Elastic, the company behind Elasticsearch and the Elastic Stack, announced it will showcase its integrated threat prevention, collection, detection, and response solution at the RSA Conference 2020. Elastic released its integrated security offering, Elastic Security 7.6.0, which builds on the…
Tag: Help Net Security
Checkmarx simplifies AST automation for modern development and DevOps environments
Checkmarx, the global leader in software security solutions for DevOps, announced at the RSA Conference 2020 new enhancements to its market-leading Software Security Platform to empower more seamless implementation and automation of application security testing (AST) in modern development and…
Infoblox announces enterprise best practices for DoT/DoH
Infoblox, the leader in Secure Cloud-Managed Network Services, announced Enterprise best practices on DNS over TLS (also known as DoT) and DNS over HTTPS (DoH). These DoT/DoH guidelines are based on Infoblox’s longtime commitment to providing customers with DDI services…
A new RCE in OpenSMTPD’s default install, patch available
Less than a month after the patching of a critical RCE flaw in OpenSMTPD, OpenBSD’s mail server, comes another call to upgrade to the latest version, as two additional security holes have been plugged. Discovered by Qualys researchers, one is…
Researchers trick autonomous car autopilot with phantom images
Researchers from Ben-Gurion University of the Negev’s (BGU) Cyber Security Research Center have found that they can trick the autopilot on an autonomous car to erroneously apply its brakes in response to “phantom” images projected on a road or billboard.…
Review: Specops Key Recovery
Mobile device use continues to grow, while an increasingly mobile and remote workforce depends heavily on laptops. To secure those devices, organizations need to implement client-side security controls. One of the more pressing risks linked to the use of mobile…
ENISA publishes procurement guidelines for cybersecurity in hospitals
The EU Agency for Cybersecurity (ENISA) published a cybersecurity procurement guide for hospitals. The hospital is a vast ecosystem comprised of an entire network of devices, equipment and systems that often require connection to external systems, making monitoring and control…
Cybersecurity hiring challenges and retention issues demand new talent pipelines
Cybersecurity teams continue to struggle with hiring and retention, and very little improvement has been achieved in these areas since last year, according to ISACA. Understaffed and lacking diversity ISACA’s 2020 State of Cybersecurity survey report, unveiled at RSA Conference…
Cloud-based collaboration tools are a major driver of data exfiltration
Cloud-based collaboration technologies and workforce turnover have become major drivers of data exfiltration as insider threat programs fail to keep pace with today’s digital workplace, a Code42 survey reveals. Nearly 5,000 knowledge workers at companies with more than 1,000 employees…
The importance of risk reduction for robotic process automation
Less than half of organizations have a privileged access management strategy in place for digital transformation technologies, like RPA, according to a CyberArk report. The report provides practical recommendations from information security executives based on their first-hand experiences. They share…
eSentire Annual Threat Intelligence Report: 2019 Perspectives and 2020 Predictions
Eliminate guesswork and get in-depth insights and practical recommendations for navigating the ever-changing cybercrime landscape. This data-laden, incident-rich report delivers insider information on the players, their motivations, tactics and targets so you can make informed security strategy decisions. Key insights…
Cisco SecureX unifies visibility, identifies unknown threats, and automates workflows
Cisco, the leader in enterprise security, unveiled at RSA Conference 2020 a radical simplification of the way customers experience Cisco Security’s portfolio and addresses complexity — one of the top pain points for CISOs. Building on a decade of significant…
CrowdStrike Endpoint Recovery Services: Accelerating business incident recovery
CrowdStrike, a leader in cloud-delivered endpoint protection, announced CrowdStrike Endpoint Recovery Services at RSA Conference 2020. The new offering combines the power of the CrowdStrike Falcon platform, threat intelligence, and real-time response to accelerate business recovery from cyber intrusions. For…
Sumo Logic Cloud SIEM Enterprise: Helping SOC personnel to better manage real security events
Sumo Logic, the leader in continuous intelligence, announced the availability of its new Cloud SIEM Enterprise offering, which includes a rich set of capabilities to ease the burden on security operations center (SOC) personnel. The new capabilities help identify and…
FireEye expands Helix platform capabilities and launches FireEye Messaging Security
FireEye, the intelligence-led security company, announced new cloud security innovations at RSA Conference 2020, including expanded capabilities within the FireEye Helix platform, as well as FireEye Messaging Security – a new offering that protects collaboration tools such as Microsoft Teams…
F5 delivers multi-cloud security solutions for apps, services
F5 introduced at RSA Conference 2020 its customer-focused approach to Application Protection, bolstered by new offerings and the company’s recent acquisition of Shape Security. Informed by customer use cases, prominent industry attack practices, and threat intelligence from F5 Labs, F5’s…
McAfee announces eight new partnerships and seven newly-certified integrations
McAfee, the device-to-cloud cybersecurity company, announced substantial headway with its partner program. Eight new partnerships and seven new certified integrations to McAfee Security Innovation Alliance (SIA) and McAfee CASB Connect Program give organizations a competitive advantage to secure people, devices…
Anitian enhances its Cloud Security Platform with compliance documentation automation
Anitian, a leading cloud security and compliance automation provider, announced Documentation Automation, an enhancement to its Cloud Security Platform that automates documentation for the most stringent compliance standards. This enhancement further delivers on Anitian’s promise to deliver unrivaled time-to-compliance and…
CyberArk Endpoint Privilege Manager enhanced with new deception feature
Today, at RSA Conference 2020 in San Francisco, CyberArk released the industry’s first privilege-based deception capabilities designed to defend against credential theft on workstations and servers. Local administrator rights are often left on endpoints, making them attractive targets for attackers…
OpenDXL Ontology: An open source language for connecting cybersecurity tools
The Open Cybersecurity Alliance (OCA) today announced the availability of OpenDXL Ontology, the first open source language for connecting cybersecurity tools through a common messaging framework. With open source code freely available to the security community, OpenDXL Ontology enables any…
Changing the mindset of the CISO: From enforcer to enabler
With digital transformation investments expected to reach a staggering $7.4 trillion before 2023, organizations realize that they must disrupt their markets or risk being disrupted themselves. However, with digital transformation comes a multitude of cybersecurity-related challenges to overcome, and it’s…
By exploiting an LTE vulnerability, attackers can impersonate mobile phone users
Exploiting a vulnerability in the mobile communication standard LTE, researchers at Ruhr-Universität Bochum can impersonate mobile phone users. Consequently, they can book fee-based services in their name that are paid for via the mobile phone bill – for example, a…
Users still engaging in risky password, authentication practices
IT security practitioners are aware of good habits when it comes to strong authentication and password management, yet often fail to implement them due to poor usability or inconvenience, according to Yubico and Ponemon Institute. The conclusion is that IT…
Increased monetization means more ransomware attacks
Organizations are detecting and containing attacks faster as the global median dwell time, defined as the duration between the start of a cyber intrusion and it being identified, was 56 days. This is 28% lower than the 78-day median observed…
Organizations lack confidence in their network security
IoT is barreling toward the enterprise, but organizations remain highly vulnerable to IoT-based attacks, according to Extreme Networks. The report, which surveyed 540 IT professionals across industries in North America, Europe, and Asia Pacific, found that 84% of organizations have…
97% of IT leaders worried about insider data breaches
A staggering 97% of IT leaders say insider breach risk is a significant concern, according to a survey by Egress. 78% think employees have put data at risk accidentally in the past 12 months and 75% think employees have put…
Download: The Ultimate Security Pros’ Checklist
The Ultimate Security Pros’ Checklist provides you with a concise and actionable way to keep track of all your operational, management and reporting tasks. This checklist fully maps the core duties of common security positions – CISO/CIO, Director of Security,…
Innodisk launches integrated security solutions that harness the power of AIoT
Our increasingly connected world brings enormous potential for social and economic growth. However, without sophisticated security solutions that address the diverse threats posed to connected devices and systems, this potential is at risk of getting squandered. To tackle this challenge,…
SS8 Networks offers cloud-based end-to-end lawful intelligence solution built on AWS
SS8 Networks, a leader in Lawful Intercept and Monitoring Center platforms, is proud to announce the completion of the first Lawful Intelligence platform built on Amazon Web Services (AWS) for Operators and Law Enforcement Agencies globally. As wireless, broadband, fixed…
Gurucul launches new AI/ML behavior analytics for guided proactive hunting of unknown threats
Gurucul, a leader in unified security and risk analytics technology for on-premises and the cloud, introduced automated intelligent threat hunting that uses artificial intelligence (AI) and machine learning (ML) to detect behaviors associated with cyber attacks and data breaches, while…
Ciena adds new products and capabilities to its 5G Network Solutions
Ciena added several new products and capabilities to its 5G Network Solutions aimed at reducing network complexity and fueling operators’ migration from 4G to 5G – from radios to data centers and everything in between. Ciena’s unique and open approach…
Wallarm advances API security with native gRPC and GraphQL support
At RSA Conference 2020, Wallarm released an expanded set of parsers, detection of API-specific vulnerabilities and API schema analysis for gRPC and GraphQL. With Wallarm context-specific protection is delivered both for externally-facing APIs and for service-to-service internal APIs for a…
BlueVoyant offers managed detection and response for Microsoft Defender Advanced Threat Protection
BlueVoyant, a global analytics-driven cybersecurity firm, announced the availability of its Managed Detection and Response (MDR) Service for Microsoft Defender Advanced Threat Protection (D-ATP), a unified next-generation anti-virus (NGAV) and endpoint detection and response (EDR) platform. “The addition of Microsoft…
Red Hat OpenStack Platform 16: Helping orgs deliver innovation, quickly and with fewer disruptions
Red Hat, the world’s leading provider of open source solutions, announced the general availability of Red Hat OpenStack Platform 16, the latest version of its highly scalable and agile Infrastructure-as-a-Service (IaaS) solution. More than 1,000 enhancements and new features will…
CyberMDX completes integration certification for the Microsoft Azure Security Center for IoT
CyberMDX, a leading provider of medical cyber security solution, delivering asset visibility and threat prevention for medical devices and clinical assets, announced that it has completed integration certification for the Microsoft Azure Security Center for IoT. Integrating CyberMDX visibility and…
SecureAge enhances SyncDog’s solution to offer file and folder encryption for every file
SyncDog, the leading Independent Software Vendor (ISV) for next generation mobile security and data loss prevention, announced their partnership with SecureAge, a proven leader in enterprise encryption solutions and AI powered anti-malware technology. The partnership will integrate two of SecureAge’s…
Ping Identity appoints Patrick Harding as Chief Product Architect
Ping Identity, a pioneer in Intelligent Identity solutions, announced it has named Patrick Harding as the company’s Chief Product Architect. Harding returns to Ping Identity after two years of advisory and consulting work in the blockchain and identity space, including…
CrowdStrike appoints Michael Sentonas as CTO
CrowdStrike, a leader in cloud-delivered endpoint protection, announced the appointment of Michael Sentonas as the company’s new chief technology officer effective immediately. Sentonas, who most recently served as the vice president of technology strategy at CrowdStrike, is replacing Dmitri Alperovitch,…
Week in review: API security risks, Office 365 security pain points
Here’s an overview of some of last week’s most interesting news and articles: Sessions, events and seminars to check out at RSA Conference 2020 RSA Conference 2020 takes place next week in San Francisco. Here’s a brief overview of what…
Cisco drops security fixes for Smart Software Manager, security appliances
Cisco has released a new batch of security fixes for a number of its products, including its Smart Software Manager On-Prem solution and its Email Security and Content Security Management Appliances. Only one of the fixed vulnerabilities is deemed to…
Looking at the future of identity access management (IAM)
Here we are: at the beginning of a new year and the start of another decade. In many ways, technology is exceeding what we expected by 2020, and in other ways, well, it is lacking. Back to the Future made…
Cloud-enabled threats are on the rise, sensitive data is moving between cloud apps
44% of malicious threats are cloud enabled, meaning that cybercriminals see the cloud as an effective method for subverting detection, according to Netskope. “We are seeing increasingly complex threat techniques being used across cloud applications, spanning from cloud phishing and…
10 hot industry newcomers to watch at RSA Conference 2020
The RSA Conference Early Stage Expo is an innovation space dedicated to promoting emerging talent in the industry. Here are some of the most exciting companies exhibiting innovative products and solutions, which you can see in person in the San…
High-risk vulnerabilities and public cloud-based attacks on the rise
A sharp increase (57%) in high-risk vulnerabilities drove the threat index score up 8% from December 2019 to January 2020, according to the Imperva Cyber Threat Index. Following the release of Oracle’s Critical Patch Update – which included 19 MySQL…
Worldwide ICT spending forecast to reach $4.3 trillion in 2020
Worldwide spending on information and communications technology (ICT) is forecast to reach $4.3 trillion in 2020, an increase of 3.6% over 2019, according to IDC. Commercial and public sector spending on information technology (hardware, software and IT services), telecommunications services,…
Idaptive adds endpoint security and passwordless capabilities to its Next-Gen Access platform
Idaptive, the leading provider of Identity and Access Management solutions, announced a major update to its Next-Gen Access (NGA) platform that adds endpoint security and passwordless capabilities. The update is designed to help organizations with a distributed workforce simplify the…
White Ops Application Integrity: Protecting enterprises from sophisticated bot attacks
White Ops, the global leader in bot mitigation, announced the release of Application Integrity, a new offering designed to protect enterprises from sophisticated bot-based threats including account takeover, automated account creation, and web scraping. Leveraging the industry leadership the company…
Unisys offers $10,000 to those who compromise a target system protected by Stealth
Unisys announced that the company is offering $10,000 to participants who can capture data and credentials protected by the Unisys Stealth cybersecurity solution at RSA Conference 2020 in San Francisco. The “Unisys Stealth Capture the Flag” contest will take place…
Trustwave releases consulting and managed security services for Palo Alto Networks Prisma Cloud
Trustwave unveiled a new portfolio of consulting and managed security services for Palo Alto Networks Prisma Cloud, the industry’s most comprehensive cloud native security platform (CNSP) designed to govern access, protect data and secure applications. Trustwave support for Prisma Cloud…
HPE announces Veeam support for HPE Primera storage and enhancements to HPE StoreOnce backup
Hewlett Packard Enterprise (HPE) announced advancements in its data protection offerings with Veeam support for HPE Primera storage and enhancements to HPE StoreOnce backup. HPE and Veeam have partnered to protect customer data for the past decade, and this new…
Cyware’s 2.0 suite of cyber fusion products enables orgs to detect, analyze, and act on security threats
Cyware Labs, provider of advanced cyber fusion solutions, announced the release of version 2.0 of the company’s product suite. Available now, enhancements across the matrix of Cyware’s solutions include end-to-end threat intelligence automation, threat response and management capabilities, as well…
ElectionShield protects political campaigns from online threats
ElectionShield utilizes BrandShield’s technology to protect political campaigns and candidates from a growing range of online threats. These include social impersonation; fraudulent fundraising schemes; domain squatting; sale of unauthorized merchandise; fake social media content; phishing, social phishing and fake news.…
Infoblox Core DDI and Cloud Platform appliance products are now certified as Nutanix Ready
Infoblox, the market leader in next-level networking and DDI services, and Nutanix announced that Infoblox Core DDI and Cloud Platform appliance products, which are part of the Nutanix Elevate Program, have been certified as Nutanix Ready. Infoblox will support its…
ClearDATA Comply SaaS now includes Microsoft’s Azure Cloud Services
ClearDATA, the leader in healthcare public cloud security, compliance and privacy, expanded their ClearDATA Comply Software as a Service (SaaS) compliance management product to include Microsoft’s Azure Cloud Services. With this new addition to the ClearDATA portfolio of products, more…
QuintessenceLabs secures investment and expands quantum-safe portfolio
QuintessenceLabs, the leader in quantum-cybersecurity solutions, announced that it secured an investment from In-Q-Tel, the non-profit strategic investor that accelerates the development and delivery of cutting-edge technologies to the national security communities of the U.S. and its allies. This investment…
CyberX integrates with Microsoft Azure Security Center
CyberX announced a new API-level integration with Microsoft Azure Security Center for IoT, enabling joint clients to gain a unified view of security across all their managed and unmanaged IoT devices. The combination of CyberX’s agentless security platform and Azure…
SentinelOne raises $200 million to accommodate customer demand and accelerate growth
SentinelOne, the autonomous endpoint protection company, announced it has raised $200 million in Series E funding led by global venture capital and private equity firm Insight Partners, with participation from Tiger Global Management, Qualcomm Ventures LLC, Vista Public Strategies of…
Gil Vega joins Veeam Software as CISO
Veeam Software, the leader in Backup solutions that deliver Cloud Data Management, announced that Gil Vega has been appointed Chief Information Security Officer (CISO). Vega, whose previous experience includes serving as Managing Director and CISO at CME Group and as…
Zero Networks Access Orchestrator: Autonomous, airtight network access security at scale
Zero Networks unveiled the Zero Networks Access Orchestrator, the first network security platform that automatically defines, enforces and adapts user- and machine-level network access policies to create a continuous airtight zero trust network model, at scale. The company was named…
ProcessUnity Vendor Risk Management expanded to include new best practices configuration
ProcessUnity, a leading provider of cloud-based applications for risk and compliance management, today announced a new pre-built configuration of its award-winning Vendor Risk Management solution. Best Practices Configuration for ProcessUnity Vendor Risk Management (VRM) is a pre-configured Third-Party Risk Management…
What is flowing through your enterprise network?
Since Edward Snowden’s revelations of sweeping internet surveillance by the NSA, the push to encrypt the web has been unrelenting. Bolstered by Google’s various initiatives (e.g., its prioritizing of websites that use encryption in Google Search results, making Chrome mark…
Are CISOs ready for zero trust architectures?
Zero trust is a concept that is gaining an increasingly large and dedicated following, but it may mean different things to different audiences, so let’s start with a definition. I refer to an excellent post by my friend Lee Newcombe…
Most credential abuse attacks against the financial sector targeted APIs
From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. According to data from Akamai, up to 75% of all…
Cloud misconfigurations surge, organizations need continuous controls
Nearly 33.4 billion records were exposed in breaches due to cloud misconfigurations in 2018 and 2019, amounting to nearly $5 trillion in costs to enterprises globally, according to DivvyCloud research. Companies failing to adopt a holistic approach to security Year…
Number of records exposed in healthcare breaches doubled from 2018 to 2019
In 2019, healthcare data breaches collectively affected over 27 million individuals, according to Bitglass. Categories of breaches Hacking or IT incidents: Breaches related to malicious hackers and improper IT security Unauthorized access or disclosure: All unauthorized access and sharing of…
Factbook: Healthcare IT practices and cyber preparedness
In 2019, at least 10 hospitals turned away patients due to a compromised ability to deliver care following cyber attacks. Less dramatically, in 2019 the industry suffered a record 40-plus million breached medical records. That’s close to 3X as many…
HP committed to drive more stringent industry standards for printer security
HP announced its commitment to driving more stringent industry standards for printer security. As part of this effort, HP has joined the Buyers Lab (BLI) Security Validation Testing program for MFPs and printers. HP unveiled it was the first OEM…
BluBracket unveils security solution that makes code safe
BluBracket, the leader in securing code for the enterprise, introduced its product suite, representing the industry’s first comprehensive security solution for code in the enterprise. As a testament to its early technical lead in an important new category, BluBracket has…
Western Digital iNAND MC EU521: Enhancing the 5G smartphone user experience
With its new Western Digital iNAND MC EU521, an embedded Universal Flash Storage (UFS) device, Western Digital equips mobile developers to enhance the 5G smartphone user experience. An early supporter of JEDEC’s implementation of Write Booster under the UFS 3.1…
Fortinet launches FortiGate 1800F to accelerate security performance in the data center
Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, unveiled the FortiGate 1800F Next-Generation Firewall (NGFW) powered by NP7, the company’s seventh generation network processor, to enable today’s largest enterprises to achieve true internal segmentation as well as…
nShield Issuance HSM: Higher security for Entrust Datacard’s card issuance solutions
Entrust Datacard, a leading provider of trusted identity and secure issuance technology solutions, announced the nShield Issuance Hardware Security Module (HSM), designed exclusively to help create an integrated ecosystem for security, simplicity and serviceability for the company’s payment card systems…
Zyxel launches family of WiFi 6 solutions for service providers based upon IEEE 802.11ax standard
Zyxel Communications, a leading provider of secure broadband networking, Internet access and connected home products, announced its family of solutions for service providers based upon IEEE 802.11ax (WiFi 6), the latest Wi-Fi specifications standard. The new WiFi 6 solutions will…
JetPatch 4.0: Adding intelligent workflow automation and Predictive Patching
JetPatch, a next-generation vulnerability remediation cloud platform, released JetPatch 4.0, which adds machine learning and intelligent workflow automation capabilities to ensure that an organization’s systems are appropriately patched. This latest release minimizes the time it takes to remediate a vulnerability…
Snowflake combines its cloud-native data platform with Google Cloud’s AI, ML and analytics capabilities
Snowflake, the cloud data platform, announced general availability on Google Cloud, bringing together Snowflake’s cloud-native data platform with Google Cloud’s capabilities in AI, ML and analytics. Snowflake is now available in the us-central1 (Iowa) and europe-west4 (Netherlands) regions with additional…
SolarWinds AppOptics makes application troubleshooting simpler, faster, and more accurate
SolarWinds, a leading provider of powerful and affordable IT management software, announced updates to its SaaS-based infrastructure and application performance monitoring (APM) solution, AppOptics, making application troubleshooting simpler, faster, and more accurate. With new service- and trace-level root cause analysis…
Trustonic to contribute to the development of secure connected car technologies
Mobile security leader Trustonic announces that it has joined the Car Connectivity Consortium (CCC) to contribute to the development of technical specifications for secure connected car technologies. The CCC is a cross-industry organization advancing global technologies for smartphone-to-car connectivity solutions.…
Cisco, Fortinet, Palo Alto Networks and SonicWall get NetSecOPEN certified performance results
NetSecOPEN, the first industry organization focused on the creation of open, transparent network security performance testing standards, announced that Cisco, Fortinet, Palo Alto Networks and SonicWall are the first three security vendors to achieve certified performance results through open, standardized…
Summit 7 prepares Defense and Aerospace Contractors for compliance with the new CMMC regulations
Summit 7 Systems, a leading national provider of Cybersecurity Compliance Solutions for the Defense Industrial Base (DIB), announced an expansion of their Cybersecurity Practice Area with the addition of new software and services to prepare Defense and Aerospace Contractors for…
CoSoSys secures strategic investment to accelerate product development and market expansion
CoSoSys, a leading provider of Data Loss Prevention (DLP) solutions for security and compliance, announced that it had secured a strategic investment from Turn/River Capital, a technology-focused growth and private equity fund. The investment will be used to accelerate product…
Trend Micro delivers strongest quarter in the company’s history
Trend Micro, a global leader in cybersecurity solutions, announced earnings results for the fourth quarter as well as its annual results of fiscal year 2019, ending December 31, 2019. In Q4 2019, Trend Micro delivered the strongest quarter in the…
Arctic Wolf appoints Dan Larson as Senior Vice-President of Marketing
Arctic Wolf, a leading security operations center (SOC)-as-a-service company, announced the addition of Dan Larson as Senior Vice-President of Marketing. In this new role, Larson will lead all aspects of Arctic Wolf’s marketing strategy including product marketing, demand generation, and…
ThreatConnect hires four new senior management team members
In an effort to further position itself for rapid marketplace growth, ThreatConnect, provider of the industry’s only intelligence-driven security operations platform, announces the hiring of four new senior management team members: Miles R. Tappin, Vice President, EMEA; Steve Mariani, VP,…
Free trojanized WordPress themes lead to widespread compromise of web servers
Over 20,000 web servers (and who knows how many websites) have been compromised via trojanized WordPress themes to deliver malware through malicious ads, Prevailion researchers have discovered. The compromised servers are located across the globe and more than a fifth…
US gas pipeline shut down due to ransomware
An unnamed US gas pipeline operator has falled victim to ransomware, which managed to encrypt data both on its IT (information technology) and operational technology (OT) networks and led to a shutdown of the affected natural gas compression facility, the…
The top four Office 365 security pain points
Many novice Office 365 (O365) shops do not know where platform-specific security vulnerabilities lie, or even that they exist. The threats that you are unaware exist do not cause pain until they rise up and bite – then the agony…
Jon Callas: Encryption is a technology that rearranges power
In anticipation of his keynote at HITB Security Conference 2020 in Amsterdam, we talked to Jon Callas, a world-renowned cryptographer, software engineer, UX designer, and entrepreneur. Before joining the ACLU as senior technology fellow, he was at Apple, where he…
A third of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above
Risk Based Security’s VulnDB team aggregated 22,316 newly-disclosed vulnerabilities during 2019, finding that 37.26% had available exploit code or a Proof of Concept and that 33.43% of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above.…
8.4 million: Number of DDoS attacks researchers saw last year alone
Netscout released the findings of its Threat Intelligence Report for the second half of 2019, which also incorporates insights from its 15th Annual Worldwide Infrastructure Security Report (WISR) survey. The report underscores the proliferation of risks faced by global enterprises…
Researchers observed a 125% increase in malware targeting Windows 7
For the 2020 Webroot Threat Report, researchers analyzed samples from more than 37 billion URLs, 842 million domains, 4 billion IP addresses, 31 million active mobile apps, and 36 billion file behavior records. Phishing URLs encountered grew by 640% in…
Test CISSP knowledge with interactive flash cards
Study for the CISSP exam anytime, anywhere using Official (ISC)² CISSP flash cards. This free interactive self-study tool tests knowledge across all eight CISSP domains and gives you immediate feedback to reinforce learning. The vendor-neutral CISSP stands out as the…
Is your network already compromised? LUMU illuminates network blind spots
LUMU has come out of stealth mode and for the first time will be publicly showcasing its solution at this year’s RSA Conference. LUMU was founded in 2019 by cybersecurity veteran and serial entrepreneur Ricardo Villadiego, who previously founded Easy…
SentinelOne Singularity: AI-Powered XDR platform transforms enterprise security
SentinelOne unveiled its Singularity Platform, an industry first data lake that fuses together the data, access, control, and integration planes of its endpoint protection (EPP), endpoint detection and response (EDR), IoT security, and cloud workload protection (CWPP) into a centralized…
Veeam Availability Suite 10 features 150+ new features and enhancements
Veeam Software announced the general availability of NEW Veeam Availability Suite 10, ushering in the next generation of data protection capabilities that increase data availability, portability, and extensibility. First introduced in 2008 as Veeam Backup & Replication, Veeam Availability Suite…
IronKey D300 features advanced security, achieves NATO Restricted Level Certification
Kingston Digital announced its IronKey D300 Encrypted USB Flash Drive series has achieved NATO Restricted Level Certification. This indicates that, after a detailed validation process, the Kingston IronKey D300, IronKey D300S and IronKey D300SM have been listed in the NATO…
SIRP Security Score: Prioritize your threat response
SIRP launched a new security scoring module, S3, a major update to its platform. SIRP Security Score (S3) calculates an organization’s security score based on a number of internal and external factors. This enables organizations to more effectively prioritize risks,…
The challenges of cyber research and vulnerability disclosure for connected healthcare devices
As Head of Research at CyberMDX, Elad Luz gathers and analyzes information on a variety of connected healthcare devices in order to improve the techniques used to protect them and/or report about their security issues to vendors. The research includes…
Sessions, events and seminars to check out at RSA Conference 2020
RSA Conference 2020 takes place next week in San Francisco. Here’s a brief overview of what to check out while you’re at the conference. Read more about keynotes here. Monday – February 24, 2020 DevOps: 2020 DevSecOps Days at RSA…
Focus on cyber resilience increasing sharply as oil companies seek to protect their assets
Cybersecurity has emerged as the top focus of upstream oil and gas companies’ digital investments, according to a report from Accenture. The report is based on a global survey of 255 industry professionals, including C-suite executives, functional leaders and engineers.…
IT and business process automation growing with cloud architectures
Many organizations are starting to realize the benefits of increased scale and velocity of application deployment in their businesses, according to F5 Networks. This value, however, can bring significant complexity as organizations maintain legacy infrastructure while increasingly relying on multiple…
Cynerio delivers medical-first virtual segmentation to healthcare IoT security
Cynerio announced the addition of the virtual segmentation capability to their platform. Safe and effective healthcare IoT security projects can take over a year to execute due to a lack of visibility into network topology and sensitive device operations. Building…