Tag: Help Net Security

In April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised. The attack was claimed by the Russian-linked ALPHV/Blackcat ransomware group.…

Read more →

A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the exploited vulnerability As noted by Jumpsec researchers Max Corbridge and Tom Ellson, Microsoft Teams’…

Read more →

lockr launched Connections Hub to verify the authenticity of first-party datasets. Connections Hub expands lockr’s partnerships with publisher-focused data platforms such as CDPs and Clean Rooms, allowing publishers to easily assess and manage the impact of machine-generated emails on their…

Read more →

Honeywell has agreed to acquire SCADAfence, a provider of OT and IoT cybersecurity solutions for monitoring large-scale networks. SCADAfence brings proven capabilities in asset discovery, threat detection and security governance which are key to industrial and buildings management cybersecurity programs.…

Read more →

Organized criminal groups exploited a flaw in Revolut’s payment systems and made off with $20+ million of the company’s money, the Financial Times reported on Sunday, citing people with knowledge of the situation. Revolut’s cybersecurity troubles Revolut is a privately…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Island Enterprise Browser: Intelligent security built into the browsing session In this Help Net Security interview, Mike Fey, CEO of Island, explains the differences between…

Read more →

We’re halfway through 2023 already and moving into our seventh Patch Tuesday of the year next week. There’s been a lot of activity with Microsoft this month which may impact updates we’ll see. But first taking a quick look back…

Read more →

As more companies recognize APIs as the building blocks of modern software, API tools and services are evolving to meet their needs, according to Postman. Adopting an API-first approach “More companies are adopting an API-first approach to software development, and…

Read more →

Network attacks (IPS detections) have remained relatively flat over the last three quarters, technically down a bit more than 3%, according to WatchGuard. “Organisations need to pay more active, ongoing attention to the existing security solutions and strategies their businesses…

Read more →

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of…

Read more →

Dig Security announced it has added support for Optical Character Recognition (OCR) to the Dig Data Security Platform. Dig can now detect sensitive customer data in image files, such as passports and driver’s licenses, that are stored in multi-cloud environments.…

Read more →

ISACA is joining the European Cyber Security Organisation (ECSO). The membership will work to accelerate ECSO and ISACA’s shared commitment to advancing cybersecurity, fostering collaboration and driving digital trust across Europe. ISACA’s membership brings numerous benefits and opportunities for organisations…

Read more →

TXOne Networks announced its Stellar solution for defending operational stability. Employing TXOne Networks’ approach to security, Cyber-Physical System Detection and Response (CPSDR), Stellar supports the priorities of security and operations without either team having to sacrifice capability or performance. Already…

Read more →

Regulatory compliance and cybersecurity improvement are not two sides of the same coin: they are distinct pillars that demand specialized attention. Achieving compliance does not create an impenetrable fortress against threats, it merely creates a baseline defense. So, how can…

Read more →

Computer scientists at the University of Waterloo have discovered a method of attack that can successfully bypass voice authentication security systems with up to a 99% success rate after only six tries. Experts expose flaws in voiceprint technology Voice authentication…

Read more →

An overwhelming number of respondents familiar with ChatGPT were concerned about the risks it poses to security and safety, according to Malwarebytes. They also don’t trust the information it produces, and would like to see a pause in development so…

Read more →

As AI technology advances, it is essential to remain mindful of familiar and emerging risks. Education is critical to fostering responsible AI innovation, as understanding the technology and its limitations raises standards and benefits everyone. In this Help Net Security…

Read more →

Hackrate launched HackGATE, a monitoring platform specifically designed for ethical hacking projects. Thousands of IT security teams around the world struggle with efficiently monitoring ethical hacking projects and determining whether a test yielded a clear result because their systems are…

Read more →

LTIMindtree has launched a comprehensive cyber-recovery and data protection platform called ‘LTIMindtree V-Protect’, powered by Rubrik. LTIMindtree V-Protect is a offering from LTIMindtree which provides data protection and seamless recovery for M365 workloads such as Exchange, SharePoint, OneDrive, and Teams.…

Read more →

CampusGuard launched CampusGuard Central 2.0, a new release of its dynamic customer compliance portal. CampusGuard Central enables organizations to manage their PCI DSS compliance status across their entire enterprise with one easy-to-use tool. CampusGuard Central 2.0 includes the following enhancements:…

Read more →

Running about 200,000 daily security scans, the free Community Edition now has an online security test to quickly verify security, privacy and compliance of email servers. According to the most recent Trend Micro’s report, both sophistication and volume of phishing…

Read more →

As 40% of consumers harbor skepticism regarding organizations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack, according to Object First. Consumers request data protection Furthermore, consumers request increased data protection from vendors, with 55% favoring…

Read more →

Healthcare continues to be one of the most attractive targets for cyberattackers, and the number of breaches affecting the industry is increasing yearly. In this Help Net Security video, Steve Gwizdala, VP of Healthcare at ForgeRock, discusses how vigilance and…

Read more →

Small organizations face the same security threats as organizations overall but have less resources to address them, according to Netwrix. Lack of budget among small organizations The most common security incidents are phishing, ransomware, and user account compromise. However, smaller…

Read more →

In this Help Net Security interview, Mike Fey, CEO of Island, explains the differences between consumer browsers and the Island Enterprise Browser, how it protects organizations’ data, and how it uses contextual information to provide users with a safe browsing…

Read more →

Waterfall Security Solutions confirmed the opening of a new European headquarters in the Netherlands. This continued expansion of Waterfall’s presence in Europe is in response to the strong increase in demand for Waterfall products throughout the EU. Waterfall’s growing customer…

Read more →

Node4 announced the acquisition of ThreeTwoFour, an information security and technology risk specialist. The acquisition is Node4’s third significant growth purchase in the last 18 months, having also bought risual, an IT managed services and solutions provider and Tisski, a…

Read more →

Enterprise leaders in procurement, IT, and finance need to take immediate action to rationalize their SaaS portfolios to prevent spending and governance challenges from spiraling out of control, according to Productiv. Productiv analyzed how nearly 100 million SaaS licenses were…

Read more →

Aggregated honeypot data, over a six-month period, showed that more than 50% of the attacks focused on defense evasion, according to Aqua Security. Threat actors avoid detection These attacks included masquerading techniques, such as files executed from /tmp, and obfuscated…

Read more →

IT leaders are losing sleep over improving overall IT performance (60%), data security (50%), process risk and compliance (46%), and the need to improve agility (41%), according to Rocket Software. To overcome these challenges, IT organizations are turning to hybrid…

Read more →

Threat actors are well-aware of the vulnerability of our cloud infrastructure. The internet we have today is not equipped to serve the data needs of the future. When data is stored in the cloud, it can end up across several…

Read more →

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches…

Read more →

In this Help Net Security video, Charl van der Walt, Head of Security Research at Orange Cyberdefense, discusses cyber extortion attacks and their expansion to new regions. A recent report revealed that cyber extortion activity reached the highest volume ever…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Bitdefender, Cequence Security, ConnectSecure, Cymulate, Cytracom, Datadog, Delinea, Edgescan, Enveedo, ESET, Index Engines, Island, iStorage, Lacework, NetApp, Netscout, Netskope, NinjaOne, Okta, Permit.io, PingSafe, Quantinuum,…

Read more →

As more businesses experience resource and cost constraints, 86% of MSPs and MSSPs customers are outsourcing their security needs to consolidate security tools, according to OpenText. “Staffing issues that have plagued the security industry for years are getting worse due…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unlocking internet’s secrets via monitoring, data collection, and analysis In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring,…

Read more →

CobolCloud and Kubo Labs sign a partnership agreement to secure legacy applications in Kubernetes environments. “CobolCloud is the very latest generation of COBOL tools allowing on the one hand, the recompilation of existing applications without modifying the source code, and…

Read more →

Attain Insight released Attain Insight Security 4X version 4.0, an upgrade to its flagship security software. This latest release introduces new features and enhancements designed to fortify data protection, streamline compliance processes, and bolster user management across diverse enterprise environments.…

Read more →

Total Assure announced its spinout from IBSS. Total Assure partners with its customers to identify security gaps, develop attainable cybersecurity objectives, and deliver comprehensive cybersecurity solutions that protect their businesses from modern cybersecurity threats. On account of the cybersecurity talent…

Read more →

Nokod Security announced its $8 million seed round, which will be used to establish a presence in the United States market, as well as to expand the R&D teams and support novel research of security vulnerabilities in the low-code/no-code domain.…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Cequence Security, Delinea, Index Engines, and NetApp. Delinea Privilege Manager enhancements reduce phishing effectiveness Based on Delinea’s deep expertise and customer feedback, the new Workstation…

Read more →

IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months when more employees are often traveling or working remotely, according to ThreatX. With more endpoints and applications in use, and often personal rather…

Read more →

In the dynamic business landscape where third-party relationships assume a critical role, organizations confront various risks that can profoundly affect their security and compliance requirements, according to Panorays. Even amidst tough economic times, the crucial nature of these risks necessitates…

Read more →

In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring, collecting, and analyzing internet data to gain a profound understanding of the internet. This insight plays a vital role in protecting and empowering customers.…

Read more →

Perception Point reveals its latest detection innovation, developed to counter the emergent wave of AI-generated email threats. The AI-powered technology leverages Large Language Models (LLMs) and Deep Learning architecture to effectively detect and prevent BEC attacks, a cyber threat which…

Read more →

WISeKey has unveiled a major upgrade to its digital identity and privacy platform, WISeID.com, designed to provide users with enhanced protection against identity theft and increase privacy in today’s hyper-connected digital world. The new generation of WISeID builds upon WISeKey’s…

Read more →

Keepit launched new backup and recovery service for Microsoft Azure DevOps. “Azure DevOps has limited disaster recovery coverage. If a company loses its Azure DevOps data, it loses access to development operations, which means it loses the ability to track,…

Read more →

Immuta launched its latest platform enhancements to deliver simplified data security and monitoring in Snowflake so that joint customers can unlock more value, reduce costs, and speed up innovation. These new features include strengthened data mesh support, enhanced security for…

Read more →

Skyhigh Security announced it’s enabling organizations to adopt artificial intelligence applications in a secure manner that protects sensitive, confidential, and business critical information through its Security Service Edge (SSE) portfolio. Skyhigh Security’s technology protects data and stops threats in the…

Read more →

Daon announces the addition of AI.X technology to expand the capabilities of its IdentityX and TrustX platforms. Designed for emerging identity threats from generative AI technology, AI.X includes pioneering technology that protects against deepfakes across voice, face, and document verification.…

Read more →

An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found – and…

Read more →

Twilio and Frame AI announced a partnership to leverage AI to enhance customer engagement delivered within Twilio Flex. With the help of Frame AI’s platform, Twilio Flex (the cloud-based digital engagement solution for personalized interactions across contact centers, sales, and…

Read more →

In this Help Net Security video, Mitja Kolsek, CEO at Acros Security, discusses micropatches, a solution to a huge security problem. With micropatches, there are no reboots or downtime when patching and no fear that an official update will break…

Read more →

Many popular generative AI projects are an increased security threat and open-source projects that utilize insecure generative AI and LLMs also have poor security posture, resulting in an environment with substantial risk for organizations, according to Rezilion. Advancements in LLMs…

Read more →

In 2022, the total number of DDoS attacks worldwide increased by 115.1% over the amount observed in 2021, according to Nexusguard. The data also showed that cyber attackers continued to alter their threat vectors by targeting the application platforms, online…

Read more →

Attack surface expansion is a byproduct of doing business today, especially for enterprises that rely on the cloud. As businesses adapt and scale, the assets and platforms they use inevitably grow and change. This can result in attack surface exposures,…

Read more →

Fewer than one in ten CIOs can claim that they have avoided a network outage, according to Opengear. This finding is among new research by Opengear of both CIOs and network engineers globally. The scale and frequency of network outages…

Read more →

NetApp announced new capabilities in NetApp BlueXP, offering cohesive data protection through a single point of control. In today’s technology landscape, data has never been more valuable or more vulnerable. Data powers operations, fuels innovation, and creates exceptional customer experiences.…

Read more →

Red Access announced a true agentless secure browsing platform suited for hybrid work environments. The Red Access agentless browsing security platform is browser-agnostic, giving company workforces the ability to use any web browser they want and benefit from enterprise-grade secure…

Read more →

Astrix Security has secured $25 million in Series A funding led by CRV with participation from existing investors Bessemer Venture Partners and F2 Venture Capital. This new investment brings Astrix’s total funding to almost $40 million. Fueled by the increased…

Read more →

Cybellum unveiled a new brand identity and new platform capabilities reinforcing its commitment to the product security community. The new brand channels the company’s focus on the multiple teams involved in today’s product security operations. Now more than ever, product…

Read more →

Betacom introduced Betacom AirGap Protection, a network architecture aimed at enhancing cybersecurity for its flagship offering, Betacom 5G as a Service (5GaaS). The new cyber defense enhancements provide multi-layered security to reduce the risk, complexity and cost of adding industrial…

Read more →

Bitdefender has agreed to acquire Horangi Cyber Security to address the growing demand for advanced, streamlined management of cybersecurity, compliance, and governance of multi-cloud environments. As organizations continue to accelerate cloud adoption, they struggle to manage the thousands of configuration…

Read more →

Lockbit 3.0 is currently the most active ransomware group, NCC Group says in its most recent Threat Pulse report, but new ransomware groups like 8Base and Akira are rising in prominence. Collectively, the various ransomware groups revealed 436 victim organizations…

Read more →

Cynerio has unveiled the further integration of generative AI into its existing offerings. “It is clear that the healthcare industry will continue to face increasing cyber attacks,” said Leon Lerman, CEO of Cynerio. “With 89% of hospitals experiencing cyber attacks…

Read more →

Bishop Fox has expanded its social engineering testing services, which are an integral part of the company’s Red Team portfolio. In contrast to narrow and rudimentary security awareness solutions, Bishop Fox’s services emulate complex, multistage and multilayer adversarial attack behavior,…

Read more →

Fortanix has released Fortanix Confidential Data Search, a solution that supports highly scalable searches in encrypted databases with sensitive data, without compromising data security or privacy regulations. Current solutions that enable secure searches of encrypted data are predominantly based on…

Read more →

Socure acquired Berbix, a San Francisco-based startup that developed a high-accuracy document verification solution with a patent-pending forensics engine able to detect spoofed IDs – including AI-generated fakes – that are visually indistinguishable to the human eye. The approximately $70…

Read more →

Thales announced a new partnership with Google Cloud to develop new data security capabilities powered by generative AI that will improve companies’ ability to discover, classify and protect their most sensitive data. The partnership is part of Thales’ generative AI…

Read more →

AWS announced AWS AppFabric, a no-code service that enhances companies’ existing investment in software as a service (SaaS) applications with improved security, management, and productivity. With just a few clicks in the AWS Management Console, information technology (IT) and security…

Read more →

In today’s data-driven world, organizations that can harness the power of big data and derive actionable insights are positioned to succeed. However, the sheer number of big data companies vying for attention has made it crucial for entrepreneurs to differentiate…

Read more →

Our healthcare systems are at risk of infiltration by threat actors, potentially disrupting services, compromising sensitive data, and even jeopardizing patient outcomes. Among the people addressing these challenges is Dennis Fridrich, VP of Cybersecurity at TRIMEDX, who not only understands…

Read more →

The current economic conditions are leading companies of all sizes to reassess their operations and business strategies to remain competitive and profitable, according to Kaseya. Business growth key driver for it budgets Budgets and resources may be shrinking, but workloads…

Read more →

Cequence Security announced new updates to the Unified API Protection (UAP) platform that strengthen customers’ ability to discover, manage risk and protect APIs. With the latest capabilities, organizations can rapidly deploy API Security Testing with built-in generative AI automation, protect…

Read more →

Delinea announced the latest release of Privilege Manager, its solution for providing privilege elevation controls for users and applications on workstations. The latest enhancements significantly improve ease of use for customers by preconfiguring five of the most common privilege elevation…

Read more →

Index Engines announced CyberSense 8.3, which features several user experience updates highlighted by additional metrics after a ransomware attack is detected, a new setup wizard and system configuration interface. CyberSense scans backup data and snapshots to validate their integrity and…

Read more →

BeeKeeperAI has closed $12.1 million in Series A financing. The round was led by Sante Ventures, with participation from the Icahn School of Medicine at Mount Sinai, AIX Ventures, Continuum Health Ventures, TA Group Holdings, and UCSF. The new funding…

Read more →

CalypsoAI has raised $23 million in a Series A-1 financing. Paladin Capital Group led the round, with participation from existing investors including Lockheed Martin Ventures, new investors Hakluyt Capital and Expeditions Fund, and strategic angels, including Auren Hoffman and Anne…

Read more →

LexisNexis Risk Solutions has launched an end-to-end customer lifecycle management platform to help businesses effortlessly integrate multiple information sources to make better risk decisions and provide smoother customer journeys. LexisNexis RiskNarrative leverages automation and decisioning technology to provide a sophisticated,…

Read more →

BigID announced an expanded partnership with Databricks to provide data security, privacy, and governance solutions to customers. This joint effort aims to automate data discovery and classification, alleviate the workload of data professionals, and streamline governance processes. BigID’s integration with…

Read more →

Worldwide, 6558 arrests follow the dismantling of EncroChat, a tool favored by organized crime groups (OCGs). 197 of those arrested were high-value targets. This result is detailed in the first review of EncroChat, presented today by the French and Dutch…

Read more →

In this Help Net Security video, Fawaz Rasheed, Field CISO at VMware, discusses how cyber insurance remains the high tide that rises ships. For organizations choosing to purchase cyber insurance, the requirements set forth towards them are beneficial in advancing…

Read more →

Learn how NetSPI’s always-on solution allows companies to improve visibility, inventory, and understanding of known and unknown assets and exposures on their global attack surface and distill signal from noise. After all, the discovery of assets and vulnerabilities is table…

Read more →

European organizations experienced a greater volume and frequency of BEC attacks over the last year, as compared to organizations in the United States, according to Abnormal Security. BEC attacks volume and frequency The data is based on an analysis of…

Read more →

Although numerous respondents acknowledged employing risky practices and behaviors within their cloud environments, they strongly believe in the effectiveness of their security tools and processes to safeguard their organizations against meticulously planned attacks, according to Permiso. That high confidence level…

Read more →

Snowflake announced an expanded partnership with Microsoft, enabling new product integrations across AI, low code/no code application development, data governance, and more. The two companies will also implement new programs to enhance joint go-to-market strategies and improve field collaboration, bringing…

Read more →

Immuta has announced key enhancements to its Data Security Platform for Databricks that enable data teams to leverage Immuta’s full platform capabilities, unlocking value from data, reducing costs, and speeding up innovation while maintaining strong data security posture. These updates…

Read more →

While mobile users are increasingly falling victims of cybercriminals, organizations are raising their spending in mobile endpoint detection and response solutions (Mobile EDR). To tackle these new cybersecurity threats, they are turning to their Managed Security Service Providers (MSSPs) to…

Read more →

49% of organizations around the world had to deal with fake or modified physical identity documents in 2022, as Regula’s survey revealed. With this fraud always on the rise, Regula is reinforcing its solution for document verification with extra features,…

Read more →

New Relic has launched New Relic APM 360, that goes beyond incident troubleshooting insights for select experts to daily performance, security & development insights for all engineers. APM 360 correlates all essential telemetry data across the application stack and development…

Read more →

Databricks has entered into a definitive agreement to acquire MosaicML, a generative AI platform. Together, Databricks and MosaicML will make generative AI accessible for every organization, enabling them to build, own and secure generative AI models with their own data.…

Read more →

The compromise of PBI Research and The Berwyn Group’s MOVEit installation has resulted in the theft of data belonging to several pension systems and insurance companies – and millions of their users. PBI + Berwyn Group – a population management…

Read more →

In this Help Net Security interview, Brett Harris, Cybersecurity Officer for the Americas at Siemens Healthineers, discusses the long-term impacts of cyberattacks on healthcare institutions and what healthcare providers can do to protect patients’ personal data and medical devices. Can…

Read more →

Attackers typically find exposed “secrets” – pieces of sensitive information that allow access to an enterprise cloud environment — in as little as two minutes and, in many cases, begin exploiting them almost instantly, highlighting the urgent need for comprehensive…

Read more →

Cryptography In this course, you’ll learn how to protect information to ensure its integrity, confidentiality, authenticity, and non-repudiation. You will develop a basic understanding of cryptographic concepts and how to apply them, implement secure protocols, key management concepts, critical administration…

Read more →

Moving critical data and workloads to the cloud has significantly changed information security teams. But most don’t have the resources to be successful in their cloud attack modeling—not to mention the deployment of measurable controls to defend against these evolving…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unraveling the multifaceted threats facing telecom companies In this Help Net Security interview, Georgia Bafoutsou, Cybersecurity Officer at the European Union Agency for Cybersecurity (ENISA),…

Read more →

Wallarm announced its API Abuse Prevention feature to address one of the most critical API threats: bot-based attacks. Wallarm can now accurately identify and mitigate API bot activity, protecting systems against API abuse, account takeover (ATO), and price scraping. This…

Read more →

Proof-of-concept (PoC) exploit code for the high-severity vulnerability (CVE-2023-20178) in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows has been published. About the vulnerability Cisco Secure Client Software – previously known as Cisco…

Read more →

Privacera announced the private preview of Privacera AI Governance (PAIG). From the continuous scanning and classification of training data to the securing and auditing of AI models, model outputs, and user requests, PAIG empowers organizations to efficiently manage the entire…

Read more →