Tag: Help Net Security

The Western Digital online store is offline as a result of the “network security incident” it suffered in March 2023. Users have been notified On May 5, 2023, the company emailed its customers to say that an unauthorized party obtained…

Read more →

AI technology is fueling a rise in online voice scams, with just three seconds of audio required to clone a person’s voice, according to McAfee. McAfee surveyed 7,054 people from seven countries and found that a quarter of adults had…

Read more →

The rise of AI-generated identity fraud like deepfakes is alarming, with 37% of organizations experiencing voice fraud and 29% falling victim to deepfake videos, according to a survey by Regula. In this Help Net Security video, Henry Patishman, Executive VP…

Read more →

A key term when discussing encryption these days is end-to-end (E2E) encryption. The idea with E2E encryption is that data is kept confidential between the encryptor and the intended receiver. This might seem an obvious requirement, but not all so-called…

Read more →

Paul Cha is a cyber and product security leader, serving as the VP of Cybersecurity at LG Electronics Vehicle component Solutions. Paul held critical positions at Synopsis, Ford Motor Company, and Samsung before joining LG. He found his way to…

Read more →

Businesses worldwide are eagerly embracing the potential for AI to provide personalized customer experiences, but customers remain cynical, according to Twilio. This year’s report underscores the value of an AI-driven personalization strategy for brands looking to both retain existing customers…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Former Uber CSO avoids prison for concealing data breach Joe Sullivan, the former Uber CSO who has been convicted last year for attempting to cover…

Read more →

CACI announced a strategic partnership to provide the DarkPursuit capability within the Torchlight Catalyst platform. This partnership will provide Torchlight customers, mainly Special Operations Forces (SOF), with safe and secure access to browse the open, deep, and dark web. “We…

Read more →

Mirantis announced the latest update of open source k0s, which adds compatibility with the latest release of Kubernetes 1.27, as well as improvements and bug fixes to k0s. The latest update of Mirantis k0s makes improvements that simplify installation and…

Read more →

AutoCrypt KEY enables OEMs and suppliers to manage all types of cryptographic keys used for the components of connected and electric vehicles. Modern vehicles function through communications, including internal communications between ECUs and application processors, and external connections with nearby…

Read more →

Joe Sullivan, the former Uber CSO who has been convicted last year for attempting to cover up a data breach Uber suffered in 2016 and kept it hidden from the Federal Trade Commission (FTC), has been sentenced to three years…

Read more →

Edgecore Networks has partnered with Wedge Networks to offer a next-generation network security solution to its customers. Wedge Networks’ Wedge Cloud Network Defense (WedgeCND), a cloud-managed security service designed to provide comprehensive security protection, is now available as an add-on…

Read more →

Cisco has revealed the existence of a critical vulnerability (CVE-2023-20126) in the web-based management interface of Cisco SPA112 2-Port Phone Adapters. The adapters are widely used to integrate analog phones into VoIP networks without the need for an upgrade. About…

Read more →

OneTrust announces AI-driven document classification to help organizations more accurately and completely identify and classify unstructured data and automatically apply governance and protection policies. “An organization’s data is what fuels innovation and gives them a competitive edge,” said Blake Brannon,…

Read more →

Edgecore Networks has partnered with Wedge Networks to offer a next-generation network security solution to its customers. Wedge Networks’ Wedge Cloud Network Defense (WedgeCND), a cloud-managed security service designed to provide comprehensive security protection, is now available as an add-on…

Read more →

The April Patch Tuesday releases were unusual because we saw a whopping 62 vulnerabilities addressed in the Microsoft Server 2012 KBs. Granted there was a lot of overlap with the CVEs addressed in Windows 10 and 11, but compared to…

Read more →

Satori released Universal Data Permissions Scanner, a free, open-source tool that enables companies to understand which employees have access to what data, reducing the risks associated with overprivileged or unauthorized users and streamlining compliance reporting. Who has access to what…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Dashlane, Immersive Labs, Intruder, Private AI, Vanta, and Veza. Immersive Labs Resilience Score strengthens executive decision making in cyber crises Immersive Labs Resilience Score helps…

Read more →

In the first quarter of 2023 there was a significant increase in cyberattacks exploiting trust in established tech brands Microsoft and Adobe, according to Avast. The Avast report also found a 40% rise in the share of phishing and smishing…

Read more →

Cyber-risk levels have improved from “elevated” to “moderate” for the first time, but insiders represent a persistent threat for global organizations, according to Trend Micro. Jon Clay, VP of threat intelligence at Trend Micro: “For the first time since we’ve…

Read more →

AppOmni announced free Salesforce Community Cloud Scanner to help organizations secure their Salesforce Community websites from data exposure risks and misconfigurations. Salesforce data leaks recently identified by Krebs on Security have resulted in exposure of numerous Salesforce Community Cloud customers’…

Read more →

The City of Dallas, Texas, has suffered a ransomware attack that resulted in disruption of several of its services. What do we know so far? “Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a…

Read more →

Airgap Networks announced that it is bringing the power of AI to its Zero Trust Firewall with ThreatGPT. Built on an advanced AI/ML model designed to protect enterprises from evolving cyber threats, ThreatGPT delivers a new level of insight and…

Read more →

HUB Security entered into an agreement for up to $16 million in gross proceeds from Lind Global Asset Management VI LLC, an investment entity managed by The Lind Partners, a New York based institutional fund manager (together, “Lind”). This investment…

Read more →

Criminal IP, an OSINT-based search engine provided by AI Spera, launched a new WordPress plugin called Anti-Brute Force, Login Fraud Detector, also known as Criminal IP FDS (Fraud Detection System). This latest development promises to revolutionize the digital security landscape…

Read more →

Arthur introduced a powerful addition to its suite of AI monitoring tools: Arthur Shield, a firewall for large language models (LLMs). This patented new technology enables companies to deploy LLM applications like ChatGPT more safely within an organization, helping to…

Read more →

Intruder has launched its continuous attack surface monitoring capabilities. The company’s new premium plan offering takes vulnerability management to the next level with continuous coverage, increasing visibility and transparency of external attack surfaces. On average, 65 new vulnerabilities are discovered…

Read more →

Protecto announced it has been able to boost the performance of its privacy models on NVIDIA GPUs, allowing the discovery of privacy issues up to 10x faster than before. With the help of powerful NVIDIA GPU technology, Protecto has delivered…

Read more →

Employing proprietary architecture, the Aegis NVX is the first Apricorn encrypted device to feature an NVME SSD inside, to address the immediate protection of raw data delivered directly from its source at high speeds. Initial capacity offerings will be 500GB,…

Read more →

“Since the beginning of 2023 until the end of April, out of 13,296 new domains created related to ChatGPT or OpenAI, 1 out of every 25 new domains were either malicious or potentially malicious,” Check Point researchers have shared on…

Read more →

BSidesLjubljana 0x7E7, a non-profit conference organized by the information security community, will take place on June 16, 2023, at the C111 Computer Museum. The deadline for the call for papers (CFP), initially set for April 30, has been extended for…

Read more →

The success of ChatGPT, a text-generation chatbot, has sparked widespread interest in generative AI among millions of people worldwide. According to Jumio’s research, 67% of consumers globally are aware of generative AI technologies, and in certain markets, such as Singapore,…

Read more →

Ensuring the security of the open-source software that modern organizations depend on is a crucial responsibility of the open source maintainers, especially as attacks on the software supply chain are increasingly common, according to Tidelift. Open source software security In…

Read more →

75% of organizations typically change or update their APIs on a daily or weekly basis, creating a significant challenge for protecting the changing API attack surface, according to Data Theorem and ESG. Insecure APIs plague organizations In a related finding,…

Read more →

Amazon Inspector is designed to manage vulnerabilities by continuously scanning your AWS workloads for software vulnerabilities and unintended network exposure across your entire organization. Upon activation, Amazon Inspector automatically detects all your Amazon Elastic Compute Cloud (EC2) instances, container images…

Read more →

Avetta has released the Cyber Risk Solution, providing a quantitative score that evaluates cyber health in 10 areas and delivers an aggregate grade for each supplier. The Avetta One feature offers a diagnostic cyber health check that identifies potential risk…

Read more →

Keysight Technologies has launched a new cybersecurity partnership program for managed security service providers (MSSP) to improve the security posture of organizations using the breach and attack simulation (BAS) capabilities of Keysight Threat Simulator. Cyberattacks are on the rise and…

Read more →

Dashlane introduced Passwordless Login, a technology that eliminates the need to create a master password to access Dashlane. The company was the first password manager to offer an extension that supports passkeys and this is the next step in that…

Read more →

Five years ago, security researcher Fernandez Ezequiel discovered a vulnerability (CVE-2018-9995) in many digital video recorder (DVR) brands and released a tool for exploiting it. The vulnerability is still being exploited in the wild, FortiGuard Labs warns: the company’s intrusion…

Read more →

ManageEngine announced that its identity security solution, ADSelfService Plus, now offers offline MFA for Windows. This new feature allows organizations to secure their data with next-gen authentication methods that prevent unsecured access to remote machines even when they are disconnected…

Read more →

Vanta launched Vendor Risk Management (VRM) solution, enabling organizations to accelerate, automate and simplify third-party vendor security reviews and due diligence. Featuring vendor auto-discovery and continuous vendor assessment and remediation workflows, Vanta’s VRM offering significantly reduces the time and costs…

Read more →

Users can now create passkeys for their Google account, the company has announced on Wednesday. Passkeys will enable users to sign in to their Google account on all major platforms and browsers with their fingerprint, face recognition, or a local…

Read more →

Location-tracking devices help users find personal items like their keys, purse, luggage, and more through crowdsourced finding networks. However, they can also be misused for unwanted tracking of individuals. Apple and Google jointly submitted a proposed industry specification to help…

Read more →

Immersive Labs announced the launch of the Immersive Labs Resilience Score. The score measures an organization’s workforce preparedness for cyber attacks and breaches based on Immersive Labs’ years of benchmarking data across industry verticals. The score will help organizations identify…

Read more →

T-Mobile has revealed a second data breach that occurred in 2023, which reportedly exposed customer data and account PINs, leaving many T-Mobile users vulnerable to potential fraud and identity theft. What happened? The attack started on February 24 and lasted…

Read more →

In September 2023, Google Chrome will stop showing the lock icon when a site loads over HTTPS, partly due to the now ubiquitous use of the protocol. The misunderstood Lock icon It took many years, but the unceasing push by…

Read more →

Attackers are finding new ways to evade detection and blend in with normal network traffic using HTTP and HTTPS to deliver malware, according to Netskope. On average, five out of every 1,000 enterprise users attempted to download malware in Q1…

Read more →

Development teams utilize automation through Infrastructure as Code (IaC) to facilitate rapid and frequent changes to their cloud-native architectures. Security teams must adopt automation and incorporate security measures into code to keep up with the quickly evolving software development. Now,…

Read more →

As outside economic pressures continue to shape how organizations think and allocate resources, data security continues to be a high priority. Due to their dependence on data to innovate and reduce expenses, many businesses are significantly more exposed to the…

Read more →

Veza has unveiled Veza for SaaS Apps, a solution to deliver access security and governance across SaaS applications, including Salesforce, JIRA, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. The solution allows customers to automate access reviews, find and fix privilege…

Read more →

KnectIQ has introduced SelectiveTRUST, the zero trust-based platform that prevents credential misuse to mount initial intrusions and credential-based privilege escalation by bad actors. Additionally, the security architecture and flexibility of SelectiveTRUST: Assures Trusted Connectivity, secure communication, and data sharing, at…

Read more →

Hopefully, you’ve been working with the Center for Internet Security (CIS) on securing your cloud infrastructure for a while now. Initially, you might have used our CIS Benchmarks and other free resources to manually configure your operating systems in the…

Read more →

Box unveiled Box AI, a new suite of capabilities that will natively integrate advanced AI models into the Box Content Cloud, bringing Box’s enterprise-grade standards for security, compliance, and privacy to this breakthrough technology. Box AI will make it easier…

Read more →

CYTRIO has introduced a data privacy UX platform that includes consent and preference management, do not sell my information, Data Subject Access Request (DSAR) management, and policy templates in one data privacy compliance platform. Businesses of all sizes can now…

Read more →

Trellix expanded support for Amazon Security Lake from AWS, designed to automatically centralize security data from cloud, on-premises, and custom sources into a purpose-built data lake. This offering is designed to enable simpler and faster delivery of Trellix XDR solutions…

Read more →

Spin.AI has partnered with Google to integrate its new Chrome Extension Risk Assessment in Chrome Browser Cloud Management. This free tool gives administrators increased visibility into browser extensions detected across the Chrome ecosystem and allows SecOps teams to better assess…

Read more →

Conceal announced partnership with Moruga to help organizations of all sizes monitor and detect malicious activity at the edge. Moruga’s proprietary Cybhermetics security platform aggregates industry-leading cybersecurity companies to create the Zero Day Protection Suite. This cybersecurity bundle combines a…

Read more →

Appdome has released a pre-built integration between its platform and GitLab that is part of Appdome’s Dev2Cyber Partner initiative to accelerate delivery of secure mobile apps globally. “This new integration allows mobile brands to use GitLab to build any of…

Read more →

A recently patched vulnerability (CVE-2023-21932) in Oracle Opera, a property management system widely used in large hotel and resort chains, is more critical than Oracle says it is and could be easily exploited by unauthenticated remote attackers to access sensitive…

Read more →

There has been a noted increase in malvertising via Google Ads this year, aimed at tricking users into downloading malware; among these malicious payloads is LOBSHOT, an infostealer that can also establish and keep long-term remote control of target computers…

Read more →

The security updating of iPhones, iPads and Macs has entered a new stage: Apple has, for the first time, released a Rapid Security Response to owners of the devices running the latest versions of its operating systems. Apple Rapid Security…

Read more →

Researchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that’s capable of copying saved credentials from the Google Chrome login data folder. ChatGPT has not released an official desktop client, but this bogus version looks remarkably similar…

Read more →

Private AI launched PrivateGPT, a new product that helps companies safely leverage OpenAI’s chatbot without compromising customer or employee privacy. “Generative AI will only have a space within our organizations and societies if the right tools exist to make it…

Read more →

Onfido announced that its Real Identity Platform services are now available for Salesforce Financial Services Cloud customers. Financial Services Cloud customers now have access to a suite of Onfido’s services, including Onfido’s library of global identity verification tools, Studio, Onfido’s…

Read more →

Security analysts face the demanding task of investigating and resolving increasing volumes of alerts daily, while adapting to an ever-changing threat landscape and keeping up with new technology. To complicate matters further, the cybersecurity workforce gap – which increased by…

Read more →

Organizations have strengthened security measures and become more resilient, but threat actors are still finding ways through, according to BakerHostetler. “We launched the Data Security Incident Response Report nine years ago because we recognized that organizations were making data-driven decisions…

Read more →

Insider attacks such as fraud, sabotage, and data theft plague 71% of U.S. businesses, according to Capterra. These schemes can cost companies hundreds of thousands of dollars and the vast majority of businesses (79%) say they take longer to uncover…

Read more →

In this Help Net Security interview, Filipe Beato, Lead, Centre for Cybersecurity, World Economic Forum, shares his expertise on the correlation between the digitization of the manufacturing sector and the rise in cyberattacks. He delves into the far-reaching impact of…

Read more →

Excessive privileges are a continuing headache for security professionals. As more organizations migrate assets to the cloud, users with excessive permissions can expand the blast radius of an attack, leaving organizations open to all sorts of malicious activity. Cloud environments…

Read more →

Companies’ operating models today are significantly more complex than they were just a couple of years ago, according to BeyondTrust. Remote employees accessing key systems and data, more applications, and information stored and flowing through the cloud, are all helping…

Read more →

Bot attacks were previously seen as relatively inconsequential type of online fraud, and that mentality has persisted even as threat actors have gained the ability to cause significant damage to revenue and brand reputation, according to HUMAN. Bad bot traffic…

Read more →

In this Help Net Security video interview, cybersecurity entrepreneur, founder, innovator, and investor William Lin discusses his new book – The VC Field Guide. In this book, Lin demystifies the inner workings of venture capital. He offers a guide on…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Abnormal Security, Arista Networks, Armorblox, BigID, Binarly, Cofense, Cyera, Cynalytica, D3 Security, Eclypsium, GitGuardian, Guardz, Halo Security, Immuta, Malwarebytes, ManageEngine, Netskope, Obsidian Security, Searchlight Cyber,…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RSA Conference 2023 RSA Conference 2023 took place at the Moscone Center in San Francisco. Check out our microsite for related news, photos, product releases,…

Read more →

The UK Cyber Security Councilv has launched the first phase of its certification mapping tool. It has been created to map all available cyber security certifications onto the 16 specialisms identified by the Council, with the first phase now available.…

Read more →

Codenotary has unveiled SBOMcenter, providing a central, secure place for software producers and consumers to freely generate, store and share Software Bills of Materials (SBOMs). In May 2021, the US government issued an executive order requiring federal agencies to adopt…

Read more →

CSI has released its new robust IT Governance Services, which is available within its Advisory Services offering. Coupled with CSI’s Compliance & Risk Management Services, IT Governance Services combines domain expertise with leading compliance technology. The result is a holistic…

Read more →

The Commission adopted the first designation decisions under the Digital Services Act (DSA), designating 17 Very Large Online Platforms (VLOPs) and 2 Very Large Online Search Engines (VLOSEs) that reach at least 45 million monthly active users. These are: Very…

Read more →

Password resets could unnecessarily cost FTSE 100 businesses over $156 million every month, according to MyCena Security Solutions. This raises the question of the necessity of password resets, at a time when organisations must identify cost savings to survive the…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, Arista Networks, Cyera, Eclypsium, Halo Security, Immuta, ManageEngine, and Traceable AI. Abnormal Security expands its platform and launches new products Abnormal Security launched…

Read more →

Generative AI has captured the imagination of millions worldwide, largely driven by the recent success of ChatGPT, the text-generation chatbot. Our new research showed that globally, 67% of consumers have heard of generative AI technologies, and in some markets, like…

Read more →

5G connectivity has reached a tipping point globally as 5G networks are now active in 47 of the world’s 70 largest economies by GDP, according to Viavi. VIAVI revealed that there are 2,497 cities globally with commercial 5G networks, across…

Read more →

Over the last two years, respondents reported a continued reliance on the least secure forms of authentication, including traditional usernames and passwords and one-time passwords (OTPs), according to Yubico. Not all MFA is equal The results are surprising considering 59%…

Read more →

With the iShield Key Pro, Swissbit is expanding its range of hardware security keys with more than simply another FIDO stick. Thanks to the addition of further security standards and features, the new security key provides even more flexibility for…

Read more →

RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. The Early Stage Expo is an innovation space dedicated to promoting up-and-comers in the…

Read more →

RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part 1 of the photos is here, and Part 2 is here. Here are…

Read more →

At RSA Conference 2023, Thales launched CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP), an optional licensed feature to the CipherTrust Data Security Platform. CTE-RWP will elevate the protection of customer files and folders from ransomware attacks via access management controls and…

Read more →

Skyhigh Security announced the addition of several new capabilities to its Security Service Edge (SSE) portfolio at RSA Conference 2023. The features and functionality converged in the Skyhigh Cloud Platform reinforce Skyhigh Security’s mission to protect the world’s data with…

Read more →

Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers. The detected campaings “Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in…

Read more →

ThreatX announced the expansion of its platform offering with the release of a new Botnet Console and API catalog 2.0. These new dashboards, unveiled at RSA Conference 2023, will help security teams rapidly investigate automated threats and attempts to abuse…

Read more →

GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private vulnerability reporting feature provides a direct collaboration channel that allows researchers to more easily report vulnerabilities,…

Read more →

The use of artificial intelligence can result in the production of deepfakes that are becoming more realistic and challenging to differentiate from authentic content, according to Regula. Companies view fabricated biometric artifacts such as deepfake videos or voices as genuine…

Read more →

Are we moving too fast with AI? This is a central question both inside and outside the tech industry, given the recent tsunami of attention paid to ChatGPT and other generative AI tools. Nearly all tech companies are moving to…

Read more →

Security compliance often feels like the ever-present task that looms over every angle of your role as Chief Information Security Officer. Yet, regardless of the hours spent managing it, something can always slip through the cracks. In this eBook, we’re…

Read more →

As their hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production environments, CISOs find it increasingly difficult to keep their software secure, according to…

Read more →

Travelers should avoid public USB charging stations at airports, hotels, and other venues, as they may harbor malicious software. Designed for both data and power transmission, USB connections lack a solid barrier between the two. Over the years, as smartphones…

Read more →

Tessian launched Tessian Respond, a major improvement in how security teams identify and respond to email threats compared to traditional secure email gateway solutions. Security teams today face a backlog of end-user reported email threats, missed attacks by traditional controls,…

Read more →

Accenture and Palo Alto Networks are collaborating to deliver joint secure access service edge (SASE) solutions powered by Palo Alto NetworksAI-powered PrismaSASE, enabling organizations to improve their cyber resilience and accelerate business transformation efforts. The transition to remote work and…

Read more →

At RSA Conference 2023, Forcepoint extended the depth and breadth of its Data-first SASE (Secure Access Service Edge) offering with the launch of Forcepoint Data Security Everywhere. Forcepoint is simplifying enterprise DLP management across cloud, web and private apps and…

Read more →

Graylog announced at the RSA Conference 2023 Graylog 5.1 with new incident investigation and enhancements to its cybersecurity solution. Currently available in Beta, version 5.1 of Graylog Security and the Graylog Platform will be GA in May 2023. With the…

Read more →