Tag: Help Net Security

For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today! Microsoft has previously fixed CVE-2023-3079, a type confusion vulnerability in…

Read more →

Open-source code repositories have become integral to developers, enabling them to work faster and more flexibly with the added benefit of collaborating with other developers. While these platforms encourage agility, they can also create security concerns. oak9 has added a…

Read more →

HashiCorp has unveiled new products and solutions to expand HashiCorp’s identity-based security portfolio. These include a new addition for privileged access management (PAM), HashiCorp Boundary Enterprise, and a simplified secrets management SaaS offering, HashiCorp Cloud Platform (HCP) Vault Secrets. These…

Read more →

Google has announced the Google Cyber NYC Institutional Research Program, allocating $12 million to stimulate the cybersecurity ecosystem and establish New York City as the global leader in cybersecurity. The $12 million will go towards research conducted at four of…

Read more →

Cynerio collaborates with Microsoft to integrate with their cloud-native SIEM and SOAR offering Microsoft Sentinel. This collaboration aims to provide the healthcare industry with a comprehensive solution to address the growing security challenges posed by medical and IoT devices. As…

Read more →

Seceon announced two new products designed to quantify and report on the value of the platform for its partners and their clients. Seceon aiSecurity Score360 service provides comprehensive scanning and risk assessments of attack surfaces. It quantifies, prioritizes and benchmarks…

Read more →

GuidePoint Security has announced the availability of its Breach & Attack Simulation as a Service (BASaaS) offering. The new service is designed to help organizations maximize the value from their BAS tools and improve their security posture and the ROI…

Read more →

OneTrust announces enhancements to OneTrust’s data policy engine designed to identify data security, privacy, and governance violations and automatically set and enforce data policies across the entire data ecosystem. Coupled with powerful automation, OneTrust’s data discovery, classification, and governance solutions…

Read more →

Dragos launched the Dragos Global Partner Program to comprise OT cybersecurity technology, services, and threat intelligence. The Dragos Partner Program extends even further by offering training that prepares partners as experts who can offer their customers assessment services based on…

Read more →

NETSCOUT has introduced its Visibility Without Borders (VWB) platform to help organizations keep goods and services flowing by uniting performance, security, and availability under one common data framework. By proactively identifying areas of complexity, fragility, and risk, the platform unlocks…

Read more →

As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. CVE-2023-34362 PoC exploit released Horizon3…

Read more →

Automation Anywhere and Google Cloud announced an expanded partnership that combines the power of generative AI and intelligent automation to accelerate the adoption of AI and make it accessible to every enterprise. Automation Anywhere is utilizing Google Cloud’s large language…

Read more →

Accenture announced a $3 billion investment over three years in its Data & AI practice to help clients across all industries rapidly and responsibly advance and use AI to achieve greater growth, efficiency and resilience. “There is unprecedented interest in…

Read more →

Security leaders are recognizing that cloud and the way cloud security teams work today are becoming increasingly critical to business and IT operations, according to Trend Micro. As a result, cloud security and the foundational practices of their teams will…

Read more →

The advent of 6G communication systems brings forth new possibilities and advancements compared to previous generations. With hyper-connectivity and machine-to-machine communication at its core, 6G aims to bridge the gap between humanity and the world of machines. In this Help…

Read more →

In this Help Net Security video, Denis Mandich, CTO at Qrypt, talks about quantum computing. If we thought AI turned security and privacy on their head, quantum computing will break how we encrypt data today and risk revealing sensitive data…

Read more →

Cyber resilience is a leading strategic priority today, and most enterprises are now pursuing programs to bolster their ability to mitigate attacks. Yet despite the importance placed on cyber resilience, many organizations struggle to measure their capabilities or track their…

Read more →

VMware has unveiled four enhancements to further its digital employee experience (DEX) solution: the general availability of DEX for 3rd party managed devices, DEX for VMware Horizon, AI-driven Guided RCA, as well as the intent to expand Workspace ONE ITSM…

Read more →

TuxCare launched SecureChain for Java service to bolster software supply chain security via continuously secured and free repository service. With 76% of open source code used in the commercial code bases, threat groups see it as an ever-growing opportunity to…

Read more →

Erik Prusch will join ISACA as its new CEO. Based in Washington state, Prusch brings significant tech and leadership experience as a CEO and board director to the organization. “This is an exciting time for ISACA as we’ve expanded globally,…

Read more →

Stellar Cyber announced a new technology partnership with Mimecast, an email and collaboration security company. This powerful technology integration makes it easy for Stellar Cyber and Mimecast customers to swiftly mitigate the risk of damaging email-based attacks, such as phishing…

Read more →

The 2023 Verizon Data Breach Investigations Report (DBIR) has confirmed what FBI’s Internet Crime Complaint Center has pointed out earlier this year: BEC scammers are ramping up their social engineering efforts to great success. BEC attackers targeting the real estate…

Read more →

Progress Software customers who use the MOVEit Transfer managed file transfer solution might not want to hear it, but they should quickly patch their on-prem installations again: With the help of researchers from Huntress, the company has uncovered additional SQL…

Read more →

In response to growing use of generative AI tools, Darktrace launched a new risk and compliance models to help its 8,400 customers around the world address the increasing risk of IP loss and data leakage. These new risk and compliance…

Read more →

Regulatory bodies are taking potential data privacy violations much more seriously this year after a relatively quiet period that followed the enactment of regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We…

Read more →

With the rise of modern trends such as cloud computing and remote work, healthcare institutions strive to balance accessibility, convenience, and robust security. In this Help Net Security interview, Ken Briggs, General Counsel at Salucro, discusses how fostering a culture…

Read more →

Organizations are still grappling with identity-related incidents, with an alarming 90% reporting one in the last 12 months, a 6% increase from last year, according to The Identity Defined Security Alliance (IDSA). Protecting digital identities As identities continue to significantly…

Read more →

Cyber extortion attacks have become increasingly prevalent in recent years, posing a significant threat to organizations of all sizes and industries, according to Orange Cyberdefense. Examining data from a total of 6,707 confirmed business victims, the findings show a fluctuation…

Read more →

Fortinet has released several versions of FortiOS, the OS/firmware powering its Fortigate firewalls, without mentioning that they include a fix for CVE-2023-27997, a remote code execution (RCE) flaw that does not require the attacker to be logged in to exploit…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cl0p announces rules for extortion negotiation after MOVEit hack The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by…

Read more →

The Forum of Incident Response and Security Team (FIRST) has elected a new chair and appointed a new cyber security expert to its Board of Directors. Bringing a wealth of knowledge and experience, current board member Tracy Bills was chosen…

Read more →

Kyndryl unveiled a Cybersecurity Incident Response and Forensics (CSIRF) service to help customers proactively prepare for and respond to threats by applying the latest threat intelligence and experience from Kyndryl’s deep domain security experts. The new service helps customers investigate…

Read more →

eSentire introduces MDR for Network on AWS offering, extending its proprietary, on-premises network software to AWS cloud environments as a SaaS-based solution. As organizations continue to scale in the cloud, more than half of network detections will be cloud-based by…

Read more →

Barracuda Networks is urging customers running phyisical Email Security Gateway (ESG) appliances to replace them immediately, “regardless of patch version level.” Vulnerability identification and disclosure Barracuda has identified a critical vulnerability (CVE-2023-2868) in their ESG appliances on May 19, 2023,…

Read more →

Guardz has unveiled a new AI-powered Multilayered Phishing Protection solution to help small and medium-sized enterprises (SMEs) and managed service providers (MSPs) prevent phishing attacks before their security is compromised. The solution uses AI to provide small businesses and the…

Read more →

Gigamon announced that its Deep Observability Pipeline now delivers network-derived application metadata intelligence (AMI) into Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers,…

Read more →

Insight Enterprises is launching a new service offering designed to help unlock the vast potential of generative AI to drive value to clients’ businesses. Insight Lens for GenAI builds on Insight’s deep capabilities in enterprise applications, data platforms, technical architecture…

Read more →

OneTrust announces new data source connectors for OneTrust Data Discovery, bringing the total number of out-of-the-box connectors to over 200. This allows organizations to scan, classify, inventory, and remediate data from virtually any data source. “Data is created at unprecedented…

Read more →

VanDyke Software released the VShell 4.9 server, adding public key to the authentication methods supported by SFTP virtual roots. SFTP virtual roots allow system administrators to configure VShell to automatically transfer files to a remote SFTP server. Files uploaded to…

Read more →

Deepwatch announced a global strategic partnership with Lacework to offer organizations comprehensive and proactive security solutions. This strategic partnership combines Deepwatch’s MDR expertise with Lacework’s advanced cloud security analytics, providing enterprises with an unmatched level of protection against modern cyber…

Read more →

Blackpoint Cyber has received a $190 million growth investment led by Bain Capital Tech Opportunities, with participation from Accel. Bain Capital Tech Opportunities and Accel join existing investors including Adelphi Capital Partners, Telecom Ventures, Pelican Ventures and WP Global Partners.…

Read more →

The odd month-to-month pattern of CVEs addressed by Microsoft continued with the May Patch Tuesday. After seeing high numbers for April, we saw 20 and 23 CVEs fixed for Windows 11 and 10, respectively, in May. And after 62 CVEs…

Read more →

As cyberattacks intensify, more and more organizations recognize the need to have a strong security culture for all employees, according to Fortinet. Employee cybersecurity awareness The most recent report from Fortinet’s FortiGuard Labs found that ransomware threats remain at peak…

Read more →

In this Help Net Security video interview, Alan Watkins, CIS Controls Ambassador, CIS, talks about his new book – Creating a Small Business Cybersecurity Program, Second Edition. This book provides guidance and essential steps small businesses with 25-50 employees should…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Datadog, Enveedo, Lacework, and NinjaOne. Lacework simplifies cloud security with risk calculation on users’ permissions Lacework announced new CIEM functionality to address the complex…

Read more →

Security executives are overwhelmingly craving more AI solutions in 2023 to help them battle the growing cybersecurity threat landscape, according to Netrix Global. 22% of respondents said that they would like to see more AI used in cybersecurity this year,…

Read more →

The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them – or they will post their…

Read more →

Open-source GitHub cybersecurity projects, developed and maintained by dedicated contributors, provide valuable tools, frameworks, and resources to enhance security practices. From vulnerability scanning and network monitoring to encryption and incident response, the following collection encompasses a diverse range of projects…

Read more →

Businesses have been using artificial intelligence for years, and while machine learning (ML) models have often been taken from open-source repositories and built into business-specific systems, model provenance and assurance have not always necessarily been documented nor built into company…

Read more →

In this Help Net Security video, Mattias Fridström, Chief Evangelist at Arelion, talks about the DDoS threat landscape during 2023. DDoS attacks reflect significant geo-political challenges and social tensions and have become an increasingly important part of the hybrid warfare…

Read more →

Despite economic headwinds and IT budget challenges, the world’s CIOs are bullish about the power of technology to deliver value for their organizations, according to Lenovo. Innovation investment concerns among CIOs Despite their optimism, the risks are real, as 83%…

Read more →

Despite prevailing economic headwinds, the market for cybersecurity products and services remains buoyant, according to CCgroup. The study found that 78% of enterprises in the U.S. and 58% in the UK have increased cybersecurity investment in the last year, while…

Read more →

Wipro launched a managed private 5G-as-a-Service solution in partnership with Cisco. The new offering enables enterprise customers to achieve better business outcomes through the seamless integration of private 5G with their existing LAN/WAN/Cloud infrastructure. The changing nature of work and…

Read more →

Elevate Security has unveiled the release of integrations with Cisco Duo, Secure Email, Secure Endpoint, and Umbrella. These integrations add Elevate’s high-confidence user risk quantification and management capabilities to Cisco’s core cyber security offerings, enabling defenders to predict which users…

Read more →

Sentra announced Sentra ChatDLP Anonymizer, a new feature that redacts Personal Identifiable Information (PII) from ChatGPT and Google Bard prompts. ChatDLP enhances organizations’ data security by minimizing the vulnerability of critical data, enabling enterprises to leverage the advantages of new…

Read more →

Cyera’s integration with Azure OpenAI enables Cyera customers to make faster, more informed decisions about data security, privacy, and governance. Cyera’s data security platform empowers security teams to take action by automatically deriving business context and understanding the intent behind…

Read more →

With Tines Cases, security and IT teams can manage and track incidents, investigate security breaches, and manage response activities. The new solution extends the strength of the Tines platform by empowering teams to collaborate on anomalies and build better automations…

Read more →

Wind River has introduced Wind River Studio Linux Security Scanning Service that provides professional-grade scanning to identify Common Vulnerabilities and Exposures (CVEs). Tuned to the unique needs of embedded Linux development, it also indicates whether a remediation solution is already…

Read more →

Commvault announced new security capabilities across its entire portfolio. Signaling the next phase in its evolution, Commvault is helping businesses secure, defend, and recover their data to meet increasingly sophisticated cyberthreats head on. As part of these capabilities, Commvault has…

Read more →

Island announced the first password manager natively built into an enterprise browser, providing IT teams and employees with powerful new capabilities to eliminate password abuse, help ensure organizational custody of corporate passwords, and embrace passwordless user authentication flows. By offering…

Read more →

SAIC launched Trust Resilience, a holistic approach to support government agencies adopting the mandated zero trust architecture. “Trust Resilience builds security into IT modernization, delivering protection and compliance of mission-critical resources no matter where organizations are on their technology modernization…

Read more →

A number of ransomware gangs have stopped using malware to encrypt targets’ files and have switched to a data theft/extortion approach to get paid; 0mega – a low-profile and seemingly not very active threat actor – seems to be among…

Read more →

Immersive Labs and Accenture are working together to launch the Cyber Million program that aims to solve the cybersecurity talent deficit by increasing access to one million entry-level cybersecurity operations jobs over the next decade. The beta version of the…

Read more →

CoSoSys announced that it will provide same-day support for the upcoming macOS Sonoma release. MacOS Sonoma (macOS 14) is scheduled for release later in 2023. CoSoSys customers using its Endpoint Protector solution for Device Control and DLP, will be able…

Read more →

Velotix has released a three-tiered architecture for its security platform that enables enterprises to transition towards fully automated data access. By beginning with data discovery and auto-tagging, and then evolving towards AI powered data access and automatic policy generation, Velotix…

Read more →

Cisco launched a Full-Stack Observability Platform—a vendor-agnostic solution that harnesses the power of the company’s full portfolio. It delivers contextual, correlated, and predictive insights that allow customers to resolve issues more quickly and optimize experiences, while also minimizing business risk.…

Read more →

Network Perception introduced its next-generation NP-View platform, providing improved scalability and throughput, making OT network path analysis and reporting more comprehensive. The new NP-View platform, version 4.2, powered by a second-generation path analysis algorithm, offers significant performance improvements, including faster…

Read more →

Cloudbrink launched a software-only solution that replaces hardware based VPN and SD-WAN appliances for power users in the hybrid workplace. The Cloudbrink app with bridge mode delivers 30 times the performance of small branch office and home routers while reducing…

Read more →

Nile announced a new integration with Palo Alto Networks. With the integration, joint customers can now benefit from a highly integrated solution that brings together Nile Access Service for enterprise campus (NaaS) and Palo Alto Networks Next-Generation Firewalls (NGFWs). Globally,…

Read more →

Prism Infosec has identified two high-risk vulnerabilities within the Aspect Control Engine building management system (BMS) developed by ABB. ABB’s Aspect BMS enables users to monitor a building’s performance and combines real-time integrated control, supervision, data logging, alarming, scheduling and…

Read more →

Google has fixed a high-severity vulnerability in the Chrome browser (CVE-2023-3079) that is being exploited by attackers. About the vulnerability CVE-2023-3079 is a vulnerability that stems from a type confusion in the V8 JavaScript engine, and has been uncovered by…

Read more →

In my last post I discussed how developers can be your security secret weapon… but how to help them love doing security work? That’s a whole other challenge! Stories of the tension between developers and security teams are a longstanding…

Read more →

Many recent breaches and data leaks have been tied back to SaaS apps, according to Adaptive Shield. “We wanted to gain a deeper understanding of the incidents within SaaS applications and how organizations are building their threat prevention and detection…

Read more →

Applications developed by public sector organizations tend to have more security flaws than applications created by the private sector, according to Veracode. The findings are notable because increased numbers of flaws and vulnerabilities in applications correlate with increased levels of…

Read more →

In this Help Net Security video, Ed Adams, CEO of Security Innovation, discusses the shifts in cybersecurity training. 60% of companies now include realistic simulations in their cybersecurity training programs compared to 36% in 2020. According to Security Innovation research,…

Read more →

DigiCert has partnered with ReversingLabs to enhance software security by combining advanced binary analysis and threat detection from ReversingLabs with DigiCert’s enterprise-grade secure code signing solution. DigiCert customers will benefit from improved software integrity through deep analysis that shows their…

Read more →

Lacework announced new CIEM functionality to address the complex and growing challenges in managing identity threats and unnecessary risk within public cloud environments. With over 35,000 granular permissions across hyperscale cloud providers, organizations can struggle to maintain an overview and…

Read more →

Trulioo released new capabilities for automated business and person verification workflows. The latest update bolsters Trulioo global leadership by expanding geographic coverage and localization for person verification and further automating business verification processes to reduce costly manual reviews. With the…

Read more →

NinjaOne announced enhancements to NinjaOne Patch Management, delivering the latest automated patching solutions to maintain business operations and keep organizations secure. Patching is a tedious, time-consuming task but also a critical step to secure modern IT environments, where technology experts…

Read more →

BlackBerry announced a partnership with Upstream Security to enable automakers to strengthen the overall security posture of their vehicles, by leveraging the rich telemetry data and edge compute capabilities from BlackBerry IVY. Upstream’s cloud-native Vehicle Detection and Response (V-XDR) platform…

Read more →

Datadog released Workflow Automation, a new product that enables teams to automate end-to-end remediation processes—with out-of-the-box actions and pre-built templates—across all systems, apps and services to help identify, investigate and resolve service disruptions and security threats faster. DevOps, SRE and…

Read more →

Fingerprint launched Fingerprint Pro Plus, featuring the company’s latest innovation, Smart Signals. These new capabilities provide real-time, actionable intelligence that builds on Fingerprint’s browser and device identification signals which more than 6,000 companies use to help fight and prevent fraud.…

Read more →

Appdome has integrated its platform with GitHub to accelerate the delivery of secure mobile apps globally. GitHub Actions is now part of the Appdome Dev2Cyber Agility Partner Initiative to accelerate the delivery of secure mobile apps globally. With this new…

Read more →

Enveedo has launched its Strategy Execution Platform for Security that enables organizations to build and maintain cyber resiliency. The platform includes a risk management engine, on-demand access to vCISO guidance, and a real-time centralized view of the organization’s systems, assets,…

Read more →

Verizon Business today released the results of its 16th annual Data Breach Investigations Report (2023 DBIR), which analyzed 16,312 security incidents and 5,199 breaches. Chief among its findings is the soaring cost of ransomware – malicious software (malware) that encrypts…

Read more →

1Password begins to offer customers the ability to save and sign into online accounts with passkeys. This summer, early adopters can begin unlocking their 1Password account with a passkey. “Our mission is to help people safeguard their digital identities and…

Read more →

IDnow announces the expansion of its platform to include fully automated document liveness capabilities, data checks and Financial Risk Checks as well as new fraud prevention features. The platform expansion will also include a central, no-code workflow management tool. Document…

Read more →

Zoom has introduced a new range of privacy enhancements and tools to make sure users have control over their data and their privacy preferences. These enhancements not only cater to global customers but also include features specifically designed for users…

Read more →

The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Victimized organizations The confirmed victims so far are Zellis, “UK…

Read more →

In this Help Net Security video, Michael Rinehart, VP of Artificial Intelligence at Securiti.ai, discusses a dark side to generative AI that isn’t talked about enough. Organizations must remember that anything that goes into the learning process can never be…

Read more →

Apple announced its latest privacy and security innovations, including major updates to Safari Private Browsing, Communication Safety, and Lockdown Mode, as well as app privacy improvements. Additionally, Apple introduced new features designed with privacy and security at their core, including…

Read more →

“Once a new technology rolls over you, if you’re not part of the steamroller, you’re part of the road.” – Stewart Brand The digital world is vast and ever-evolving, and central to this evolution are large language models (LLMs) like…

Read more →

67% of consumers are aware of generative AI technologies but they overestimate their ability to detect a deepfake video, according to Jumio. Generative AI awareness among consumers Awareness of generative AI and deepfakes among consumers is high — 52% of…

Read more →

CISOs and ITDMs (IT security decision-makers) continue to be most occupied with business, IT and security program strategy, but they are spending less time on threat research, awareness and hunting compared to 2022, according to Nuspire. The ever-evolving cybersecurity landscape…

Read more →

Traceable AI announced API Security Reference Architecture for Zero Trust. This reference architecture serves as a guide for security leaders as the industry addresses the urgency of integrating API Security into zero trust security initiatives. Zero trust, a cybersecurity framework…

Read more →

After making passkeys available for consumers in early May, Google is now rolling them out for Google Workspace and Google Cloud accounts. This feature will soon be available (in open beta) for more than 9 million organizations and aims to…

Read more →

LogicGate introduced a new OpenAI integration that will help automate and inform GRC processes, including policy generation. Founded in 2015 by seasoned risk consultants, LogicGate automates and centralizes tedious, time-consuming governance, risk, and compliance (GRC) workflows with Risk Cloud, its…

Read more →

The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many…

Read more →

With the availability of the BigID Data Classification App on the ServiceNow Store, this expanded relationship provides more advanced security and privacy capabilities for workflow automations. BigID automates the discovery and classification of personal, regulated, critical, and sensitive data in…

Read more →

AntChain announced a new collaboration with Intel to launch AntChain Massive Data Privacy-Preserving Computing Platform (MAPPIC), a new privacy-preserving computing platform that brings a data privacy protection solution for large-scale AI machine learning. As a Software-as-a-Service (SaaS) platform, MAPPIC is…

Read more →