Tag: Help Net Security

Appdome has released Build-to-Test which enables mobile developers to streamline the testing of cybersecurity features in mobile apps. The new capability allows Appdome-protected mobile apps to recognize when automated mobile app testing suites are in use and securely completed without…

Read more →

Red Hat announced Red Hat Service Interconnect, simplifying application connectivity and security across platforms, clusters and clouds. Based on the open source project, Skupper.io, Red Hat Service Interconnect empowers developers to more seamlessly create trusted connections between services, applications and…

Read more →

Axiado introduced the AX3000 and AX2000 trusted control/compute units (TCUs), a fully integrated AI-driven hardware security platform solutions designed to help detect cybersecurity and ransomware attacks on next-generation servers and infrastructure elements in cloud datacenters, 5G networks, and network switches.…

Read more →

Dell introduces Dell NativeEdge, an edge operations software platform, designed to help businesses simplify and optimize secure edge deployments. Customers can streamline edge operations across thousands of devices and locations from the edge to core data centers and multiple clouds.…

Read more →

A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorized access to a computer with intent to commit other offences, after pleading guilty during a hearing at Reading Crown Court, England. IT…

Read more →

GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft’s Azure DevOps Services. Enabling GitHub Advanced Security for Azure DevOps (Source: Microsoft) What is GitHub Advanced Security for Azure DevOps? GitHub Advanced…

Read more →

Sekoia.io raised €35 million in a new round of financing from Banque des Territoires, European investor Bright Pixel (former Sonae IM) and its historical investors Omnes Capital, Seventure and BNP Paribas Développement. The fundraising follows a previous round of €10M…

Read more →

Opti9 has been selected by Wasabi Hot Cloud Storage as a Technical Alliance Partner to offer integrated disaster recovery and artificial intelligence (AI) powered ransomware detection services. As result of this trusted partnership, Wasabi clients can now natively integrate a…

Read more →

Researchers from Cado Labs recently encountered an update to the emerging cloud-focused malware family, Legion. This sample iterates upon the credential harvesting features of its predecessor, with a continued emphasis on exploiting PHP web applications. In this Help Net Security…

Read more →

ESET researchers have discovered a trojanized Android app named iRecorder – Screen Recorder. It was available on Google Play as a legitimate app in September 2021, with malicious functionality most likely added in August 2022. During its existence, the app…

Read more →

The presence of each third-party application increases the potential for attacks, particularly when end users install them without proper oversight or approval. IT security teams face challenges in obtaining comprehensive knowledge about the apps connected to their corporate SaaS platforms,…

Read more →

Samsung’s recent discovery that employees had uploaded sensitive code to ChatGPT should serve as a reminder for security leaders to tread carefully when it comes to integrating new artificial intelligence tools throughout their organizations. Shadow AI Employees are using the…

Read more →

Legal and compliance leaders should address their organization’s exposure to six specific ChatGPT risks, and what guardrails to establish to ensure responsible enterprise use of generative AI tools, according to Gartner. “The output generated by ChatGPT and other large language…

Read more →

In this Help Net Security interview, we sit down with Dr. Atsushi Yamada, the newly appointed CEO of ISARA, a security solutions company specializing in creating quantum-safe cryptography. With over two decades of experience in cryptography and cybersecurity, Dr. Yamada…

Read more →

Red Hat Advanced Cluster Security Cloud Service brings together Kubernetes-native security capabilities with the convenience and support of a fully Red Hat-managed offering. The cloud service enables organizations to take a security-forward approach to building, deploying and maintaining cloud-native applications…

Read more →

Hornetsecurity launched 365 Permission Manager – a user-friendly, admin-centred solution to manage permissions, enforce compliance policies, and monitor violations within Microsoft 365 (M365). This innovative solution brings ease and order to the tracking of employee access to M365 sites, files…

Read more →

Delinea announced the latest version of Cloud Suite, part of its Server PAM solution, which provides privileged access to and authorization for servers. Delinea Cloud Suite updates include more granular support for just-in-time (JIT) and just-enough privilege access automation, and…

Read more →

NETSCOUT has introduced Arbor Sightline Mobile and MobileStream to answer mobile network operators’ (MNO) need for scalable, real-time visibility, detection, and mitigation of threats that can impact the performance and availability of 4G/5G mobile consumer services and network infrastructure. NETSCOUT…

Read more →

Red Hat announced Red Hat Trusted Software Supply Chain, a comprehensive solution that enhances resilience to software supply chain vulnerabilities. As part of this solution, two new cloud services, Red Hat Trusted Application Pipeline and Red Hat Trusted Content, join…

Read more →

Stytch’s new offering enables B2B products and applications to build and deliver the enterprise-grade authentication requirements that their customers require, while maintaining a frictionless user experience to maximize conversion and adoption. Authentication is a key requirement for any B2B software…

Read more →

Veriff announced its new Age Estimation solution, built to further streamline the age verification process for customers. Veriff Age Estimation uses facial biometrics to enable users to easily estimate their age with a selfie, rather than having to provide an…

Read more →

Vaultree announces a major leap forward in healthcare data protection, bringing its Fully Functional Data-In-Use Encryption solution to the sector. Coupled with a groundbreaking software development kit and encrypted chat tool, Vaultree’s technology revolutionizes the data encryption landscape, providing full-scale…

Read more →

Radware has introduced a new Cloud Web DDoS Protection solution to minimize the growing gap between standard DDoS mitigation and an emerging generation of more aggressive, layer 7 (L7), HTTPS Flood attacks—also known as Web DDoS Tsunami attacks. Radware’s solution…

Read more →

Conceal has announced a new strategic partnership with White Rock Cybersecurity. “White Rock Cybersecurity is committed to delivering innovative, scalable, and manageable solutions in information technology,” said James Range, CEO of White Rock Cybersecurity. “With the inclusion of Conceal’s Zero…

Read more →

IRONSCALES has partnered with the Infinigate Group to distribute IRONSCALES’ cloud email security platform in the Benelux, the Nordics, and Switzerland regions, with a view to widen the partnership across the wider EMEA territory. “Infinigate is a key partnership for…

Read more →

Fusion Risk Management announced expanded functionality of its third-party risk management (TPRM) offering. The enhanced solution delivers continuous monitoring of third parties beyond its traditional instance as well as an evaluation of potential operational and business impacts that those third…

Read more →

Mastercard and HealthLock have partnered to offer millions of Americans help in protecting themselves against medical bill fraud, claim errors and overcharges. Consumers who link their insurance accounts to the HealthLock platform gain the ability to monitor all healthcare claims…

Read more →

WithSecure has released Cloud Security Posture Management, a new module for its WithSecure Elements security platform, that identifies insecure cloud configurations attackers use to compromise networks. It’s now become commonplace for organizations to incorporate cloud-based infrastructure-as-a-service (IaaS) offerings into their…

Read more →

N-able is collaborating with the Joint Cyber Defense Collaborative (JCDC) to help create a more secure global ecosystem and work towards helping reduce security risk for MSPs and their customers. The Cybersecurity and Infrastructure Security Agency (CISA) established JCDC in…

Read more →

Error messages that ChatGPT and other AI language models generate can be used to uncover disinformation campaigns, hate speech and fake reviews via OSINT collection and analysis, says Nico Dekens, director of intelligence at ShadowDragon. AI-generated content found via Google…

Read more →

Integrating an acquired company into a single organization is a daunting task that can take weeks, months, or even years to complete. To have a successful conclusion to the mergers and acquisitions (M&As) process, identity and access management (IAM) teams…

Read more →

30% of adults have fallen victim or know someone who has fallen victim to an online scam while trying to save money when booking travel, according to McAfee. 34% of those who had money stolen have lost over $1,000 before…

Read more →

While API security remains a top cybersecurity concern this year, there is still an alarming lack of implementation for most companies, according to Traceable AI. Companies overlook API security Companies are struggling with unchecked API sprawl, lack of clarity on…

Read more →

In the fast-evolving landscape of technology and connectivity, ensuring the security of operational technology (OT) systems has become a paramount concern for organizations worldwide. In this Help Net Security video, Daniel Bren, CEO at OTORIO, discusses a significant discrepancy between…

Read more →

Google Cloud announced the opening of its Doha cloud region at an official launch event attended by ministers from the Qatari Cabinet and executives from leading Qatari businesses, with the cooperation of the Ministry of Communications and Information Technology (MCIT)…

Read more →

Onfido acquired Airside Mobile to deliver user-controlled, shareable digital identity designed with data privacy and time-saving convenience at its core. Airside’s shareable digital identity technology has been used by over 10 million travelers and is trusted by major U.S. government…

Read more →

A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after publishing a technical analysis and a PoC script that triggers the vulnerability and achieves a reverse…

Read more →

IBM announced a 10-year, $100 million initiative with the University of Tokyo and the University of Chicago to develop a quantum-centric supercomputer powered by 100,000 qubits. Quantum-centric supercomputing is an entirely new, and as of now, unrealized, era of high-performance…

Read more →

With an increasing number of endpoints and expanding attack surfaces, dodgy apps can offer a way around your firewall. Due to data privacy concerns, Montana has passed the first bill in the United States to ban TikTok. Previously, India has…

Read more →

Managing compliance doesn’t have to be draining, time-consuming, or overly complicated. In this Help Net Security video, Wesley Van Zyl, Senior Manager, Compliance Success at Scytale, discusses how keeping track of all your security controls can be challenging, particularly when…

Read more →

The identity verification market is experiencing a significant surge in growth. In recent years, many solutions have emerged to assist businesses in establishing trust and facilitating remote user onboarding. This demand arises from the alarming rise in identity fraud, which…

Read more →

The demand for robust, reliable, and high-speed connectivity is increasing rapidly in the era of relentless digital transformation. This Help Net Security interview with Tiago Rodrigues, CEO at Wireless Broadband Alliance (WBA), delves into the future of enterprise networking, exploring…

Read more →

Before taking on the role as GM of IAI’s cyber division, Esti Peshin was a member of Israel’s parliament, wielding both legislation and regulation to strengthen the country’s renowned high-tech ecosystem. Despite her commitments, Esti shared with the Left to…

Read more →

The majority of organizations use six or more communication tools, across channels, with email remaining the channel seen as the most vulnerable to attacks (38%), according to Armorblox. Respondents mentioned multi-channel attacks are gaining momentum and frequency. More than half…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409) Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for…

Read more →

Zerto has announced the launch of Zerto 10 for Microsoft Azure, delivering enhanced disaster recovery (DR) and mobility for complete infrastructure flexibility. Zerto 10 delivers a new replication architecture for scale-out efficiency and native protection of Azure Virtual Machines (VMs).…

Read more →

Accenture has made a strategic investment, through Accenture Ventures, in SpiderOak. SpiderOak’s OrbitSecure product suite brings zero trust security to zero gravity environments. OrbitSecure leverages a combination of no-knowledge encryption and distributed-ledger technology in order to meet the demands of…

Read more →

New Relic has unveiled a new, integrated experience for its infrastructure monitoring and application performance monitoring (APM) capabilities that correlates the health and performance of applications and hosts in real-time. Engineers, DevOps, and ITOps can now diagnose application and infrastructure…

Read more →

NTT and Cisco have announced a collaboration to develop and deploy joint solutions that empower organizations to improve operational efficiencies and advance sustainability goals. Leveraging NTT’s Edge as a Service portfolio and Cisco’s IoT capabilities, solutions developed by the two…

Read more →

Zerto launched a new real-time encryption detection mechanism and air-gapped recovery vault for enhanced hybrid cloud protection and security against cyber threats. These new features are part of Zerto 10, which includes advanced detection mechanisms that allow users to monitor…

Read more →

Check Point announces its Next-Generation Cloud Firewall natively integrated with Microsoft Azure Virtual WAN to provide customers with improved security. The integration provides advanced threat prevention and multi-layered network security across public, private and hybrid-clouds, enabling businesses to confidently migrate…

Read more →

Juniper Networks and ServiceNow have formed a partnership to deliver end-to-end automation for managed service providers and enterprises. With this newly formed collaboration leveraging Juniper Mist Cloud and ServiceNow Telecom Service Management and Order Management for Telecom, joint customers can…

Read more →

Strata Identity has unveiled the latest version of the Maverics platform that enables customers to unify ID Orchestration functions between legacy on-premises, modern cloud, and multi-vendor environments without rewriting their applications. With Maverics, businesses easily create a vendor-agnostic identity fabric…

Read more →

Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that “may have been actively exploited.” The notes accompanying the updates also revealed that…

Read more →

Researchers have developed DarkBERT, a language model pretrained on dark web data, to help cybersecurity pros extract cyber threat intelligence (CTI) from the Internet’s virtual underbelly. DarkBERT pretraining process and evaluated use case scenarios (Source: KAIST/S2W) DarkBERT: A language model…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Bitwarden, Cloudflare, ComplyAdvantage, Enzoic, Neurotechnology, Nozomi Networks, and Satori. ComplyAdvantage Fraud Detection identifies and prevents transaction fraud Fraud Detection uses AI and machine learning algorithms…

Read more →

DDoS attacks appear to reflect major geo-political challenges and social tensions and have become an increasingly significant part in the hybrid warfare arsenal, according to Arelion. As the Ukrainian authorities sought a safe harbour for digital state registries and databases,…

Read more →

AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive vulnerability chase, according to Backslash Security. Costly ‘defensive tax’ Notably, 58% of…

Read more →

Phishing scams pose an escalating danger as cybercriminals employ increasingly sophisticated techniques, rendering their detection and prevention more challenging. In this Help Net Security video, Abhilash Garimella, Head of Research at Bolster, talks about the evolution of phishing and scam…

Read more →

1Password has launched Passage by 1Password — a standalone authentication solution that enables businesses to implement passkeys for apps and websites. Passage by 1Password allows businesses to eliminate the hassle of passwords and reduce cart abandonment without building their own…

Read more →

Bitwarden released Bitwarden Passwordless.dev, the developer toolkit with an extensive, easy-to-deploy API for integrating FIDO2 WebAuthn-based passkeys into consumer websites and enterprise applications. The news comes as public interest in passwordless technology is on the rise. Recent research found that…

Read more →

ServiceNow and NVIDIA have joined forces to develop generative AI capabilities that can transform business processes with workflow automation. Using NVIDIA software, services, and accelerated infrastructure, ServiceNow is developing custom large language models trained on data specifically for its ServiceNow…

Read more →

Komprise has released new governance and self-service capabilities that simplify departmental use of Deep Analytics, a query-based way to find and tag file and object data across hybrid cloud storage silos. IT organizations need to maintain data governance and data…

Read more →

Concentric AI announced a deep-learning driven detection capabilities to find any type of hardcoded secrets and key credentials (e.g. API keys, encryption keys, tokens, passwords, etc.) in today’s most popular enterprise on-premise and cloud data repositories, as well as email…

Read more →

ExtraHop released a new capability that offers organizations visibility into employees’ use of AI as a Service (AIaaS) and generative AI tools, like OpenAI ChatGPT. Organizations can now benefit from a better understanding of their risk exposure and whether or…

Read more →

Kyndryl has expanded strategic partnership with SAP focused on developing new solutions to help customers solve their most complex digital business transformation challenges. Under their expanded collaboration, the companies have leveraged SAP Business Transformation Center and vast ERP systems know-how,…

Read more →

Teradata and FICO announced they plan to bring to market integrated advanced analytic solutions for real-time payments fraud, insurance claims, and supply chain optimization. Bringing data, analytics and insights together in one environment streamlines the development of solutions for use…

Read more →

New Relic has announced an integration with AWS Systems Manager Distributor to provide a native experience to automatically deploy the New Relic monitoring infrastructure agent via the AWS Command Line Interface (CLI) and any AWS infrastructure-as-code (IaC) tooling to streamline…

Read more →

BeeKeeperAI has released EscrowAI, a zero trust collaboration platform. EscrowAI leverages Azure confidential computing to resolve the challenges of data sovereignty, privacy, and security. In healthcare, EscrowAI enables HIPAA-compliant research on full PHI without exposing the patient data, thereby reducing…

Read more →

Aqua Security integrates with the ServiceNow to enable joint customers to identify vulnerabilities in running containers with the broadest coverage across operating systems and programming languages, and with the highest accuracy. Security and application teams can automate vulnerability triage, identify…

Read more →

Nine vulnerabilities – 4 of them critical – have been found in a variety of Cisco Small Business Series Switches. PoC exploit code is available (but not public), and there is no indication that they are being exploited in the…

Read more →

A steady increase in cyberattacks and evolving threat landscape are resulting in more organizations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams’ real-world cyber capabilities, according Immersive…

Read more →

In this Help Net Security video interview, Or Weis, Co-Founder and CEO of Permit.io, discusses an innovative approach to managing permissions and access control within applications. We will explore policy as code and how it addresses organizations’ challenges in managing…

Read more →

In this Help Net Security interview, we meet a prominent industry leader. Brian Behlendorf, CTO at the Open Source Security Foundation (OpenSSF), shares insights on the influence of his experiences with the White House CTO office, World Economic Forum, and…

Read more →

The Identity Theft Resource Center (ITRC) has documented incidents of identity theft reported during 2022 and the first quarter of 2023, highlighting the use of strategies by criminals to convince people to willingly share protected information. The number of reported…

Read more →

Acronis has announced the general availability of Acronis Advanced Security + Endpoint Detection & Response (EDR) for Acronis Cyber Protect Cloud. With new capabilities such as AI-based attack analysis, Acronis EDR reduces complexity and simplifies workflows for a more streamlined…

Read more →

Enzoic launched an identity monitoring offering, enabling organizations to continuously track and ensure their users’- whether its customers or employees– personally identifiable information (PII) has not been exposed. This reduces the risk of identity theft and the data being used…

Read more →

Satori has released Posture Management, a new capability within Satori’s platform that monitors the authorization of users to data across all of a company’s data stores. In addition, Satori announced the availability of Data Store Discovery, which scans and monitors…

Read more →

Boomi has released Boomi AI – a conversational user experience that harnesses generative AI to connect and integrate applications, data, processes, people, and things across organizations – creating business outcomes faster than ever before. “The introduction of Boomi AI marks…

Read more →

Next DLP (“Next”) has unveiled a new integration between Splunk and the company’s Reveal platform. The new technology partnership bolsters visibility, protection, and leverages customer’s investment in existing security solutions to improve incident response effectiveness. “Data is constantly in-use and…

Read more →

Barracuda Networks announced a new platform called Barracuda SecureEdge, a SASE solution that helps make hybrid and remote work easier to secure. Barracuda SecureEdge integrates Barracuda’s Secure SD-WAN, Firewall-as-a-Service, Zero Trust Network Access, and Secure Web Gateway capabilities. Using a…

Read more →

Cleo has entered into a global partnership with Cognizant to power the Cognizant Cloud Integration Brokerage (CCIB) for the enterprise market. This new B2B platform-as-a-service solution, which comprises elements from Cleo’s offering, the Cleo Integration Cloud, will be named “CCIB,…

Read more →

ServiceNow has announced new generative AI capabilities for the Now Platform to help deliver workflow automation. The new solutions—ServiceNow Generative AI Controller and Now Assist for Search—expand ServiceNow’s AI functionality with built-in capabilities that apply the power of generative AI…

Read more →

Neurotechnology announced the expansion of the MegaMatcher product line with the release of the MegaMatcher Identity Management System (IDMS). The new end-user-focused system is capable of handling a variety of different tasks from identity registry formation to comprehensive administration for…

Read more →

Ammune.ai (Formerly L7 Defense), has integrated its API security solution ammune, with the Intel NetSec Accelerator Reference Design, providing node-based protection for Kubernetes clusters from API attacks. The deployment architecture incorporates the integration of ammune RT-units with the Intel NetSec…

Read more →

Inseego has launched the next-generation 5G indoor router FX3100, with UScellular. The new upgraded FX3100, which includes the Qualcomm Snapdragon X62 5G Modem-RF System, adds new capabilities to the current generation FX2000. The new FX3100 solution brings fast broadband internet…

Read more →

With BlindBox, you can use Large Language Models without any intermediary or model owner seeing the data sent to the models. This type of solution is critical today, as the newfound ease-of-use of generative AI (GPT4, MidJourney, GitHub Copilot…) is…

Read more →

A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still unfixed and that…

Read more →

Zscaler announced that Syam Nair has been appointed as the company’s Chief Technology Officer and EVP of Research and Development. In this role, Nair will be responsible for driving the research and development engines to expand Zscaler’s Zero Trust Exchange…

Read more →

Amartus has partnered with ServiceNow to offer Enterprises and Service Providers a combined solution for rapid implementation of MEF LSO (Life-cycle Service Orchestration) industry standard processes and APIs to automate trading & operation of services that underpin todays Enterprise Network…

Read more →

Veza has unveiled that the Veza Authorization Platform is now available on the Snowflake Data Cloud. With this integration, joint customers can now manage access permissions and secure their sensitive data at scale. By leveraging the Snowflake Data Cloud, Veza…

Read more →

Entro announced $6 million in seed funding led by StageOne Ventures and Hyperwise Ventures. Founded by CEO Itzik Alvas and CTO Adam Cheriki to address secret-based breaches, Entro continuously monitors and protects secrets and programmatic access to cloud services and…

Read more →

Eagle Eye Networks and Brivo announced one of the largest investments to date in cloud physical security. SECOM, one of the largest security integration companies in the world, according to Forbes Global 2000, has made a primary equity investment of…

Read more →

A Chinese state-sponsored APT group implanted malicious firmware into TP-Link routers as part of attack campaigns aimed at European foreign affairs entities, say Check Point researchers. Custom malicious firmware for TP-Link routers The malicious firmware was exclusively created for TP-Link…

Read more →

A week after Twitter announced it will be removing idle accounts after 30 days of inaction, Google has updated its account inactivity policy. Updates to the Google account inactivity policy Google says that the updated policy is effective immediately, but…

Read more →

Sophos researchers uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users. These apps have popped up in the Google Play and Apple App Store. Because the free versions have near-zero functionality and constant ads, they coerce unsuspecting users…

Read more →

A new risk emerges in the digital era, where open-source software has become a fundamental pillar in developing innovative applications. The threat? Malicious open-source components. In this Help Net Security video, Henrik Plate, Lead Security Researcher at Endor Labs, discusses…

Read more →

In 2021, the Biden Administration published the Executive Order on Improving the Nation’s Cybersecurity (EO 14028), setting off an agency-wide security initiative with the ultimate objective of standardizing security requirements across the Department of Defense (DoD) and the Federal Civilian…

Read more →

The Center for Internet Security (CIS) recently celebrated 20 years of bringing confidence to the connected world with consensus-based security guidance. The first CIS Benchmark was released in 2000. Today, there are more than 100 CIS Benchmarks configuration guidelines across…

Read more →

Infostealer malware, which consist of code that infects devices without the user’s knowledge and steals data, remains widely available to buy through underground forums and marketplaces, with the volume of logs, or collections of stolen data, available for sale increasing…

Read more →