of microchips. Pictured here is such…

Read more →

Splunk has released innovations to Splunk’s unified security and observability platform to help build safer and more resilient digital enterprises. Splunk’s latest innovations include enhancements to Splunk Mission Control and Splunk Observability Cloud, and the general availability of Splunk Edge…

Read more →

AlertEnterprise has revealed the launch of its new Guardian SOC Insights suite. Powered by the company’s latest developments in AI, including a powerful integration with the OpenAI ChatGPT platform, Guardian SOC Insights is designed to provide actionable data and playbooks…

Read more →

WALLIX has released SaaS Remote Access, the SaaS version of the remote access management technology integrated into WALLIX PAM4ALL, its unified privilege management solution. SaaS Remote Access is designed for organizations – across all sectors and in particular the industrial…

Read more →

Verosint announced a new solution that helps organizations secure their online businesses and protect their customers in the face of ever-growing account fraud. With Verosint, companies can deliver frictionless access to legitimate customers, while blocking or challenging access by suspicious…

Read more →

SailPoint Technologies has rolled out a new non-employee risk management capability based on the company’s January 2023 acquisition of SecZetta. The SailPoint Non-Employee Risk Management solution is available now as an add-on to the SailPoint Identity Security Cloud. The new…

Read more →

Aembit has unveiled its official launch alongside $16.6M in seed financing from cybersecurity specialist investors Ballistic Ventures and Ten Eleven Ventures. Aembit helps companies apply a zero trust security framework to workload access, similar to existing solutions for workforce access,…

Read more →

Cyberattacks often begin with an unsuspecting user clicking on a link that redirects them to a harmful site containing malware. Even the best employee training won’t prevent every mistake. The best way to stop those mistakes from becoming costly cyber…

Read more →

Stratodesk and deviceTRUST announced their security integration partnership. This partnership benefits customers by delivering an additional layer of security for workspace access and authorization. Stratodesk and deviceTRUST collaboration brings customers the most secure endpoint environment accessing corporate workspaces. deviceTRUST complements…

Read more →

Italian luxury sports car maker Ferrari has suffered a data breach and has confirmed on Monday that it “was recently contacted by a threat actor with a ransom demand related to certain client contact details,” but that it won’t be…

Read more →

Malicious threat actors have actively exploited 55 zero-days in 2022 – down from 81 in 2021 – with Microsoft, Google, and Apple products being most targeted. 53 out of 55 allowed attackers to achieve elevated privileges or execute remote code…

Read more →

Half of U.S. businesses say that security is the most influential factor when buying software, according to Capterra’s Security Features Survey. In fact, 45% have stopped using a specific type of software due to security concerns. Businesses are willing to…

Read more →

Hackers are diversifying attack methods, including a surge in QR code phishing campaigns, according to HP. From February 2022, Microsoft began blocking macros in Office files by default, making it harder for attackers to run malicious code. Data collected by…

Read more →

In this Help Net Security video, Liudas Kanapienis, CEO of Ondato, discusses the impact of AI on the future of ID verification and how it is transforming the way identities are being verified. The post The impact of AI on…

Read more →

My mother is 67 years old. She is a brilliant woman, educated and not at all afraid of technology. Yet, when I tried to get her to install Google Authenticator and use multi-factor authentication (MFA) for logging into applications, she…

Read more →

Eurotech announced its newest edge servers with scalable, cybersecurity certified – AI capabilities. Cyber-threats have become endemic and severely expose states and businesses of all sizes to the risk of loss of data, interruption of services, and direct or indirect…

Read more →

ForgeRock announced ForgeRock Enterprise Connect Passwordless, a new passwordless authentication solution that eliminates the need for users to interact with passwords inside large organizations. Enterprise Connect Passwordless is the latest addition to ForgeRock’s passwordless authentication portfolio for consumer and workforce…

Read more →

Mastercard acquired Baffin Bay Networks to better help businesses deal with the increasingly challenging nature of cyber-attacks. Baffin Bay Networks, based in Sweden, adds to Mastercard’s multi-layered approach to cyber security and helps to stop attacks, while mitigating exposure to…

Read more →

Secret Double Octopus partners with Wipro to strengthen passwordless protection against identity-based cyber attacks. Under the new partnership, Wipro’s Cybersecurity and Risk Services (CRS) will use SDO’s Octopus Enterprise technology platform to drive Wipro’s passwordless authentication solution, as part of…

Read more →

Tracking pixels like the Meta and TikTok pixels are popular tools for online businesses to monitor their website visitors’ behaviors and preferences, but they do come with risks. While pixel technology has been around for years, privacy regulations such as…

Read more →

Waterfall Security Solutions launched the WF-600 Unidirectional Security Gateway, an OT security protection against remote cyber attacks. The WF-600 product line is a blend of hardware and software, enabling unbreachable protection at IT/OT interfaces with unlimited visibility into OT networks,…

Read more →

Our reliance on face matching for identity verification is being challenged by the emergence of artificial intelligence (AI) and facial morphing technology. This technique involves digitally creating an image which is an average of two people’s faces, and which can…

Read more →

99% of all businesses across the United States and Canada are mid-sized businesses facing cybersecurity challenges, according to a Huntress report. Aimed to gain insights into organizational structure, resources and cybersecurity strategies, the results contextualize challenges across core functions including…

Read more →

Worldwide spending on security solutions and services is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022, according to IDC. Investments in hardware, software, and services related to cybersecurity are expected to reach nearly $300…

Read more →

Despite the economic uncertainty, 57% of organizations plan to increase their cybersecurity budgets in 2023, according to a survey from Arctic Wolf. This highlights a powerful trend: critical needs like security must be addressed even with IT budgets tightening. As…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Samsung, Vivo, Google phones open to remote compromise without user interaction Several vulnerabilities in Samsung’s Exynos chipsets may allow attackers to remotely compromise specific Samsung…

Read more →

Keysight Technologies introduces the Keysight Digital Learning Suite, a new unified digital learning platform that provides university engineering educators and students with lab tools, resources, and courseware through a single, secure web interface. In response to demands for flexible learning…

Read more →

DataRobot has released DataRobot AI Platform 9.0, along with deeper partner integrations, AI Accelerators, and redesigned service offerings, all centered on helping organizations derive measurable value from their AI investments. “AI has the potential to enhance every aspect of business…

Read more →

KELA has partnered with Snowflake to launch its technical intelligence data on Snowflake Marketplace. KELA’s Technical Cybercrime Intelligence availability on Snowflake Marketplace will enable joint customers to get near-instant, seamless, and secure access to potentially compromised IPs and domains involved…

Read more →

Several vulnerabilities in Samsung’s Exynos chipsets may allow attackers to remotely compromise specific Samsung Galaxy, Vivo and Google Pixel mobile phones with no user interaction. “With limited additional research and development, we believe that skilled attackers would be able to…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Atakama, Elevate Security, Hornetsecurity, HYPR, and ReversingLabs. Hornetsecurity VM Backup V9 protects users against ransomware threats VM Backup V9 has an easy-to-use, intuitive interface that…

Read more →

Cloud environments provide many benefits, primarily involving their ease of scalability and resilience. Those qualities exist because of automation and the easy and straightforward way to leverage that to enhance a cloud environment. While that ease through automation can have…

Read more →

After news broke late last week about Silicon Valley Bank’s bank run and collapse, security researchers started warning SVB account holders about incoming SVB-related scams and phishing attempts. Another reminder: just because caller ID says FDIC, SVB, or a phone…

Read more →

Security experts are increasingly resorting to unauthorized AI tools, possibly because they are unhappy with the level of automation implemented in their organization’s security operation centers (SOCs), according to a study conducted by Wakefield Research. The research demonstrates that embracing…

Read more →

The cybersecurity industry can leverage GPT-3 potential as a co-pilot to help defeat attackers, according to Sophos. The latest report details projects developed by Sophos X-Ops using GPT-3’s large language models to simplify the search for malicious activity in datasets…

Read more →

Elevate Security has released Elevate Identity, its SaaS offering for Identity and Access Management (IAM) Professionals that integrates Elevate’s user risk profiling capability with IAM tools such as Cisco Duo, Crowdstrike Falcon, and Microsoft Azure AD to add a full…

Read more →

Approximately 10-16 percent of organizations have shown evidence of malicious command and control (C2) activities, strongly indicating a network breach within the last year, according to Akamai. Emotet and QSnatch Akamai observes nearly seven trillion DNS requests daily and classifies…

Read more →

Atakama unveiled its new Multifactor Encryption platform, Atakama Enterprise, featuring the Atakama Intelligence Center. Atakama’s Multifactor Encryption combines advanced Distributed Key Management (DKM) with the proven concept of multi-device authentication for a progressive security solution that challenges the status quo…

Read more →

HYPR announced its newest offering, Enterprise Passkeys for Microsoft Azure and integrated with Microsoft Entra. This new technology turns any smartphone into a FIDO2 virtual security key, providing authentication flexibility, user convenience and security while eliminating the complexity and cost…

Read more →

Perception Point has added browser-centric Data Loss Prevention (DLP) capabilities to its Advanced Browser Security extension. The Browser Security plugin provides comprehensive security measures and granular controls to safeguard corporate assets from loss, misuse, and unauthorized access. Working in the…

Read more →

Dell Technologies has unveiled new security services and solutions to help organizations protect against threats, respond to attacks and secure their devices, systems and clouds. Seventy-two percent of IT business leaders and professionals believe the changing working world exposes their…

Read more →

BigID has introduced purpose-built AI and ML-based data discovery and classification capabilities designed to detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets – including as API keys, tokens, usernames and passwords, and security…

Read more →

Trustwave and Trellix have formed a strategic partnership to bring visibility and more precise detection and response to security teams defending against cyberthreats. Trustwave’s Managed Detection and Response (MDR) provides enterprises across the globe with 24×7 monitoring, detection, and response…

Read more →

Veeam Software has unveiled a strategic partnership with Carahsoft Technology. Under the agreement, Carahsoft will serve as Veeam’s preferred public sector distributor, expanding public sector access to the Veeam Data Platform (VDP), which provides customers with the data security, data…

Read more →

Through CyberGRX and ServiceNow integration, ServiceNow Vendor Risk Management customers will have access to CyberGRX’s extensive third-party risk data, enabling them to prioritize risk actions and maintain constant visibility on emerging third-party threats. Organizations work with multiple vendors, partners and…

Read more →

OffSec released the 2023 edition of Penetration Testing with Kali Linux (PEN-200). This new version, which incorporates the latest ethical hacking tools and techniques through real-world penetration testing simulations, offers many improvements and additions, including new Learning Modules and Learning…

Read more →

Hornetsecurity launched VM Backup V9 – the newest version of its virtual machine (VM) backup, replication and recovery solution. This latest iteration offers ransomware protection leveraging immutable cloud storage on Wasabi and Amazon S3, with Microsoft Azure soon to follow.…

Read more →

Appian introduced Appian Protect, a new set of security offerings that delivers reliable data monitoring and end-to-end encryption for cloud and mobile applications. Appian Protect gives Appian customers increased control over their security posture, with top-tier encryption capabilities, 24x7x365 monitoring,…

Read more →

AWS has been offering Amazon Linux, a cloud-optimized Linux distribution, since 2010. This distribution’s latest version is now available. Amazon Linux 2023 is provided at no additional charge. Standard Amazon EC2 and AWS charges apply for running EC2 instances and…

Read more →

Cyber attribution is a process by which security analysts collect evidence, build timelines and attempt to piece together evidence in the wake of a cyberattack to identify the responsible organization/individuals. Cyber threat attribution stems from the core psychology of a…

Read more →

1,450 global consumers’ experiences with passwordless authentication, hybrid identities, and ownership over personally identifiable information reveal that they want more convenience when it comes to identity credentials, according to Entrust. “The pace of commerce and business is moving faster than…

Read more →

Phishing attacks have become increasingly prevalent and sophisticated, making it more difficult for individuals to protect themselves from these scams. In this Help Net Security video, Ofek Ronen, Software Engineer at Perception Point, discusses two-step phishing attacks, which are not…

Read more →

Unpatched vulnerabilities are responsible for 60% of all data breaches. The Department of Homeland Security has estimated that the proportion of breaches stemming from unpatched flaws may be as high as 85%. Timely patching is an important aspect of managing…

Read more →

While 93% of CIOs expect an increase in IT budgets for 2023, 83% of them are feeling pressured to stretch their budgets even further than before, with a focus on managing cloud costs more efficiently and addressing the growing issue…

Read more →

With the rise of faster multi-gig internet speeds now available to more and more households, the growing number of connected devices per family and the ever-increasing growth of bandwidth hungry 4K/8K video streaming, HD Zoom calls, hybrid collaborative graphics-intensive work,…

Read more →

Neurotechnology has released MegaMatcher 13.0 that provides a range of products for developing multi-biometric solutions that require high accuracy, speed and scalability. The latest release features MegaMatcher SDK, MegaMatcher Accelerator and MegaMatcher ABIS updates and improvements and adds a new…

Read more →

ReversingLabs has unveiled new secrets detection features within its Software Supply Chain Security (SSCS) platform. ReversingLabs improves secrets detection coverage by providing teams with the context and transparency needed to prioritize developers’ remediation efforts, reduce manual triage fatigue, and improve…

Read more →

Cloudflare is entering the fraud detection market to help businesses identify and stop online fraud – including fraudulent transactions, fake account signups, account takeover attacks, and carding attacks – before it impacts their brand or their bottom line. Powered by…

Read more →

ESET researchers have uncovered a compromise of an East Asian data loss prevention (DLP) company. The attackers utilized at least three malware families during the intrusion, compromising both the internal update servers and third-party tools utilized by the company. This…

Read more →

If you are developing a modern medical, manufacturing, or logistics facility, there’s no doubt that a large portion of your investment was made into the electronic aspects of your device. Sensors, connected devices, and machinery are synchronized to deliver a…

Read more →

So, you want to deploy Kubernetes in an air-gapped environment, but after months of grueling work, you’re still not up and running. Or maybe you’re just embarking on the journey but have heard the horror stories of organizations trying to…

Read more →

As server-side security advances, more attackers are exploiting vulnerabilities and launching malicious attacks through the less protected and seldom monitored client-side supply chain. Unfortunately, because of these attacks’ sophisticated and subtle nature, they can be hard to detect until it’s…

Read more →