Tag: Help Net Security

Tanium released major enhancements to the Tanium Software Bill of Materials (SBOM) that now include Common Vulnerability and Exposures (CVE) information. Software supply chain attacks continue to spike due in part to the increasing reliance of organizations on numerous third-party…

Read more →

Celerium released its latest cybersecurity solution, Compromise Defender. As an integral part of Celerium’s Cyber Defense Network , this innovative solution combines rapid implementation and automation to provide early detection and defense of compromise activity. Research by IBM found that…

Read more →

Security researchers have uncovered a bug that could allow attackers to deliver malware directly into employees’ Microsoft Teams inbox. “Organisations that use Microsoft Teams inherit Microsoft’s default configuration which allows users from outside of their organisation to reach out to…

Read more →

McAfee announced McAfee Business Protection, a new comprehensive security solution for small business owners in collaboration with Dell Technologies. McAfee Business Protection helps Dell small business customers stay ahead of cyber threats and vulnerabilities with security, identity and dark web…

Read more →

Aviatrix announced the appointment of Doug Merritt as CEO and President. He will also join the Aviatrix Board of Directors as Chairman. Merritt will succeed Steve Mullaney, who for the past four years has built Aviatrix into an industry-defining enterprise…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Cymulate, Edgescan, ESET, iStorage, and Netskope. iStorage launches datAshur PRO+C with Type-C USB interface iStorage’s new datAshur PRO+C is a user-friendly USB 3.2 (Gen 1)…

Read more →

Some organizations have bought into the idea that workloads in the cloud are inherently more secure than those on premises. This idea is reinforced by the concept that the cloud service provider (CSP) assumes responsibility for security. However, while a…

Read more →

Only 3.54% of of insurance companies have correctly implemented basic phishing and spoofing protection, according to EasyDMARC. DMARC standard adoption Insurers operate using highly sensitive, private information that they’ve been trusted by clients and customers to protect. They function in…

Read more →

As data transformation progresses, cyber attacks are among the most significant growing threats to the enterprise. As seen in the recent MOVEit situation, enterprises must immediately enact cybersecurity solutions that are right for them. Every enterprise is unique, so a…

Read more →

Exabeam has unveiled that Adam Geller has been appointed as CEO. Michael DeCesare is stepping down as CEO and President, but will continue to serve as a Board advisor. Geller is a well-respected Silicon Valley leader who has built a…

Read more →

The industry’s first-ever directory of virtual CISO (vCISO) service providers has gone live. This list of vCISO providers means that SMBs can tap the expertise of qualified cybersecurity professionals to protect their digital assets and ensure compliance. To help organizations…

Read more →

Apple has released patches for three zero-day vulnerabilities (CVE-2023-32434, CVE-2023-32435, CVE-2023-32439) exploited in the wild. The first two have been reported by Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko and Boris Larin following their discovery of the iOS spyware implant they…

Read more →

Infosecurity Europe is taking place at ExCeL London from 20-22 June 2023 and Help Net Security is on site. The first gallery is available here, and the second gallery is here. Here’s a closer look at the conference featuring: Swimlane,…

Read more →

ChatGPT can be used to generate phishing sites, but could it also be used to reliably detect them? Security researchers have tried to answer that question. Can ChatGPT detect phishing sites based on URLs? Kaspersky researchers tested 5,265 (2322 phishing…

Read more →

Technologies like Kubernetes and K3S are synonymous with the success of cloud native computing and the power of open source. It is no accident they have steamrolled the competition. As enterprises look to secure cloud-native environments, open source is the…

Read more →

In today’s interconnected world, telecom companies serve as gateways, connecting individuals, businesses, and governments. However, this role also makes them prime targets for cyberattacks. From DDoS attacks to sophisticated spyware infiltration, telecom providers face a wide range of threats that…

Read more →

Not only are macroeconomic headwinds causing more significant stress for security and DevOps teams, but the increasing number of threats against shrinking teams is causing an uneven playing field. In this Help Net Security video, Ev Kontsevoy, CEO at Teleport,…

Read more →

Security teams are stretched, with not enough people, skills or budget to cope with all their priorities, according to Panaseer. Average cybersecurity budgets increase in 2023 The survey of over 400 cybersecurity decision makers and practitioners across the US and…

Read more →

Exabeam has announced the general availability of Outcomes Navigator, an advanced visualization feature within the New-Scale SIEM product portfolio. Outcomes Navigator helps cybersecurity leaders overcome one of their most significant challenges –– having a clear understanding and way to visualize…

Read more →

Cloudflare has partnered with Databricks to enable organizations to safely, simply, and affordably share and collaborate on live data. With Cloudflare and Databricks, joint customers can eliminate the complexity and dynamic costs that stand in the way of the full…

Read more →

Habu has joined the Amazon Web Services (AWS) Partner Network (APN) and has launched a new solution to integrate its Data Clean Room offering with AWS Clean Rooms, and enable customers and their partners to analyze their collective data sets…

Read more →

Island announced an enterprise-grade set of Data Loss Prevention (DLP) capabilities for all popular interactive AI-type applications including ChatGPT, Bard and others, within its Enterprise Browser. These features are available in multiple deployment modes to accommodate various interaction types; integrated…

Read more →

The importance of software bills of materials (SBOMs) has grown substantially in recent years as organizations recognize the need for greater transparency in the software supply chain. This focus on SBOMs is a response to increasing cybersecurity threats and legislative…

Read more →

Compromised credentials were found within the logs of info-stealing malware traded on illicit dark web marketplaces over the past year, according to Group-IB. The number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May 2023.…

Read more →

Infosecurity Europe 2023 is taking place at ExCeL London from 20-22 June 2023 and Help Net Security is on site. The first gallery is available here. Here’s a closer look at the conference featuring: Island, ThreatAware, Adaptiva, Infoblox, Noetic Cyber,…

Read more →

Infosecurity Europe 2023 is taking place in London this week, and this video provides a closer look at this year’s event. The post Infosecurity Europe 2023 video walkthrough appeared first on Help Net Security. This article has been indexed from…

Read more →

CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being exploited in the wild. There are no workarounds to mitigate the risk of exploitation – enterprise admins are advised to…

Read more →

IT teams have made security efforts and progress in zero-trust implementation strategies to establish a new sense of normalcy following the network upheaval caused by the start of the global pandemic. They have also addressed the need to secure remote…

Read more →

Censys has unveiled that NOS chose Censys to monitor its attack surface. Censys’ technology provides NOS with complete visibility into its external-facing infrastructure, simplifies its monitoring process and eliminates irrelevant alerts. As an internet provider for both the B2B and…

Read more →

IRONSCALES announced the Beta launch of Themis Co-pilot for Microsoft Outlook, a GPT-powered chat assistant for self-service threat reporting. Powering Themis Co-pilot is PhishLLM, a language model (LLM) hosted within the IRONSCALES infrastructure, which is the first in the IRONSCALES…

Read more →

eSentire launched eSentire AI Investigator, using generative AI powered cybersecurity to augment eSentire XDR Platform users of all levels with expertise to build their organization’s cyber resilience. eSentire’s platform has captured over 1 million expert-led cybersecurity investigations and response actions,…

Read more →

CYE announced a new capability in its Hyver platform that calculates dynamic risk in real-time. Hyver sets a new standard for the industry that will allow CISOs to take mitigation plans to the next level by optimizing real-time data to…

Read more →

Next DLP announced a new ‘Scoped Investigations’ capability in the Reveal platform that protects privacy by time bounding and restricting access to employee activity to only investigators with an approved and legitimate need to access it. A complementary pseudonymization feature…

Read more →

ExaGrid released software Version 6.3, which started shipping in June 2023. With each software update in Version 6, ExaGrid has been adding additional layers of security to its Tiered Backup Storage, which already guards against external threats by utilizing a…

Read more →

Infosecurity Europe is taking place at ExCeL London from 20-22 June 2023 and Help Net Security is on site. Here’s a closer look at the conference featuring: Island, Crowdstrike, Panorays, ManageEngine, Mazebolt, Cobalt, Intruder, TikTok, and CensorNet. The post Photos:…

Read more →

Orange Business, Orange Cyberdefense and Palo Alto Networks have joined forces to deliver a managed Secure Access Service Edge (SASE) solution that meets enterprise customers’ most demanding networking and security requirements with high performance, simplicity, and Zero Trust Network Access…

Read more →

Cymulate released a new solution for organizations to run an informed continuous threat exposure management (CTEM) program. The CTEM program, which was coined by Gartner is designed to diagnose the severity of exposures, create an action plan for remediation and…

Read more →

Edgescan released its new External Attack Surface Management solution, offering visibility and continuous monitoring to help secure organizations of all sizes. Today’s enterprises require a cloud-savvy security solution that effectively inventories, monitors, manages and protects their corporate assets across their…

Read more →

Black Kite released automated cyber risk quantification (CRQ) modeling for ransomware and business interruption scenarios. The new capabilities, which automates FAIR methodology, extends Black Kite’s data breach CRQ model to now provide visibility into all third-party risk scenarios, adds environmental,…

Read more →

Poorly managed Linux SSH servers are getting compromised by unknown attackers and instructed to engage in DDoS attacks while simultaneously mining cryptocurrency in the background. The Tsunami DDoS bot Tsunami, also known as Kaiten, is a type of DDoS bot…

Read more →

Malwarebytes launched the Malwarebytes Reseller Partner Program. The revamped program is dedicated to helping partners create profitable and consistent business growth through innovative endpoint security solutions and leading channel incentives such as lucrative base and multi-year discounts. “Today’s evolving threat…

Read more →

Netskope has released a comprehensive data protection solution to help enterprises securely manage employee use of ChatGPT and other generative AI applications, such as Google Bard and Jasper. As part of its Intelligent Security Service Edge (SSE) platform, Netskope enables…

Read more →

Silobreaker announced that it will be showcasing its enhanced geopolitical threat intelligence capabilities with RANE (Risk Assistance Network + Exchange) at Infosecurity Europe 2023. The tie-up will see Silobreaker integrate global risk intelligence company RANE’s Enterprise Geopolitical Intelligence into its…

Read more →

Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices. About CVE-2023-27992 CVE-2023-27992 is an OS command injection flaw that could be triggered remotely by an unauthenticated attacker, via a…

Read more →

Recon is the initial stage in the penetration testing process. It’s a vital phase allowing the tester to understand their target and strategize their moves. Here are ten open-source recon tools that deserve to be in your arsenal. Altdns Altdns…

Read more →

In this Help Net Security interview, Patricia Thaine, CEO at Private AI, reviews the main privacy concerns when using ChatGPT in a business context, as well as the risks that businesses can face if they betray customers’ trust. Thaine also…

Read more →

Verizon’s recently released 2023 Data Breach Investigation Report (DBIR) provides organizations with a comprehensive analysis of the evolving threat landscape and valuable insights into incident types and vulnerabilities. This year, the report includes the mapping of CIS (Center for Internet…

Read more →

Bradon Rogers, Chief Customer Officer at Island, provides an overview of the Island Enterprise Browser. Learn more at Infosecurity Europe 2023 – June 20-22, 2023. The post What if the browser was designed for the enterprise? appeared first on Help…

Read more →

The rapid pace of globalization, digital transformation, and AI advancements have created a renewed demand for digital and human skills among US learners, according to Coursera. “The rise of digital jobs and remote work is creating unprecedented opportunities for local…

Read more →

In this Help Net Security video, Michael Crandell, CEO of Bitwarden, discusses the future of passwords and authentication. Although interest in passwordless technology, which aims to eliminate the need for passwords, is relatively low, 65% of consumers are receptive to…

Read more →

ESET expanded its unified cybersecurity platform, ESET PROTECT, with a new subscription tier for businesses requiring all-in-one prevention, detection and response. Available immediately, ESET PROTECT Elite delivers enterprises, small and midsize businesses (SMBs), and channel partners with enterprise-grade XDR for…

Read more →

iStorage added a new encrypted flash drive to its highly successful datAshur range. The new datAshur PRO+C, with the Type-C interface, is the flash drive pending the new FIPS 140-3 Level 3 validation scheme. This offers robust guarantees as to…

Read more →

IBM announced plans to expand its longstanding partnership with Adobe to help brands successfully accelerate their content supply chains through the implementation of next-generation AI including Adobe Sensei GenAI services and Adobe Firefly (currently in beta), Adobe’s family of creative…

Read more →

The Microsoft 365 and Azure Portal outages users expirienced this month were caused by Layer 7 DDoS attacks, Microsoft has confirmed on Friday. The DDoS attacks against Microsoft 365 and Azure Portal Throughout the first half June 2023 Microsoft confirmed,…

Read more →

Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web application in less that a month. Previously, the Cl0p cyber extortion gang exploited CVE-2023-34362 to grab…

Read more →

In this Help Net Security video, Nick Mistry, SVP and CISO at Lineaje, offers tips to simplify the process of compliance with U.S. Executive Order 14028. A key part of U.S. Executive Order 14028 is for organizations that work with…

Read more →

When employees, contractors and service providers leave an organization, they take with them knowledge, capabilities, and professional achievements. They should leave behind any proprietary or confidential data belonging to the organization, but Osterman Research found that 69% of organizations polled…

Read more →

Organizations that closely align their cybersecurity programs to business objectives are 18% more likely to achieve target revenue growth and market share and improve customer satisfaction, as well as 26% more likely to lower the cost of cybersecurity breaches/incidents, on…

Read more →

In this Help Net Security round-up, we present parts of previously recorded videos from experts in the field that discuss about how AI technologies will impact the cybersecurity industry in the next few years. AI is a powerful tool in…

Read more →

Decades ago, Tony Turner, CEO of Opswright and author of Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, faced an SQL Slammer worm. Having been one of the 75,000 infected users, he called upon his skills…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building a culture of security awareness in healthcare begins with leadership In this Help Net Security interview, Ken Briggs, General Counsel at Salucro, discusses how…

Read more →

Virtana acquired cloud observability platform, OpsCruise, a purpose-built cloud-native, and Kubernetes observability platform. OpsCruise’s solution empowers ITOps/DevOps/SRE teams to predict performance degradation and pinpoint its cause. This is enabled by the deep understanding of Kubernetes and popular technologies used in…

Read more →

BSidesLjubljana 0x7E7 is taking place today at the Computer History Museum, and Help Net Security is on site. Here’s a look at the event featuring Solar Designer (Openwall), Boris Sieklik (MongoDB), Darko Kukovec (Infinum), and Daniel Poposki. The post Photos:…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from NETSCOUT, Okta, Quantinuum, Seceon, and Zilla Security. Okta Device Access enables businesses to secure access to both devices and applications As part of Okta’s Workforce…

Read more →

This year, against the backdrop of attacks on everyone from healthcare institutions and schools to financial services organizations, as well as the introduction of legislation across the UK and EU to move security up the agenda, cybersecurity has undoubtedly become…

Read more →

In this Help Net Security video interview, Thomas Roccia, Senior Security Researcher at Microsoft, discusses his new book – Visual Threat Intelligence. The book covers a wide range of topics, including: Threat intelligence fundamentals and methodologies TTP, Diamond Model of…

Read more →

Despite a hardening economic climate, heightened global tensions and the onset of new technology making cybercrime easier, 76% of the CISOs, suggested that no material breaches had occurred and 60% said that no material cybersecurity incident had occurred in the…

Read more →

After two years of pandemic-induced disruption, 2022 was a return to business as usual for the world’s cybercriminals, according to Proofpoint. As COVID-19 medical and economic programs began to wind down, attackers had to find new ways to make a…

Read more →

Coalition announced the Coalition Exploit Scoring System (Coalition ESS), a vulnerability scoring system that helps risk managers mitigate potential cyber threats. Developed by Coalition Security Labs, the company’s research and innovation center, Coalition ESS is a security risk prioritization scoring…

Read more →

T-Mobile and Google Cloud are working together to combine the power of 5G and edge compute, giving enterprises more ways to embrace digital transformation. T-Mobile will connect the 5G ANS suite of public, private and hybrid 5G networks with Google…

Read more →

anecdotes launched an updated version of its Risk Manager Application. Powered by data and automation, the Risk Manager delivers enterprise-level risk management insights and monitoring capabilities, enabling organizations to apply a risk-first approach to a broader Compliance management context. The…

Read more →

OneSpan announced expanded features for OneSpan Notary, a next-generation, all-in-one, cloud-connected solution that enables organizations to transform the way notaries and customers complete agreements and notarize documents in a secure and trusted environment. These new capabilities will now support Remote…

Read more →

VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network Insight), its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-20887, CVE-2023-20888,CVE-2023-20889) CVE-2023-20887 is a pre-authentication command injection vulnerability that…

Read more →

In this Help Net Security video, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber, discusses how cybercriminals employ specialized strategies when targeting energy companies. This is primarily due to the sensitive and valuable information these organizations hold and their…

Read more →

Digital key technology allows mobile devices to streamline approval for everyday access points, making it a fitting solution for the automotive industry. While there are a few different approaches to implementing digital keys for automotive use, a secure digital key…

Read more →

The tension between difficult economic conditions and the pace of technology innovation, including the evolution of AI, is influencing the growth of identity-led cybersecurity exposure, according to CyberArk. The CyberArk’s report details how these issues – allied to an expected…

Read more →

Fiddler Auditor is an open-source tool designed to evaluate the robustness of Large Language Models (LLMs) and Natural Language Processing (NLP) models. LLMs can sometimes produce unwarranted content, potentially create hostile responses, and may disclose confidential information they were trained…

Read more →

What if the enterprise had complete control over the browser? What would it do for security, productivity, for work itself? Ari Yablok, Head Of Brand at Island, invites you to visit Island at Infosecurity Europe 2023 (Stand S75) to learn…

Read more →

The use of MFA has nearly doubled since 2020 and that phishing-resistant authenticators represent the best choice in terms of security and convenience for users, according to Okta. MFA authentication gains traction MFA authentication has steadily gained traction across organizations…

Read more →

Zilla Security announced Zilla Secure and Segregation of Duties (SOD), two SaaS solutions that enable enterprise-wide identity security for cloud-based applications and infrastructure, SaaS, and legacy applications. “Organizations today face a stark reality around their cloud security posture,” said Deepak…

Read more →

Quantinuum launched Quantum Origin Onboard, an innovation in cryptographic key generation that provides quantum computing hardened cyber protection for a wide range of connected devices by maximizing the strength of keys generated within the devices themselves. The risk of cyberattacks…

Read more →

Absolute Software has expanded its differentiated Security Service Edge (SSE) solution with the launch of the Absolute Secure Web Gateway Service. Optimized for hybrid and mobile work models, this new extended offering builds on existing capabilities available in Absolute Secure…

Read more →

HPE announced that Rom Kosla has been appointed Chief Information Officer (CIO). “The performance and agility of our IT team is critical to ensuring our customers and partners have great experiences doing business with us, and that our team members…

Read more →

Zscaler has debuted four new cybersecurity services and capabilities which further extend the power of its Zscaler Zero Trust Exchange cloud security platform. The innovations not only enhance the monitoring and remediation of sophisticated attacks but also deliver a new…

Read more →

Rezilion released Agentless solution, allowing user connection and access to Rezlion’s full feature functionality across multiple cloud platforms. It enables security teams to monitor exploitable attack surfaces in runtime without using an agent to simultaneously minimize security and operational risk.…

Read more →

Kodem has launched from stealth and announced $25M in funding from Greylock and TPY Capital. Kodem will use the funds to launch its platform globally and expand its go-to-market team. The modern software supply chain is viral. Every software component…

Read more →

Silent Push launches with a total of $10M in seed funding led by global cybersecurity specialist investor Ten Eleven Ventures. Silent Push takes a unique approach to identifying emerging cyber threats by providing the most comprehensive view of global internet-facing…

Read more →

Deloitte is working with Amazon Web Services (AWS) to deliver ConvergeSECURITY, a cloud focused security and compliance service. ConvergeSECURITY allows enterprises to accelerate their cloud transformation efforts through a combination of artificial intelligence (AI)-enabled cloud security and compliance product solutions,…

Read more →

Echoworx announced that passkeys have been added to their authentication options. This versatile, advanced authentication method adds to their existing suite of security offerings and provides organizations with another layer of assurance that their data is safe. Organizations that use…

Read more →

Okta announced Okta Device Access, a new product that enables organizations to extend Okta’s Identity and Access Management (IAM) capabilities to secure access to corporate devices for a hybrid workforce. As part of Okta’s Workforce Identity Cloud, the solution will…

Read more →

Sycope is introducing version 2.3 of its network monitoring and security tool. The solution is based on real-time flow analysis enriched with business context and supports companies in securing performance and improving IT security. The new version brings numerous improvements…

Read more →

As a launch partner for the Wiz Integrations (WIN) platform, ContrastContrast Security brings the power of the Contrast Secure Code Platform to WIN, so that customers can seamlessly integrate Contrast’s application security and protections into their existing Wiz workflows. The…

Read more →

Swiss government websites are under DDoS attacks, but several ransomware gangs have also turned their sights on Swiss government organizations, cantonal governments, cities and companies in the last few months. Government sites under DDoS attacks “Several Federal Administration websites are/were…

Read more →

Eviden, an Atos business, announces AIsaac Cyber Mesh, a next generation of cybersecurity detection and response, reinforced by AWS Security Data Lake and powered by generative AI technologies. AIsaac Cyber Mesh offers an advanced end-to-end detection, response, and recovery solution,…

Read more →

Zscaler has unveiled a set of security solutions designed for IT and security teams to leverage the full potential of generative AI while preserving the safety of enterprises’ intellectual property and their customers’ data. By employing its vast data pool,…

Read more →

For many people, life’s fundamental activities are now conducted online. We do our banking and shopping online, turn to the digital realm for entertainment and to access medical records, and pursue our romantic interests via dating sites. That means apps…

Read more →

Business leaders worldwide understand they need to invest in digital transformation to meet a new innovation imperative, despite ongoing macroeconomic pressures and an increasingly uncertain, competitive business environment, according to Insight. The pandemic accelerated transformation in every industry as organizations…

Read more →

According to ESG, 70% of cybersecurity pros expect budget cuts or freezes this year, which, in turn, will trigger project delays and greater vendor scrutiny. Understaffing and low budgets are ever-present challenges, but security teams are uniquely affected by alert…

Read more →

Compliance obligations that support data privacy and cyber risk are nearly ubiquitous. Not only that, but they’re expanding. According to Gartner, government regulations covering these areas of emphasis will apply to five billion citizens and more than 70% of global…

Read more →

61% of SMBs have been hit by a successful cyberattack in the last year, according to BlackFog. The research study, which examined the business impact of cybersecurity for organizations in the US and UK, also revealed the growing importance of…

Read more →