Stream.Security announced new threat investigation and AI-powered remediation capabilities. The new real-time attack path detection and generative AI-powered remediation tools are part of the real-time exposure management features that the cloud security company is rolling out. With these capabilities, customers…
Tag: Help Net Security
AI abuse and misinformation campaigns threaten financial institutions
Though generative AI offers financial firms remarkable business and cybersecurity utility, cyberthreats relating to GenAI in financial services are a consistent concern, according to FS-ISAC. Cybercriminals exploit AI for data exfiltration The cybersecurity community’s current consensus is that adversarial usage…
How much does cloud-based identity expand your attack surface?
We all know using a cloud-based identity provider (IdP) expands your attack surface, but just how big does that attack surface get? And can we even know for sure? As Michael Jordan once said, “Get the fundamentals down, and the…
Advanced cybersecurity strategies boost shareholder returns
Companies demonstrating advanced cybersecurity performance generate a shareholder return that is 372% higher than their peers with basic cybersecurity performance, according to a new report from Diligent and Bitsight. Boards under pressure to fortify cyber oversight The escalation in the…
New infosec products of the week: March 29, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Security, CyberArk, GitGuardian, Legit Security, and Malwarebytes. GitGuardian SCA automates vulnerability detection and prioritization for enhanced code health GitGuardian SCA is specifically designed for…
Zero-day exploitation surged in 2023, Google finds
2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting…
Snowflake Data Clean Rooms helps organizations preserve the privacy of their data
Snowflake introduced Snowflake Data Clean Rooms to customers in AWS East, AWS West, and Azure West, revolutionizing how enterprises of all sizes can securely share data and collaborate in a privacy-preserving manner to achieve high value business outcomes in the…
AppViewX partners with Fortanix to address critical enterprise security challenges
AppViewX and Fortanix announced a partnership to offer cloud-delivered secure digital identity management and code signing. Together the companies make it easy to address critical enterprise security challenges with comprehensive, robust and scalable platforms for certificate lifecycle management automation and…
NHS Scotland confirms ransomware attackers leaked patients’ data
NHS Dumfries and Galloway (part of NHS Scotland) has confirmed that a “recognised ransomware group” was able to “access a significant amount of data including patient and staff-identifiable information,” and has published “clinical data relating to a small number of…
Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that US federal…
Enterprises increasingly block AI transactions over security concerns
Enterprises must secure a transformation driven by generative AI (GenAI) bidirectionally: by securely adopting GenAI tools in the enterprise with zero trust while leveraging it to defend against the new AI-driven threat landscape, according to Zscaler. AI has already become…
Debunking compliance myths in the digital era
Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing reliance on…
How CISOs tackle business payment fraud
In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise (BEC), cyber attackers’ use of AI, and securing the supply chain.…
AI weaponization becomes a hot topic on underground forums
The majority of cyberattacks against organizations are perpetrated via social engineering of employees, and criminals are using new methods including AI to supercharge their techniques, according to ReliaQuest. Some 71% of all attacks trick employees via the use of phishing,…
Cybercriminals use cheap and simple infostealers to exfiltrate data
The rise in identity-based attacks can be attributed to a rapid increase in malware, according to SpyCloud. Researchers found that 61% of data breaches in 2023, involving over 343 million stolen credentials, were infostealer malware-related. Of these compromised identity records,…
CyberArk Secure Browser helps prevent breaches resulting from cookie theft
CyberArk launched CyberArk Secure Browser, an identity-centric secure browser, providing enhanced security and privacy alongside a familiar, productive user experience. Backed by intelligent privilege controls and simple to deploy across devices, CyberArk Secure Browser is purpose-built for a cloud-first world,…
AU10TIX’s Digital ID suite identifies potentially fraudulent activities
AU10TIX announced the expansion of its Digital ID solution, which enables businesses to securely verify IDs of all types, including physical, digital, eID, verifiable credentials, and more. AU10TIX’s fully automated Digital ID solution serves as a verification hub for business…
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo Security, told…
Malwarebytes adds AI functionality to ThreatDown Security Advisor
Malwarebytes has added AI functionality to its Security Advisor, available in every ThreatDown Bundle. Leveraging generative AI technology, the new capabilities will transform Security Advisor into a dynamic experience that allows customers to use simple natural language requests to search…
Bedrock Security protects sensitive data within one unified platform
Bedrock Security unveiled its data security platform. Empowering organizations to manage data risk introduced by cloud and generative AI, Bedrock continuously discovers, manages, and protects sensitive data. The platform is powered by data AI Reasoning (AIR) Engine. AIR automatically understands…
Attackers leverage weaponized iMessages, new phishing-as-a-service platform
Scammers are leveraging the Darcula phishing-as-a-service platform, iMessages and Google Messages to great effect. The platform allows them to impersonate a variety of brands based in over 100 different countries: postal services, public and private utilities, packet delivery services, financial…
How security leaders can ease healthcare workers’ EHR-related burnout
Staff experiencing burnout in healthcare settings is not something that security leaders typically worry about – unless, maybe, it is the security team itself that is suffering from it. Healthcare CISOs and privacy officers worry more about the confidentiality and…
Essential elements of a strong data protection strategy
In this Help Net Security interview, Matt Waxman, SVP and GM for data protection at Veritas Technologies, discusses the components of a robust data protection strategy, emphasizing the escalating threat of ransomware. He highlights the importance of backup and recovery…
Cybersecurity jobs available right now: March 27, 2024
Cyber Product Owner UBS | Israel | On-site – View job details Your primary responsibilities will include owning and managing application security testing products, collaborating with the cyber hygiene operational team, and understanding their needs. You will also engage with…
Drozer: Open-source Android security assessment framework
Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. Drozer features The solution enables the identification of security vulnerabilities in applications and devices by taking on…
Cybersecurity essentials during M&A surge
The volume of mergers and acquisitions has surged significantly this quarter. Data from Dealogic shows a 130% increase in US M&A activity, totaling $288 billion. Worldwide M&A has also seen a substantial uptick, rising by 56% to $453 billion. Considering…
Legit Security launches enterprise secrets scanning solution
Legit Security has unveiled its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline. An AI-powered solution that enables secrets discovery beyond source code, Legit’s offering is built to meet the…
Vercara UltraAPI offers protection against malicious bots and fraudulent activity
Vercara has launched UltraAPI, a product suite that protects APIs and web applications from malicious bots and fraudulent activity while ensuring regulatory compliance. Powered by Cequence Security UltraAPI helps organizations protect applications and APIs against cyber threats via three core…
BackBox platform update enhances CVE mitigation and risk scoring
After releasing Network Vulnerability Manager (NVM) in Q4 2023, BackBox has announced a major platform feature update that gives customers the ability to mark irrelevant or already-mitigated Common Vulnerabilities and Exposures (CVEs) as “mitigated,” helping network teams manage CVEs and…
Swimlane partners with Dragos to automate threat detection across both IT and OT environments
Swimlane announced a partnership with Dragos. Through the partnership, the companies are offering a new integration between Swimlane Turbine and the Dragos Platform that enables customers to automate threat detection and enrichment across both IT and OT environments, leveraging AI…
ArmorCode Risk Prioritization provides visibility into security findings with business context
ArmorCode announced ArmorCode Risk Prioritization, providing a 3D scoring approach for managing application security risks. ArmorCode combines the three dimensions of technical severity ratings, unique business context, and insight on whether a threat is being actively exploited to help organizations…
GitGuardian SCA automates vulnerability detection and prioritization for enhanced code health
GitGuardian has released its Software Composition Analysis (SCA) module. SCA directly impacts the health of organizations’ codebase by automating vulnerability detection, prioritization, and remediation in software dependencies. Its additional capabilities ensure code licensing and regulatory compliance, such as generating comprehensive…
17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office for Information Security…
DataVisor’s AML solution helps combat sophisticated financial crimes
DataVisor announced its latest offering: an end-to-end anti-money laundering (AML) solution boasting technology and comprehensive functionalities powered by machine learning and AI. Amidst increasing regulatory compliance requirements and the growing complexity of financial crime tactics, this essential solution stands out…
Apps secretly turning devices into proxy network nodes removed from Google Play
Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that doesn’t sound so…
Reinforcement learning is the path forward for AI integration into cybersecurity
AI’s algorithms and machine learning can cull through immense volumes of data efficiently and in a relatively short amount of time. This is instrumental to helping network defenders sift through a never-ending supply of alerts and identify those that pose…
How threat intelligence data maximizes business operations
Threat intelligence is no longer a ‘nice to have’ for organizations but a ‘must,’ as it provides leaders with critical insight into their business. If leveraged correctly, threat intelligence is not just a cybersecurity asset but also gives organizations a…
Strengthening critical infrastructure cybersecurity is a balancing act
In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks. How do current cybersecurity strategies address the critical infrastructure sectors’…
Scammers exploit tax season anxiety with AI tools
25% of Americans has lost money to online tax scams, according to McAfee. Of the people who clicked on fraudulent links from supposed tax services, 68% lost money. Among those, 29% lost more than $2,500, and 17% lost more than…
Tech industry’s focus on innovation leaves security behind
The rapid digital transformation and technological progress within the technology sector have enlarged the attack surface for companies operating in this space, according to Trustwave. As the sector evolves, the proliferation of Software-as-a-Service (SaaS) providers, cloud infrastructure, and internet-connected systems…
Interos Resilience Watchtower enables companies to monitor vulnerabilities
Interos announced Interos Resilience Watchtower, a personalized risk technology that evolves organizations from monitoring to action. The module allows leaders to build tailored risk models that prioritize at-risk suppliers based on their materiality to the business, for a faster and…
Scammers steal millions from FTX, BlockFi claimants
Customers of bankrupt crypto platform BlockFi have been targeted with a very convincing phishing email impersonating the platform, asking them to connect their wallet to complete the withdrawal of remaining funds. Judging by this Reddit thread, many have fallen for…
APT29 hit German political parties with bogus invites and malware
APT29 (aka Cozy Bear, aka Midnight Blizzard) has been spotted targeting German political parties for the first time, Mandiant researchers have shared. Phishing leading to malware The attack started in late February 2024, with phishing emails containing bogus invitations to…
20 essential open-source cybersecurity tools that save you time
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies. When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of…
8 cybersecurity predictions shaping the future of cyber defense
Among Gartner’s top predictions are the collapse of the cybersecurity skills gap and the reduction of employee-driven cybersecurity incidents through the adoption of generative AI (GenAI). Two-thirds of global 100 organizations are expected to extend directors’ and officers’ insurance to…
How immersive AI transforms skill development
Organizations are becoming more laser-focused on extracting the value of AI, moving from the experimentation phase toward adoption. While the potential for AI is limitless, AI expertise sadly is not. In this Help Net Security video, David Harris, Principal Generative…
Scams are becoming more convincing and costly
Scams directly targeting consumers continue to increase in both complexity and volume, according to Visa. Consumers are increasingly targeted by scammers, who rely on heightened emotions to create fraud opportunities. While the number of individual scam reports from June to…
Cybercriminals use ChatGPT’s prompts as weapons
Developed by OpenAI, ChatGPT has garnered attention across industries for its ability to generate relevant responses to various queries. However, as the adoption of ChatGPT accelerates, so do discussions surrounding its ethical and security implications. Organizations grapple with questions about…
Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Outsmarting cybercriminal innovation with strategies for enterprise resilience In this Help Net Security interview, Pedro Cameirão, Head of Cyber Defense Center at Nokia, discusses emerging…
US organizations targeted with emails delivering NetSupport RAT
Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method. The malware campaign The campaign, dubbed PhantomBlu, takes the form of email messages purportedly coming from…
CISA: Here’s how you can foil DDoS attacks
In light of the rise of “DDoS hacktivism” and the recent DDoS attacks aimed at disrupting French and Alabama government websites, the Cybersecurity and Infrastructure Security Agency (CISA) has updated its guidance of how governmental entities (but also other organizations)…
Ex-Secret Service agent and convicted hacker share stage at GISEC Global
A former United States Secret Service Agent and a Vietnamese former-hacker-turned-cybersecurity-specialist are set to reunite for the first time at GISEC Global 2024 to discuss their unique cat-and-mouse-style chase, which ultimately resulted in an arrest and conviction. Matt O’Neil is…
Attackers are targeting financial departments with SmokeLoader malware
Financially motivated hackers have been leveraging SmokeLoader malware in a series of phishing campaigns predominantly targeting Ukrainian government and administration organizations. The phishing campaign The Ukrainian SSSCIP State Cyber Protection Center (SCPC), together with the Palo Alto Networks Unit 42…
Shadow AI is the latest cybersecurity threat you need to prepare for
Shadow IT – the use of software, hardware, systems and services that haven’t been approved by an organization’s IT/IT Sec departments – has been a problem for the last couple of decades, and a difficult area for IT leaders to…
Organizations under pressure to modernize their IT infrastructures
The use of hybrid multicloud models is forecasted to double over the next one to three years as IT decision makers are facing new pressures to modernize IT infrastructures because of drivers like AI, security, and sustainability, according to Nutanix.…
Inside the book – See Yourself in Cyber: Security Careers Beyond Hacking
In this Help Net Security video, Ed Adams, president and CEO of Security Innovation, discusses his new book See Yourself in Cyber: Security Careers Beyond Hacking. The book, published by Wiley, explores the breadth and depth of cybersecurity careers. It…
New infosec products of the week: March 22, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Drata, GlobalSign, Ordr, Portnox, Sonatype, Tufin, and Zoom. GlobalSign PKIaaS Connector enhances ServiceNow certificate lifecycle management With the upgrades in GlobalSign’s PKIaaS Connector, ServiceNow…
95% of companies face API security problems
Despite the critical role of APIs, the vast majority of commercial decision-makers are ignoring the burgeoning security risk for businesses, according to Fastly. Application Programming Interfaces (APIs) have long been recognised as a bedrock of the digital economy and recent…
Vishal Rao joins Skyhigh Security as CEO
Skyhigh Security announced that it has appointed Vishal Rao as the organization’s next CEO. Rao will succeed former Skyhigh Security CEO Gee Rittenhouse, effective immediately. Rao brings an extensive background in the enterprise software industry, with approximately 25 years of…
AttackIQ Ready! 2.0 enables organizations to validate their cyber defense
AttackIQ announced AttackIQ Ready! 2.0, a managed breach and attack simulation-as-a-service that combines fully automated and on-demand adversary emulation testing that enables organizations to validate their cyber defense. While continuous security control validation is essential for maintaining an adaptive defense…
Veritas Backup Exec enhancements protect SMBs’ critical data
Veritas Technologies announced enhancements to Veritas Backup Exec, the unified backup and recovery solution. The latest updates include malware detection capabilities, role-based access control and additional optimizations for fast backup and recovery of business-critical data. With ransomware attacks on the…
Apricorn releases 24TB hardware encrypted USB drive
Apricorn released a 24TB version of its Aegis Padlock DT and Padlock DT FIPS Desktop Drives. Apricorn brings a 24TB encrypted drive to market, delivering high performance and mass capacity to industries such as healthcare, financial services, education, and government,…
LogicGate introduces cyber and operational risk suite offerings
LogicGate announces the new Cyber Risk Suite and Operational Risk Suite offerings, providing enterprises with purpose-built integrated solutions to efficiently and effectively optimize their Enterprise Risk Management (ERM) and cyber risk programs. Each suite includes applications, integrations, licenses, and services…
Kyndryl partners with Cloudflare to help enterprises migrate to next-generation networks
Kyndryl and Cloudflare announced a Global Strategic Alliance, an expansion of their partnership, to enable enterprises to migrate and manage networks for multi-cloud connectivity and comprehensive network security. The partnership combines Kyndryl’s end-to-end consulting services and expertise across enterprise networking,…
Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware
Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity server, has been…
Fake data breaches: Countering the damage
Amid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions. Earlier this year, a hacker on a criminal forum claimed to have…
Using cloud development environments to secure source code
In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining…
WebCopilot: Open-source automation tool enumerates subdomains, detects bugs
WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting. “I built this solution to streamline the application security process,…
Secrets sprawl: Protecting your critical secrets
Leaked secrets, a phenomenon known as ‘secrets sprawl,’ is a pervasive vulnerability that plagues nearly every organization. It refers to the unintentional exposure of sensitive credentials hardcoded in plaintext within source code, messaging systems, internal documentation, or ticketing systems. As…
Malware stands out as the fastest-growing threat of 2024
93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year, according to Thales. The number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Despite this…
Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)
Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly encourages”…
Zoom Compliance Manager helps organizations fulfill regulatory requirements
Zoom announces Zoom Compliance Manager, an all-in-one offering that provides archiving, eDiscovery, legal hold, and information protection capabilities to help organizations fulfill regulatory requirements and mitigate organizational communications compliance risks across the Zoom platform. “Zoom currently provides compliance and information…
DataDome Account Protect provides security for login and registration endpoints
DataDome launched DataDome Account Protect. This solution targets the growing threat of account takeovers and fake account creations that organizations worldwide face, providing robust security for login and registration endpoints against account-based attacks for business fraud purposes. Account fraud, particularly…
RaaS groups increasing efforts to recruit affiliates
Smaller RaaS groups are trying to recruit new and “displaced” LockBit and Alphv/BlackCat affiliates by foregoing deposits and paid subscriptions, offering better payout splits, 24/7 support, and other “perks”. Cybercriminals wanted RaaS operations usually consist of a core group that…
ControlUp Secure DX reduces endpoint management complexity
ControlUp announced Secure DX, a real-time scanning, detection, and remediation solution that improves the security posture of endpoint devices without compromising the digital employee experience. By continuously and autonomously spotting and resolving endpoint vulnerabilities and weak security configurations, Secure DX…
Semgrep Assistant boosts AppSec team productivity using AI
Semgrep announced Semgrep Assistant, a tool that uses Artificial Intelligence (AI) to drive efficiencies and uncover insights across all phases of an AppSec program, from rule creation to remediation. Semgrep is a static code analysis tool that alerts users about…
Apiiro and Secure Code Warrior join forces for developer training integration
Apiiro has announced a product integration and partnership with Secure Code Warrior to extend its ASPM technology and processes to the people layer. The partnership combines Apiiro’s deep code analysis and risk context with Secure Code Warrior’s agile learning catalog…
CyberSaint raises $21 million to accelerate market expansion
CyberSaint announced the company has raised $21 million in Series A funding led by Riverside Acceleration Capital (RAC). Additional participating investors include Sage Hill Investors, Audeo Capital, and BlueIO. The funding will build on customer momentum, accelerate market expansion, and…
Portnox Conditional Access for Applications improves data security for organizations
Portnox introduced its Conditional Access for Applications solution. Available as part of the Portnox Cloud platform, Conditional Access for Applications delivers easy-to-implement passwordless authentication, endpoint risk posture assessment, and automated endpoint remediation for organizations seeking to harden their application security…
Venafi Firefly with SPIFFE capability enables security teams to ensure governance and reduce risk
Venafi introduced SPIFFE (Secure Production Identity Framework For Everyone) support for Venafi Firefly, Venafi’s lightweight workload identity issuer designed to support modern, highly distributed cloud native workloads. As workload identity plays an increasingly fundamental role in cloud native architectures, today’s…
The most prevalent malware behaviors and techniques
An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence. Malware tactics and techniques The analyzed malware samples were most…
Growing AceCryptor attacks in Europe
ESET Research has recorded a considerable increase in AceCryptor attacks, with detections tripling between the first and second halves of 2023. In recent months, researchers registered a significant change in how AceCryptor is used, namely that the attackers spreading Rescoms…
Nirmata Policy Manager combats cloud security threats
Nirmata announced new features for its flagship product, Nirmata Policy Manager. With today’s increasing cloud security threats, detecting intrusions is no longer enough – the damage may already be done. That’s why Nirmata has developed Nirmata Policy Manager to proactively…
Red teaming in the AI era
As AI gets baked into enterprise tech stacks, AI applications are becoming prime targets for cyber attacks. In response, many cybersecurity teams are adapting existing cybersecurity practices to mitigate these new threats. One such practice measure is red teaming: the…
Security best practices for GRC teams
Even with the best-of-the-best tools and tech stack monitoring vulnerabilities, every security executive and GRC leader should still have some layer of paranoia. If they don’t, that’s a huge issue. In this Help Net Security video, Shrav Mehta, CEO at…
1% of users are responsible for 88% of data loss events
Data loss is a problem stemming from the interaction between humans and machines, and ‘careless users’ are much more likely to cause those incidents than compromised or misconfigured systems, according to Proofpoint. While organizations are investing in Data Loss Prevention…
API environments becoming hotspots for exploitation
A total of 29% of web attacks targeted APIs over 12 months (January through December 2023), indicating that APIs are a focus area for cybercriminals, according to Akamai. API integration amplifies risk exposure for enterprises APIs are at the heart…
Appdome launches Social Engineering Prevention service to safeguard mobile users
Appdome has unveiled its new Social Engineering Prevention service on the Appdome platform. The new service enables mobile brands to continuously detect, block and intervene the moment social engineering attacks attempt to exploit user trust or manipulate user behavior. The…
Kasada introduces CDN edge API integrations to block abuse and online fraud
Kasada released a bot detection API with out-of-the-box integrations for Content Delivery Network (CDN) edge computing platforms. Security teams can use the new integrations to quickly block abuse and online fraud without sacrificing user experience or data privacy. Threat actors…
Tufin Orchestration Suite R24-1 enhances cloud security and compliance
Tufin released of Tufin Orchestration Suite (TOS) version R24-1. The latest additions to Tufin’s solution enhance customers’ ability to manage cloud security controls from a centralized interface, making security policy management more effective. With TOS R24-1, Tufin enables complete visibility…
CalypsoAI Platform provides real-time LLM cybersecurity insights
CalypsoAI has launched the CalypsoAI Platform, a SaaS-based security and enablement solution for generative AI applications within the enterprise. With the new model-agnostic SaaS platform, technology, innovation, and security leaders can harness the power of generative AI and large language…
Ordr launches OrdrAI CAASM+ to provide asset visibility with AI/ML classification
Ordr has launched its new OrdrAI CAASM+ (Cyber Asset Attack Surface Management) product, built on top of the OrdrAI Asset Intelligence Platform. For years, Ordr has been solving asset visibility and security challenges in the world’s most demanding environments, including…
Synopsys fAST Dynamic enables DevOps teams to fix security vulnerabilities in modern web apps
Synopsys released Synopsys fAST Dynamic, a new dynamic application security testing (DAST) offering on the Synopsys Polaris Software Integrity Platform. fAST Dynamic enables development, security, and DevOps teams to find and fix security vulnerabilities in modern web applications without impeding…
eSentire Threat Intelligence reduces false positive alerts
eSentire launched its first standalone cybersecurity product, eSentire Threat Intelligence, extending eSentire’s protection and automated blocking capability across firewalls, threat intelligence platforms, email services and endpoint agents. eSentire Threat Intelligence provides mid-market and enterprise organizations with a simple API gateway…
Drata unveils Adaptive Automation for streamlined compliance
Drata has unveiled a new offering, Adaptive Automation. Augmenting the scope of continuous control monitoring and evidence collection, Adaptive Automation empowers GRC professionals to save time and automate even more of their compliance program through customized tests within Drata’s platform,…
Traefik Labs updates address rising Kubernetes adoption and API management
Traefik Labs has unveiled product updates that address the escalating adoption of Kubernetes and the crucial role of API management in modern digital infrastructure. The updates include a Kubernetes-native API gateway, integration of a Web Application Firewall (WAF), and advanced…
NIST’s NVD has encountered a problem
Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who regularly uses the NVD as a…
Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain
Working with the world’s largest enterprises and global policymakers to address the complexities of optimizing your software supply chain with SBOMs (Software Bill of Materials), Sonatype announced SBOM Manager. This solution provides an integrated approach to managing SBOMs from third-party…
Verimatrix Counterspy safeguards content across various devices
Verimatrix released its new Verimatrix Counterspy anti-piracy solution. Counterspy leverages technology first developed by the company’s cybersecurity team back in 2021 to offer an innovative new way to counter the rise in video piracy in an era where streaming apps…
SUSE announces new enhancements to help users manage business-critical workloads
SUSE announced enhancements across its cloud native and Edge portfolio to enable customers to securely deploy and manage business-critical workloads anywhere. New capabilities in Rancher Prime 3.0, SUSE’s commercial offering of Rancher and SUSE Edge 3.0 commit to enabling choice…