Tag: Help Net Security

Malicious bots are taking new forms – a burst of spam and scam text messages led to 18,000+ consumer complaints at the FCC last year. One of the newest scams – artificial inflation of traffic (AIT) – targets the SMS…

Read more →

In today’s rapidly evolving digital landscape, organizations face constant cyber threats that can compromise their sensitive data, disrupt operations, and damage their reputation. Staying informed about the latest cyberattacks and understanding effective protection methods is crucial. This list of free…

Read more →

Are you watching your employees? Though the question may incite thoughts of “Big Brother” and an all-seeing or all-knowing entity, it isn’t quite as ominous as you might think. Employee productivity surveillance technology, or EPST, often tracks statistics such as…

Read more →

As the digital revolution changes the claims process, both carriers and customers are increasingly concerned about data privacy, according to LexisNexis Risk Solutions. More than 60% of consumers have concerns over the security of their personally identifiable information when they…

Read more →

Forced verification and deepfake cases multiply at alarming rates in the UK and continental Europe, according to Sumsub. In Germany alone, forced verification grew by 1500% as a proportion of all fraud cases, from 0.3% in the full year 2022…

Read more →

Katie Boswell spent years on the front lines securing the most critical national infrastructure in energy and life sciences. Yet, earlier in her career, she was told that senior leadership was not for her if she planned on becoming a…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: MOVEit Transfer zero-day attacks: The latest info Progress Software has updated the security advisory and confirmed that the vulnerability (still without a CVE number) is…

Read more →

Digi International has released the latest version of Digi SkyCloud, a solution for monitoring, analyzing and controlling field data. The 23.5 update of SkyCloud introduces a range of new features, giving users effortless systems integrations with remote monitoring and control…

Read more →

OffSec launched a newly expanded OffSec Global Partner Program. With cyber threats becoming increasingly sophisticated, organizations are seeking reliable partners to address the ever-growing demand for skilled cybersecurity professionals. In response to this market need, OffSec’s new program introduces a…

Read more →

Google has tripled the full reward amount for the first security bug report that includes a functional full chain exploit of its popular Chrome browser. Six months of higher rewards for a Chrome full chain exploit The Chrome Vulnerability Rewards…

Read more →

ON2IT announces the addition of the CISA Zero Trust Maturity Model into its Zero Trust as a Service platform, AUXO. Organizations can use ON2IT’s Zero Trust as a Service platform to strengthen cyber defenses and easily embrace Zero Trust. With…

Read more →

Galvanick announced its $10 million seed round. Major investors included MaC Venture Capital, Founders Fund, Village Global, Countdown Capital, Hanover Technology Investment Management, Shrug Capital, 8090 Industries, and over 25 angel investors specializing in cybersecurity, manufacturing, finance, and defense. Galvanick…

Read more →

There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice Progress Software has…

Read more →

Qakbot (aka Qbot) – banking malware-turned-malware/ransomware distribution network – has been first observed in 2007 and is active to this day. The neverending adaptability of this threat is key to its long-term survival and success. “Qakbot operators tend to reduce…

Read more →

As the world’s most powerful military and economic power, the United States also holds another, less impressive distinction: Cyber threat actors target the US more than any other country in the world. In 2022 alone, the FBI received more than…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Bitdefender, ConnectSecure, CYTRACOM, Permit.io, and PingSafe. Permit.io launches FoAz to give frontend developers the keys to security Short for frontend-only authorization, FoAz is a technology…

Read more →

Despite rising labor costs, economic inflation, and companies making an effort to cut back, the salary outlook for IT professionals is positive, according to InformationWeek. Work-life balance and base pay top the list as what matters most to IT professionals…

Read more →

According to Egress, the evolving attack methodologies currently used by cybercriminals are designed to get through traditional perimeter security. “The evolution of phishing emails continues to pose a major threat to organizations, emphasizing the need to enhance defenses to prevent…

Read more →

In this Help Net Security video interview, Rick Howard, CSO of N2K, Chief Analyst, and Senior Fellow at the Cyberwire, discusses his book – Cybersecurity First Principles: A Reboot of Strategy and Tactics. In the book, Howard challenges the conventional…

Read more →

The 1Kosmos BlockID distributed identity cloud service, which unifies identity verification and passwordless authentication, is now available in the AWS Marketplace. This listing makes it easy for customers to test and deploy BlockID, as well as directly procure it in…

Read more →

Resecurity’s Digital Identity Product (IDP) is a solution designed to enhance online security and protect enterprises’ and individuals’ digital identities in an increasingly interconnected world. With the ever-present risk of cyber threats compromising personal information, IDP offers a robust framework…

Read more →

New Relic has announced an integration with the newly launched Amazon Security Lake. With this integration, New Relic customers can access and monitor their Amazon Security Lake security log data and events in New Relic. This allows users to leverage…

Read more →

Cobalt Iron launched Compass NAS Protector, a new set of features in its Cobalt Iron Compass enterprise SaaS backup platform. Intended to aid enterprise NAS and backup administrators, Compass NAS Protector speeds up backups, simplifies management of NAS data, and…

Read more →

WithSecure’s USB armory is an open-sourced, single board computer with a unique form factor and capabilities. It has been used in a variety of applications, including (but not limited to) encrypted storage solutions, hardware security modules (HSM), enhanced smart cards,…

Read more →

Secureworks has launched two new offerings to unify the way industrial organizations prevent, detect, and respond to threats across the OT and IT landscapes. The convergence of OT and IT in the industrial sector brings technological and economic benefits, but…

Read more →

Uptycs has integrated with Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes security data from across AWS environments, SaaS providers, on-premises, and cloud sources into a purpose-built data lake. Amazon Security Lake manages data throughout…

Read more →

CYTRACOM announces a significant update to its ControlOne platform, enabling MSPs to prevent managed clients from evading security requirements and create a passwordless experience for end-users. Managed users are now always on the virtual corporate network, secured by unified global…

Read more →

A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential unauthorized access to the environment,” the company warned…

Read more →

Nozomi Networks and Cynalytica have unveiled they have partnered to provide a visibility, monitoring and threat detection solution that encompasses both TCP/IP-based and non-IP based serial bus and analog connections found in OT and IoT environments. The joint solution simplifies…

Read more →

Stellar Cyber announced support for the Amazon Security Lake from Amazon Web Services (AWS). Organizations using the Stellar Cyber Open XDR Platform and AWS can directly ingest data from the Amazon Security Lake into Stellar Cyber, automatically enabling richer data…

Read more →

Safe Security announced Cyber Risk Cloud of Clouds for predicting and preventing cyber breaches. In contrast to the rest of the industry that takes a reactive approach, SAFE’s Cyber Risk Cloud of Clouds enables organizations to make informed and predictive…

Read more →

Code42 Software has announced the appointment of Wayne Jackson to its board of directors. Jackson boasts an impressive career in enterprise security software and currently serves as the CEO of Sonatype. “We are pleased to welcome Wayne Jackson to Code42’s…

Read more →

Resecurity announced the appointment of Shawn Loveland as its Chief Operating Officer (COO). With an impressive track record of over 35 years in technology and cybersecurity, Mr. Loveland brings extensive experience and expertise to the Resecurity team. His illustrious career…

Read more →

Syxsense announced a partnership with VLCM, an IT solutions and services provider focused on meeting customer needs for cybersecurity, networking, cloud, big data, and more. VLCM is one of Syxsense’s platinum channel partners and offers Syxsense Manage, Syxsense Secure, and…

Read more →

Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident responders “Google Workspace…

Read more →

CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-2023-28771 is a vulnerability that allows unauthenticated attackers to…

Read more →

In this Help Net Security interview, Jay Chaudhry, CEO at Zscaler, talks about connecting and securing remote employees and their devices to access organizational resources from any location. He discusses the potential risks of remote VPN access, the increasing reliance…

Read more →

The cloud is the future of enterprise architecture. It’s economical (to a degree), it’s scalable, it’s flexible and – best of all – it’s someone else’s responsibility. Again, to a point. That’s because the cloud comes with its own set…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Aqua Security, Axiado, Bitwarden, Cloudflare, ComplyAdvantage, Dashlane, Delinea, Enzoic, Feedzai, Immersive Labs, Intruder, Nebulon, NETSCOUT, Neurotechnology, Nozomi Networks, OpenVPN, Private AI, Radware, Satori, Trua, Vanta,…

Read more →

A 25% increase in the use of phishing kits has been recorded in 2022, according to Group-IB. The key phishing trends observed are the increasing use of access control and advanced detection evasion techniques. The rise in evasive tactics, such…

Read more →

Ransomware has become an ever-present threat to individuals, businesses, and even entire nations. In this Help Net Security round-up, we present parts of previously recorded videos from experts in the field that shed light on the pressing ransomware issues. Complete…

Read more →

An essential aspect of organizational operations is effectively responding to and returning from a disruptive event, commonly called disaster recovery. The primary objective of DR techniques is to restore the utilization of crucial systems and IT infrastructure following a disaster.…

Read more →

Bitdefender unveiled GravityZone Security for Mobile, designed to provide organizations with advanced Mobile Threat Detection (MTD) and security for Android, iOS and Chromebook devices, including Chrome extensions. The new offering helps enterprises, managed service providers (MSPs) and their customers gain…

Read more →

Rezilion released its new Smart Fix feature in the Rezilion platform, which offers critical guidance so users can understand the most strategic, not just the most recent, upgrade to fix vulnerable components. Patching is a complicated and noisy process, which…

Read more →

PingSafe launched KSPM module to provide an end-to-end security solution that encompasses the entire container lifecycle, from development to production, helping organizations securely navigate the dynamic landscape of container orchestration. By tightly integrating into PingSafe’s CNAPP platform, KSPM module, along…

Read more →

ConnectSecure is adding deep attack surface scanning and the Exploit Prediction Scoring System (EPSS) to its cybersecurity platform for managed service providers (MSPs) that protect small and midsize businesses. The new capabilities will be fully integrated into the ConnectSecure platform,…

Read more →

If you’re running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else’s behalf. The attack Indicators of the ongoing campaign were first…

Read more →

Permit.io has launched FoAz which enables frontend developers to take access controls into their own hands. Short for frontend-only authorization, FoAz is a technology that empowers frontend developers to use sensitive APIs directly from the frontend, without requiring any backend…

Read more →

Netskope announced an integration between Netskope’s Intelligent Security Service Edge (SSE) platform and Amazon Security Lake from AWS. Amazon Security Lake is a service that automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers, on-premises,…

Read more →

Zyxel has patched a high-severity authenticated command injection vulnerability (CVE-2023-27988) in some of its network attached storage (NAS) devices aimed at home users. About the vulnerability (CVE-2023-27988) The vulnerability was discovered in the devices’ web management interface. “An authenticated attacker…

Read more →

Ping Identity announced PingOne Protect, a new fraud detection and risk management service to prevent account takeover and fake accounts while solving multi-factor authentication (MFA) fatigue for end users. PingOne Protect takes a unique approach to threat protection, combining Identity…

Read more →

Hitachi Vantara introduced Hitachi Data Reliability Engineering (DRE), a suite of consulting services helping organizations improve the quality and consistency of business-critical data. Amid a surge of data from connected devices and applications, organizations are challenged with increasingly complex data…

Read more →

Mirantis announced Lens Control Center, to enable large businesses to centrally manage Lens Pro deployments by standardizing configurations, consolidating billing, and enabling control over outbound network connections for greater security. Over 1 million people use Lens to make them significantly…

Read more →

Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers. By analyzing a year’s worth of APT campaign data they collected from the 200,000+ SMBs that have their security…

Read more →

Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2023.2 Aside from updates for existing tools, a new Kali version usually comes with new tools.…

Read more →

In this Help Net Security interview, Deepika Chauhan, CPO at DigiCert, talks about the importance of maintaining high trust assurance levels for businesses in today’s digital landscape. How does DigiCert define “digital trust,” and why is it essential for businesses…

Read more →

Organizations of all sizes are increasingly falling victim to ransomware attacks and inadequately protecting against this rising cyberthreat, according to Veeam. One in seven organizations will see almost all (>80%) data affected as a result of a ransomware attack –…

Read more →

Protecting operational technology (OT) systems is now more critical than ever as more organizations connect their OT environments to the internet, according to Fortinet. Although IT/OT convergence has many benefits, it is being hampered and handicapped by advanced and destructive…

Read more →

In this Help Net Security video, Jason Lewkowicz, Chief Services Officer at Optiv, discusses mental health in cybersecurity, which needs more attention. There is a confluence of factors – from the cybersecurity talent shortage and reductions in force to volatile…

Read more →

Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability (CVE-2023-2868) resulted in the deployment of three types of malware and data exfiltration. The company did not say how many organizations have…

Read more →

API calls make up the majority of our digital lives. Take, for example, the everyday use of a cloud-based food delivery app, which could involve up to 25 API calls. Between the order being placed, transmission to the restaurant, the…

Read more →

Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organization, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. Barracuda Networks research finds 24% of organizations studied had at least…

Read more →

Threat actors are abusing generative AI to carry out child sex abuse material (CSAM), disinformation, fraud and extremism, according to ActiveFence. “The explosion of generative AI has far-reaching implications for all corners of the internet,” said Noam Schwartz, CEO and…

Read more →

Building a custom cracking rig for research can be expensive, so penetration tester Max Ahartz built one on AWS. In this Help Net Security interview, he takes us through the process and unveils the details of his creation. What motivated…

Read more →

Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. Any vulnerabilities within this software supply chain can jeopardize your and your customers’ safety. In this Help Net Security video,…

Read more →

Over the past year, 4 in 5 financial companies had experienced an increase in the number of verification cases involving foreign documents, according to Regula. The post Digital nomads drive changes in identity verification appeared first on Help Net Security.…

Read more →

65% of organizations in the enterprise sector suffered a cyberattack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to Netwrix. Larger organizations are a more frequent target for cyberattacks The…

Read more →

Media and entertainment (M&E) companies are rapidly turning to cloud storage in efforts to upgrade their security measures, according Wasabi. Survey findings highlighted that, while M&E organizations are still relatively new to cloud storage (69% of respondents had been using…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Wireless Broadband Alliance CEO on key drivers for Wi-Fi adoption in enterprise networks This Help Net Security interview with Tiago Rodrigues, CEO at Wireless Broadband…

Read more →

Edgewater Wireless Systems has announced its next-generation of Wi-Fi Spectrum Slicing powered silicon solutions targeting residential, enterprise and prosumer applications. Building on the latest Wi-Fi standard, WiFi7 (802.11BE), Edgewater’s platform offers more physical channel capacity than single-channel, legacy Wi-Fi architectures…

Read more →

Keysight Technologies introduces the Keysight E5081A ENA-X, the midrange vector network analyzer (VNA) that produces error vector magnitude (EVM) measurements and accelerates the characterization of 5G component designs by up to 50%. Demand for ever-increasing data speeds with ultra-low latency…

Read more →

Coalesce has announced a new partner program to expand training options and teamwork, as well as to help Snowflake Data Cloud customers more effectively manage their modern data stack. The Coalesce Partner Program now features three tiers – Select, Premier,…

Read more →

Hopr has secured $500K in funding from TEDCO, that has invested an additional $300K, doubling down on their initial investment of $200K, which occurred last year. “The outlook for startups has been rocky over the past 12 months due to…

Read more →

Cognigy has entered into a strategic reseller partnership with Black Box. By combining Cognigy’s conversational AI-based technology with Black Box’s comprehensive CX solution practice, including a global network of CX professionals, the companies will deliver AI-based solutions that drive customer…

Read more →

Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low volume, targeted, and use trusted cloud services to send emails and host content (Microsoft and Adobe),” say Trustwave researchers…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Axiado, Delinea, Netscout, Radware, and Veriff. Delinea Cloud Suite updates reduce the risk of lateral movement in cybersecurity breaches Delinea Cloud Suite updates include more…

Read more →

A newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems. Use of public exploits One notable aspect of the attackers leveraging the Buhti ransomware is their…

Read more →

Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low volume, targeted, and use trusted cloud services to send emails and host content (Microsoft and Adobe),” say Trustwave researchers…

Read more →

Cybercriminals are increasingly posing as multi-factor authentication vendors and small businesses are becoming more popular targets, according to VIPRE. Attachment-based malspam is on the rise Financial institutions (48%) are still the most targeted sector by a wide margin. Insider attacks…

Read more →

In this Help Net Security video, Tracy Reinhold, Chief Security Officer at Everbridge, talks about ISO 31030, the officially recognized International Standard for travel risk management, guiding how to manage risks to organizations and travelers. The global pandemic has been…

Read more →

Perception Point’s team has identified a 356% increase in the number of advanced phishing attacks attempted by threat actors in 2022. Overall, the total number of attacks increased by 87%, highlighting the growing threat that cyber attacks now pose to…

Read more →

In its inaugural 2023 Offensive Security Vision Report, NetSPI unveils findings that highlight vulnerability trends across applications, cloud, and networks. Vulnerability patterns The report offers a look back — and forward — at some of the most significant vulnerability patterns…

Read more →

NordPass has unveiled that its password manager now offers new features. NordPass Premium users can attach up to 3GB of files to items stored in NordPass. The company is also allowing its customers to customize their password items. The latest…

Read more →

Tufin announced the R23-1 release of its Tufin orchestration platform. The latest release extends security teams’ visibility and control into the cloud, enabling enterprises to better bridge the gaps between network and cloud security. With R23-1, Tufin customers can confidently…

Read more →

Corvus Insurance has unveiled Corvus Signal, the risk prevention solution that brings together brokers, policyholders, and Corvus security experts in partnership. Corvus Signal has been shown to reduce cyber breach frequency and cost by up to 20 percent. The announcement…

Read more →

A clever phishing campaign aimed at stealing users’ business email account credentials by impersonating OpenAI, the company behind the ChatGPT chatbot, has been spotted by Inky researchers. The attack ChatGPT has quickly gained popularity and is used widely by individuals…

Read more →

The National Security Agency (NSA) and Five Eyes partner agencies have identified indicators of compromise associated with a People’s Republic of China (PRC) state-sponsored cyber actor dubbed Volt Typhoon, which is using living off the land techniques to target networks…

Read more →

A vulnerability (CVE-2023-2868) in Barracuda Networks’ Email Security Gateway (ESG) appliances has been exploited by attackers, the company has warned. About CVE-2023-2868 CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001…

Read more →

The widespread adoption of remote and hybrid working practices in recent years has brought numerous benefits to various industries, but has also introduced new cyber threats, particularly in the critical infrastructure sector. These threats extend not only to IT networks…

Read more →

In March 2023, the total number of breaches reported was higher than those reported in the previous three years combined, according to Ivanti. Ransomware groups are continuously weaponizing vulnerabilities and adding them to their arsenal to mount crippling and disruptive…

Read more →

To achieve a diverse and well-trained cybersecurity workforce, organizations recognize the value of a quality training program supported by the pursuit of cybersecurity certifications, according to Security Innovation and Ponemon Institute. The report revealed a growing embrace of realistic simulations…

Read more →

According to Imperva, bad bot traffic grew to 30.2%, a 2.5% increase over 2021. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses malicious bot activity. This is a substantial threat for businesses, leading to…

Read more →

DataRobot has partnered with Microsoft to accelerate AI adoption in the enterprise. The collaboration will include integrations with Microsoft Azure OpenAI Service, Azure Machine Learning, and Azure Kubernetes Service (AKS), making it possible for data scientists to use large language…

Read more →

Wipro has expanded partnership with Google Cloud to bring its advanced generative artificial intelligence (AI) capabilities to clients across the globe. Wipro will integrate Google Cloud’s full suite of generative AI products and services—including Vertex AI, Generative AI App Builder,…

Read more →

Kasten by Veeam released its new Kasten K10 V6.0 Kubernetes data protection platform. The new release includes features that will help customers scale their cloud native data protection more efficiently, better protect their applications and data against ransomware attacks, and…

Read more →

Kyndryl has unveiled new services and capabilities to help Red Hat OpenShift customers enhance and expand their ability to more consistently modernize and move core business applications to hybrid cloud environments. Kyndryl’s new integrated services and capabilities, which are part…

Read more →

Dell Technologies introduces Project Fort Zero to provide an end-to-end zero trust security solution for global organizations to protect against cyberattacks. The solution will be validated by the U.S. Department of Defense and is part of a Dell Security portfolio…

Read more →

Honeywell released its operational technology (OT) cybersecurity solution, Honeywell Forge Cybersecurity+ | Cyber Insights, to assist customers in improving the availability, reliability and safety of their industrial control systems and operations. Cyber Insights is designed to integrate information from multiple…

Read more →

Memcyco, the real-time website impersonation detection and prevention solution, has completed a $10 million seed round led by Capri Ventures and Venture Guides. Brandjacking is among the most common forms of cyberattacks globally. Twenty percent of consumers collectively lost more…

Read more →

Cohesity expands partnership with Google Cloud to help organizations unlock the power of generative AI and data. In addition, Cohesity unveiled Cohesity Turing, a unique, comprehensive, and rapidly evolving set of AI technologies that brings the power of AI to…

Read more →