Tag: Help Net Security

Here’s a look at the most interesting products from the past month, featuring releases from: BreachRx, Code42, ComplyAdvantage, Darktrace, Dig Security, Diligent, Fidelis Cybersecurity, Hubble, Netscout, Panorays, Privacera, Regula, SeeMetrics, Tenable, and WatchGuard. WatchGuard expands identity protection capabilities with AuthPoint…

Read more →

78% of Europe’s largest financial institutions experienced a third-party breach in the past year, according to SecurityScorecard. In the wake of attacks such as MOVEit and SolarWinds, cybersecurity regulations are increasing the need for comprehensive approaches to manage vendor risk…

Read more →

Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted Last week, we reported on a remote unauthenticated API access vulnerability (CVE-2023-35078) affecting Ivanti EPMM having been exploited to…

Read more →

Oracle Cloud Infrastructure (OCI) has introduced a new Secure Cloud Computing Architecture (SCCA) for the U.S. Department of Defense (DoD). The solution helps make security compliance and cloud adoption for mission-critical workloads easier, faster, and more cost effective by using…

Read more →

DELL introduces new offerings to help customers securely build generative AI (GenAI) models on-premises to accelerate improved outcomes and drive new levels of intelligence. New Dell Generative AI Solutions, expanding upon our May’s Project Helix announcement, span IT infrastructure, PCs…

Read more →

The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection vulnerability in Barracuda Email Security Gateway (ESG) appliances. Barracuda ESG zero-day exploit and backdoors In late May,…

Read more →

The most widely used method for ransomware delivery in 2022 was via URL or web browsing (75.5%), Palo Alto Networks researchers have found. In 2021, it was email attachments (i.e., delivery via SMTP, POP3, and IMAP protocols), but in 2022…

Read more →

What separates superstar CISOs from the rest of the pack is that they are keenly aware of the burgeoning threat landscape and the cybersecurity skills shortage, but they don’t give in to despair. Instead, they use their existing assets to…

Read more →

Most organizations lack strong cyber resilience strategies or data security capabilities to address threats and maintain business continuity, according to BigID. Despite both the rise in threats and the high percentage of respondents whose organizations suffered recent attacks, there hasn’t…

Read more →

Open source refers to software or technology that is made available to the public with its source code openly accessible, editable, and distributable. In other words, the source code contains the underlying programming instructions and is freely available for anyone…

Read more →

A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. In fact, relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was shown…

Read more →

In this Help Net Security interview, Jean-Charles Chemin, CEO of Legapass, provides insight into the correlation between maintaining customer trust and protecting sensitive customer data. He emphasizes how a data privacy vault can reinforce customer trust by offering protection against…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Key factors for effective security automation In this Help Net Security interview, Oliver Rochford, Chief Futurist at Tenzir, discusses how automation can be strategically integrated…

Read more →

BlackBerry announced that it will participate in Cybertech Africa, in Rwanda. The first-of-its kind event in the region will convene government officials and technology leaders to advance cybersecurity in Africa and will be held from August 1-2. At Cybertech Africa,…

Read more →

Baffle unveiled Baffle Data Protection Services with Advanced Encryption, a privacy-enhanced technology solution that enables analytical and operational computations on protected, regulated data. Baffle’s no code, data-centric software protects data in a performant manner without specialized hardware, giving companies control…

Read more →

Citrix announced expanded capabilities for its cloud and on-premises solutions for the hybrid world. As part of this expansion, Desktop-as-a-Service (DaaS) and virtual desktop infrastructure (VDI) offerings are now combined in a Citrix Universal subscription. These offerings include a recent…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from BreachRx, Darktrace, Dig Security, Panorays, and SeeMetrics. Panorays unveils cybersecurity enhancements for supply chains Panorays announced two capabilities – Supply Chain Discovery and Risk Insights…

Read more →

In the wake of increased workforce mobility, today’s organizations require more innovative, more flexible, and more secure methods of granting network and application access to their workers. ZTNA adoption The encryption-based security approach leveraged by the virtual private networks (VPNs)…

Read more →

The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace. In this Help Net Security video, Kelly Rozumalski, a Senior VP leading Booz Allen’s national…

Read more →

For every 10,000 enterprise users, an enterprise organization is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month, according to Netskope. Source code accounts for the largest share of sensitive data being exposed. Based on data…

Read more →

The majority of organizations are on the road to implementing a zero trust framework to increase their overall security risk posture, according to PlainID. However, only 50% said that authorization makes up their zero trust program – potentially exposing their…

Read more →

Seraphic Security has extended its enterprise browser security solution to digital workplace apps. The Seraphic Security Platform works across any browser and any device ensuring both safe browsing and enforcing corporate policies across cloud-based corporate applications such as AWS, Google…

Read more →

The attack surface of cloud-native applications continues to grow as adversaries look to exploit misconfigurations and vulnerabilities throughout the application life cycle. In response, the industry has turned to Cloud Native Application Protection Platforms (CNAPPs) to unify multiple disparate security…

Read more →

SkyKick announced major enhancements to its Cloud Management Platform. New products and updates deliver enhanced data protection capabilities and personalized security insights, enabling ITSPs to meet the growing demand for robust security solutions and conversations in the SMB market. This…

Read more →

Island announced the addition of Steve Tchejeyan to its executive team as President. Tchejeyan brings decades of executive leadership experience driving successful business strategies and growth initiatives for some of the world’s leading technology and cybersecurity companies. He is tasked…

Read more →

In a significant move toward enhancing business continuity and data security for enterprises, N2WS has launched the latest version of N2WS Backup and Recovery. This latest release encompasses substantial advancements and new integrations designed to strengthen the protection of enterprise…

Read more →

Egnyte announced several new AI-powered solutions being natively integrated into the Egnyte platform. Egnyte customers will now be able to use the latest generative AI models to find and summarize information contained in their company’s documents and media files, without…

Read more →

Protect AI has closed a $35 million Series A round of funding led by Evolution Equity Partners with participation from Salesforce Ventures and existing investors Acrew Capital, boldstart ventures, Knollwood Capital and Pelion Ventures. To date, the company has raised…

Read more →

Harnessing the potential of automation in cybersecurity is key to maintaining a robust defense against ever-evolving threats. Still, this approach comes with its own unique challenges. In this Help Net Security interview, Oliver Rochford, Chief Futurist at Tenzir, discusses how…

Read more →

If you find the computer security guidelines you get at work confusing and not very useful, you’re not alone. A new study highlights a key problem with how these guidelines are created, and outlines simple steps that would improve them…

Read more →

Coalition’s recent Cyber Threat Index 2023 predicts the average Common Vulnerabilities and Exposures (CVEs) rate will rise by 13% over 2022 to more than 1,900 per month in 2023. As thousands of patches and updates are released each month, organizations…

Read more →

Digital threat actors are adopting evolving tactical behaviors, opting for different types of malicious attacks compared to previous years, according to SonicWall. Overall intrusion attempts were up, led by the highest year on record for global cryptojacking volume recorded by…

Read more →

Unix-like Artifacts Collector (UAC) is a live response collection script for incident response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD, and Solaris systems artifacts. It…

Read more →

The ongoing banking and economic turmoil has opened the floodgates to fraudsters. In this Help Net Security video, ex-British Intelligence officer Alex Beavan, Head of Ethics and Anti-Corruption at Convera, discusses how fraudsters target businesses and his experiences with companies…

Read more →

The Securities and Exchange Commission (SEC) today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules…

Read more →

SeeMetrics launched its new Security Performance Boards. Organized by security domains, the new Security Performance Boards are a collection of out-of-the box metrics that empower security leaders to measure the performance of their technologies, processes, and people in real time.…

Read more →

Endace announced a significant extension of its enterprise-class packet capture solutions with the launch of EndaceProbe Cloud. As organizations migrate sensitive data and critical systems to public cloud environments, it is essential that security and network teams have sufficient visibility…

Read more →

Malware attacks are becoming more sophisticated, and as business increasingly moves to the cloud, companies need to up their defenses to protect against them. SentinelOne announced its Cloud Data Security product line and the general availability of the first two…

Read more →

Clear Skye launched Clear Skye IGA 5.0, the company’s most significant product release to date. An identity security and governance solution built natively on the ServiceNow Platform, 5.0 enables businesses to simplify workflows, increase productivity, and improve the overall user…

Read more →

DataGrail announced a new Managed Services offering that offloads the burdens of day-to-day data privacy management so that companies can maintain their focus on strategy and impact. DataGrail Managed Services now handle customers’ DSR fulfillment and data mapping processes, streamlining…

Read more →

A privilege escalation vulnerability (CVE-2023-30799) could allow attackers to commandeer up to 900,000 MikroTik routers, says VulnCheck researcher Jacob Baines. While exploting it does require authentication, acquiring credentials to access the routers is not that difficult. “RouterOS [the underlying operating…

Read more →

Talon Cyber Security released the Talon Extension, a new enterprise browser security solution that provides customers with visibility and protection for activities conducted within the browser. The extension is easily installed on any web browser, making it an ideal solution…

Read more →

Darktrace announces Darktrace HEAL, its AI-enabled product to help businesses more effectively prepare for, rapidly remediate, and recover from cyber-attacks. HEAL provides security teams with abilities to simulate real attacks within their own environments, create bespoke incident response plans as…

Read more →

BreachRx launched Cyber RegScout, a product purpose-built to automate cybersecurity, privacy and data protection regulatory analysis. Built on BreachRx’s platform, Cyber RegScout empowers businesses to significantly reduce the time burden and compliance risk associated with today’s increasingly complex regulatory environment.…

Read more →

Dynatrace is expanding its Davis AI engine to create a hypermodal artificial intelligence (AI), converging fact-based, predictive- and causal-AI insights with new generative-AI capabilities. The expanded Davis AI will boost productivity across business, development, security, and operations teams by delivering…

Read more →

In this Help Net Security interview, Dr. Lindsey Polley de Lopez, Director of Cyber & Space Intelligence at MACH37, proposes strategies for companies, educational institutions, and governments on how to address the ongoing shortage of cybersecurity talent through the introduction…

Read more →

The role of CISO these days requires a strong moral compass: You have to be the one speaking up for the protection of customer data and be ready to handle uncomfortable situations such as pressure to downplay an actual breach.…

Read more →

A lack of executive understanding and an ever-widening talent gap that is placing an unsustainable burden on security teams to prevent business-ending breaches, according to Swimlane. The research investigated the perceptions of cybersecurity among on-the-ground security professionals and executives, the…

Read more →

Zero trust is here to stay, with 82% of experts currently working on implementing zero trust, and 16% planning to begin within 18 months, according to Beyond Identity. Over 90% of those working on zero trust cited that the 2022…

Read more →

Time is of the essence when it comes to recovery after Exchange Server failure or database corruption, as organizations depend on emails for their day-to-day business communication. The more the delay in restoring services and recovering data, the higher the…

Read more →

ZEDEDA introduced ZEDEDA Edge Application Services, making it easier for customers to instantly gain granular control across all of their edge applications, including their modern AI-based applications. The number of edge devices, along with the data they produce, is growing…

Read more →

NETSCOUT announced its next-generation Omnis Cyber Intelligence (OCI) solution. OCI is an advanced network detection and response (NDR) solution that uses highly scalable deep packet inspection (DPI) and multiple threat detection methods at the source of packet capture to detect…

Read more →

Panorays announced two capabilities – Supply Chain Discovery and Risk Insights and Response Portal. These new additions empower organizations to gain comprehensive visibility into their digital supply chains and effectively manage potential cybersecurity risks posed by third, fourth, and Nth…

Read more →

Lookout announced new Windows and macOS endpoint agents for its Zero Trust Network Access (ZTNA) solution, Lookout Secure Private Access, that facilitate the full replacement of overextended virtual private networks (VPNs) with cloud-delivered security. Businesses can now fully realize the…

Read more →

Dig Security announced enhancements to the Dig Data Security Platform, including new capabilities to secure Large Language Model (LLM) architectures. Dig’s DSPM solution now enables customers to train and deploy LLMs while upholding data security, privacy, and compliance, maintaining visibility…

Read more →

A zero-day vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile (EPMM) has been exploited to carry out an attack that affected 12 Norwegian ministries, the Norwegian National Security Authority (NSM) has confirmed on Tuesday. What is known about the attacks? On…

Read more →

OpenText released its latest OpenText Cloud Editions (CE) 23.3, harnessing advanced technologies and innovations that seamlessly integrate AI and analytics capabilities across the portfolio. Building upon the success of Project Titanium, CE 23.3 marks the commencement of the Titanium X…

Read more →

Thales has reached an agreement with Thoma Bravo for the acquisition of 100% of Imperva for an enterprise value of $3.6 billion. With this acquisition, Thales is taking its cybersecurity business to the next level. Imperva will enable growth in…

Read more →

Apple has patched an exploited zero-day kernel vulnerability (CVE-2023-38606) in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported In early July, Apple fixed an actively exploited zero-day vulnerability (CVE-2023-37450) in WebKit. The vulnerability has been patched via…

Read more →

While technology advancements and distributed workforces have created efficiencies and flexibility for companies, they’ve also created overcomplexity, which can increase security risk. 53% of senior IT decision-makers say their IT environment is more complex than it was two years ago.…

Read more →

In software development, the importance of secure coding practices cannot be overstated. Fostering a security culture within development teams has become crucial to ensure the integrity and protection of digital systems. To delve deeper into this topic, we had the…

Read more →

In the Q2 2023, GuidePoint Research and Intelligence Team (GRIT) tracked 1,177 total publicly posted ransomware victims claimed by 41 different threat groups. The most impacted industries GRIT’s report shows a 38% increase in public ransomware victims compared to Q1…

Read more →

Despite mass adoption of generative AI, most companies don’t have a coordinated strategy for deploying it or know how to assess its security—exposing them to risks and disadvantages if they don’t change their approach, according to Grammarly. Businesses are rushing…

Read more →

The number of known Cl0p victims resulting from its Memorial Day attack on vulnerable internet-facing MOVEit Transfer installations has surpassed 420, according to IT market research company KonBriefing Research. The cyber extortion group has lately switched to setting up company-specific…

Read more →

OneTrust announced a $150 million funding round. This capital will bolster OneTrust’s continued growth to meet customer demand for trust intelligence software. The round was led by new investor Generation Investment Management with participation from existing investor Sands Capital, bringing…

Read more →

D2iQ announced DKP AI Navigator, empowering enterprise organizations to overcome one of the biggest challenges they face in adopting cloud-native technology–the skills gap. Through a user-friendly interface, DKP AI Navigator enables organizations to harness more than a decade of the…

Read more →

Seven US artificial intelligence (AI) giants – Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI – have publicly committed to “help move toward safe, secure, and transparent development of AI technology.” The commitments “Companies that are developing these emerging technologies…

Read more →

IBM released its annual Cost of a Data Breach Report, showing the global average cost of a data breach reached $4.45 million in 2023 – an all-time high for the report and a 15% increase over the last 3 years.…

Read more →

In this Help Net Security interview, Debbie Gordon, CEO of Cloud Range explains the concept of a cyber range, its crucial role in preparing for real-world cyber threats, and the importance of realism in cyber training scenarios. Gordon also discusses…

Read more →

Fraudsters are opportunistic criminals and 2022 and the first few months of this year brought opportunities like never before, according to Experian. This volatility perpetuated an unpredictable atmosphere for both businesses and consumers alike. The report found that consumers and…

Read more →

Digital identity refers to the unique and electronically stored representation of an individual or entity’s personal information, characteristics, and attributes. It encompasses various digital identifiers, such as usernames, email addresses, biometric data, or government-issued IDs, that allow users to authenticate…

Read more →

In this Help Net Security video, Marc Gaffan, CEO at IONIX, discusses how businesses’ biggest cybersecurity mistake is not protecting the full external attack surface that continues to expand to include a businesses’ entire digital supply chain. This is driven…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519) The exploitation of the Citrix NetScaler ADC zero-day vulnerability (CVE-2023-3519) was first…

Read more →

Deloitte has expanded their MXDR cybersecurity solution to help support some of the unique challenges for enterprise, cloud, and operational technology (OT) security operations center (SOC) delivery, by developing two new modules for identity security and mission-critical OT. “As the…

Read more →

IGEL has announced the appointment of Klaus Oestermann as CEO. A proven leader in growing global software businesses, Oestermann succeeds Jed Ayres who will continue on as IGEL Company Advisor. Oestermann, who brings a track record for scaling global software…

Read more →

AppViewX has joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners who provide software solutions that run or integrate with AWS. The program will help AppViewX drive new business and accelerate…

Read more →

North Korean state-sponsored hackers have been linked to two recent cyberattack campaigns: one involving a spear-phishing attack on JumpCloud and the other targeting tech employees on GitHub through a social engineering campaign. The JumpCloud intrusion On June 27, JumpCloud –…

Read more →

G-71 launched an extensive integration of its LeaksID solution with all major mail servers. This integration aims to ensure the utmost security of sensitive email attachments and heralds a new era in safeguarding valuable corporate information. In addition to serving…

Read more →

The exploitation of the Citrix NetScaler ADC zero-day vulnerability (CVE-2023-3519) was first spotted by a critical infrastructure organization, who reported it to the Cybersecurity and Infrastructure Security Agency (CISA). “In June 2023, threat actors exploited this vulnerability as a zero-day…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Code42, ComplyAdvantage, Diligent, Privacera, and Tenable. Tenable unveils agentless container scanning to prevent vulnerable containers from reaching runtime Tenable Cloud Security agentless container scanning enables…

Read more →

As we entered 2023, the cybersecurity landscape witnessed an increase in sophisticated, high-volume attacks, according to Gcore. The maximum attack power rose from 600 to 800 Gbps. UDP flood attacks were most common and amounted to 52% of total attacks,…

Read more →

Life sciences companies, including medical device manufacturers, biotech and pharmaceutical companies, are experiencing increasing rates of insider-driven data loss events, according to Code42. Faced with this growing threat, life sciences leaders are prioritizing modern data loss prevention strategies, which are…

Read more →

In this Help Net Security video, Chris Westphal, Head of Product Marketing at Ordr, discusses how healthcare organizations should measure their device security success and where they should be concentrating their future security investments. The post How healthcare organizations should…

Read more →

U.S. enterprises are responding to growing cybersecurity threats by working to make the best use of tools and services to ensure business resilience, according to ISG. Enterprises face growing cybersecurity threats The report for the U.S. finds that the U.S.…

Read more →

LTIMindtree partners with CYFIRMA to enhance the threat intelligence capabilities of its XDR platform and help global enterprises identify, evaluate, and manage potential risks and threats. LTIMindtree’s parent organization, Larsen & Toubro, through its L&T Innovation Fund, recently invested in…

Read more →

Island announced that the Island Enterprise Browser is now available in the AWS Marketplace. AWS Marketplace is a digital catalog that customers can use to find, buy, deploy and manage third-party software that runs on Amazon Web Services (AWS), the…

Read more →

OTAVA has expanded its Managed Security offerings with SIEM and SOC services to strengthen enterprises’ security posture by protecting operations against cyberthreats and attacks. OTAVA’s SIEM and SOC are complementary, purpose-built, security solutions that automate alerting, customize visualization with analysis,…

Read more →

Osano launched the multi-level Osano Privacy Program Maturity Model alongside its new Data Mapping product to help organizations understand where personal information is being stored, mitigate risks and grow mature privacy programs. Developing a privacy program is complex, and maintaining…

Read more →

FileCloud released FileCloud 23.1, bringing forward significant optimizations for collaboration, ease-of-use, and integration capabilities. With this latest version, FileCloud continues to redefine the way organizations securely access, manage, and share their files in the cloud. “File sharing and collaboration solutions…

Read more →

Do you know where your patients’ data lives once it’s in the cloud? Unfortunately, for many healthcare organizations, the answer is no – or, at least, it’s not a definitive yes. Knowing how (or where) data is used, shared or…

Read more →

In this Help Net Security video, Greg Woolf, CEO at FiVerity, discusses how the emergence of sophisticated fraud tools powered by AI and recent upheavals in the banking sector have forged an ideal environment for financial fraud. This complex scenario…

Read more →

As modern software trends toward distributed architectures, microservices, and extensive use of third-party and open source components, dependency management only gets harder, according to Endor Labs. Application development risks A new research report explores emerging trends that software organizations need…

Read more →

The number of successful ransomware attacks and data breach attempts fell by 30% over the last year, the number of reported security incident types at organizations increased, according to the 2023 Cybersecurity Perspectives Survey by Scale. Security incident types In…

Read more →

Today’s security operations (SecOps) teams are tasked with protecting progressively sophisticated, fast-paced cyberattacks, according to Vectra AI. Yet, the complexity of people, processes, and technology at their disposal is making cyber defense increasingly unsustainable. The ever-expanding attack surface combined with…

Read more →

Feedzai introduced Railgun, its next-generation AI engine designed to target and intercept financial fraud before it can occur. In order to scale, today’s risk engines force financial institutions to limit the data they use to make risk decisions – typically…

Read more →

Diligent launched Board Reporting for IT Risk to provide CISOs and IT risk professionals with a holistic view of their organization’s risk posture. “As cyber evolves so does the risk landscape, and it becomes a matter of not whether you’re…

Read more →

Designed to enable developers and businesses to create counter-fraud safeguards that protect against the evolving threat of online fraud and cyberattacks, Vonage Protection Suite is a comprehensive portfolio of counter-fraud products and solutions that brings a unique level of customer…

Read more →

Trend Micro announced Trend Vision One – Endpoint Security, the latest offering in its next-generation cybersecurity platform, which unifies prevention, detection, and response for user endpoints, servers, cloud workloads, and data centers. This solution aims to support customers throughout their…

Read more →

ExtraHop launched ExtraHop IDS for Government to help agencies accelerate zero trust ahead of the 2024 deadline. As agencies look to implement a zero trust architecture ahead of the 2024 deadline, they are racing to enhance visibility into their IT…

Read more →

Bitwarden has announced a new single sign-on (SSO) offering that brings convenience and security to enterprise users, regardless of identity provider. Coming later in 2023, SSO with trusted devices presents another milestone offering for enterprises seeking secure and convenient passwordless…

Read more →