Tag: Help Net Security

Cynet announced its presence at RSA Conference 2023 with new updates to its cybersecurity solution. The company is on track to release the latest version of its platform in Q2 2023, with all new domain filtering capabilities, enhanced Playbook Summary…

Read more →

An insecure default configuration issue (CVE-2023-27524) makes most internet-facing Apache Superset servers vulnerable to attackers, Horizon3.ai researchers have discovered. Administrators in charge of Apache Superset instances should check whether they are among that lot, upgrade them to a fixed version,…

Read more →

At RSA Conference 2023, Uptycs unveiled the ability to collect and analyze GitHub audit logs and user identity information from Okta and Azure AD to reveal suspicious behavior as the developer moves code in and out of repositories and into…

Read more →

RSA Conference 2023 is taking place in San Francisco this week, and this video provides a closer look at this year’s event. The post RSA Conference 2023 video walkthrough appeared first on Help Net Security. This article has been indexed…

Read more →

ExtraHop launched ExtraHop IDS, which integrates with the ExtraHop Reveal(x) platform to offer a new, simplified approach to intrusion detection for deeper coverage and full-spectrum investigation. As part of its release, ExtraHop also announced several product enhancements, including Automated Retrospective…

Read more →

At RSA Conference 2023, Code42 announced that it has added real-time blocking capabilities to the Incydr IRM solution. The enhancement allows security teams to prevent unacceptable data exfiltration without the management burden, inaccuracy, and endpoint impact of content-based policies. Insider…

Read more →

Traceable AI launched Zero Trust API Access to help organizations better protect sensitive data, stop API abuse, and align data security programs with broader innovation and business objectives. Traceable’s Zero Trust API Access actively reduces attack surface by minimizing or…

Read more →

At RSA Conference 2023, Sophos announced that its vendor-agnostic Managed Detection and Response (MDR) service has grown its customer base by 33% in the first six months since introducing the service’s ability to ingest and analyze telemetry from third-party security…

Read more →

VMware has fixed one critical (CVE-2023-20869) and three important flaws (CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) in its VMware Workstation and Fusion virtual user session software. The former allows users to run multiple x86-based operating systems on one PC, while the latter runs…

Read more →

ManageEngine, the enterprise IT management division of Zoho Corporation, launched the MSSP Edition of its cloud-based SIEM solution, Log360 Cloud. According to a recent ManageEngine study, organizations are currently facing a shortage of cybersecurity staff. With budgeting constraints and the…

Read more →

Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync (effectively: back up) their codes to their Google account. A long-awaited option Before this update, losing one’s mobile device…

Read more →

In this Help Net Security interview, Eve Maler, CTO at ForgeRock, talks about how digital identities continue to play a critical role in how we access online services securely. Maler also highlights the challenges encountered by various industries in implementing…

Read more →

The increase in reported ransomware victims across Q1 2023 reflects the continued prevalence of ransomware as a worldwide, industry agnostic threat, according to GuidePoint Security. The report is based on data obtained from publicly available resources, including threat groups themselves,…

Read more →

In just under a year’s time, organizations will have had to comply with several new requirements under version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS). About PCI DSS PCI DSS comprises 12 requirements to protect payment…

Read more →

A study conducted among CISOs worldwide from various industries sheds light on their strategies amid a challenging threat environment, identifies obstacles from business functions, and highlights their requirements for achieving success. “Our research shows CISOs are motivated by a mission…

Read more →

Web properties are increasingly relying on third-party JavaScript to increase functionality, but this can also bring inherent risks. A report from Source Defense, which scanned the 4,300 highest-trafficked websites globally, found an average of four third-party scripts per page. Often,…

Read more →

Immuta announced new vulnerability risk assessment and dynamic query classification capabilities for the Immuta Data Security Platform. These new features enable customers to promptly identify and prioritize security gaps, protecting sensitive data based on the context and sensitivity levels. When…

Read more →

Seclore has released new Digital Asset Classification and Risk Insights capabilities delivering security risk visibility and insights for the most sensitive digital assets within the enterprise, such as intellectual property, and customer and employee personally identifiable information. “In today’s digital…

Read more →

Akamai launched Prolexic Network Cloud Firewall, allowing customers to define and manage their own access control lists (ACLs) while enabling greater flexibility to secure their own network edge. Prolexic is Akamai’s cloud-based DDoS protection platform that stops attacks before they…

Read more →

While those working in InfoSec and GRC have high levels of confidence in their cyber/IT risk management systems, persistent problems may be making them less effective than perceived, according to RiskOptics. The top challenges when implementing an effective cyber/IT risk…

Read more →

Accenture and Google Cloud announced an expansion of their global partnership to help businesses better protect critical assets and strengthen security against persistent cyber threats. Together, they are providing the technology, trusted infrastructure, and security expertise organizations need to build…

Read more →

NetRise announced $8 million in funding, led by Squadra Ventures, with participation by existing major investors Miramar Digital Ventures, Sorenson Ventures and DNX Ventures. NetRise has developed a cloud-based SaaS platform that analyzes and continuously monitors the firmware of Extended…

Read more →

Deep Instinct announced a new partnership with eSentire to protect eSentire customers from unknown and zero-day attacks. As ransomware and data exfiltration become more prevalent and damaging to businesses, the need for proactive cybersecurity has never been greater. Gartner projects…

Read more →

At RSA Conference 2023, Cyera has introduced new operational capabilities in its AI-powered data security platform, to help security teams stop data exfiltration and remediate sensitive data exposures in real time. The company’s Unified Data Explorer provides a way for…

Read more →

Cisco unveiled at the RSA Conference 2023 the latest progress towards its vision of the Cisco Security Cloud, a unified, AI-driven, cross-domain security platform. Cisco’s new XDR solution and the release of advanced features for Duo MFA will help organizations…

Read more →

SecurityScorecard announced at RSA Conference 2023 the launch of a security ratings platform that integrates with OpenAI’s GPT-4 system. With this natural language processing capability, cybersecurity leaders can find immediate answers to high priority cyber risks. The solution was developed…

Read more →

At RSA Conference 2023, Palo Alto Networks Unit 42 unveiled the expansion of its Digital Forensics and Incident Response (DFIR) global service to help organizations understand evolving threats quickly and take swift action to remediate them. The Global Digital Forensics…

Read more →

Even though the adoption of SaaS apps started more than ten years ago, CISOs are still finding it challenging to tackle the accumulated security debt. Significant deficiencies The prevalence of phishing and account takeover attacks has raised significant concerns, as…

Read more →

At the RSA Conference 2023, Thales introduced a new secrets management solution as part of its CipherTrust Data Security platform which unifies the discovery, classification, protection, and control of sensitive data across cloud, on-premises and hybrid environments. Thales’s new secrets…

Read more →

At RSA Conference 2023, Abnormal Security launched three new products focused on expanding security detection for Slack, Microsoft Teams and Zoom. The company is also extending the platform to better model identity behavior through the ingestion of signals from additional…

Read more →

VMware has unveiled new capabilities that deliver lateral security across multi-cloud environments so customers can better see and stop more threats and innovations to its Workspace ONE platform that will better enable organizations to secure their hybrid workforce. VMware Contexa,…

Read more →

At RSA Conference 2023, Ridge Security announced Ridge Security RidgeShield, an automated, cloud workload protection and testing solution. As organizations increasingly move their workloads to the cloud, they face new and complex security challenges that traditional security solutions are not…

Read more →

Google has made available a new tool for Google Workspace admins and security teams to make an assessment of the risk different Chrome extensions may present to their users: Spin.AI App Risk Assessment. The tool is available through the Chrome…

Read more →

GrammaTech and ArmorCode announced a technology integration partnership to help customers automate product security across development, testing, feedback and deployment. The GrammaTech CodeSonar SAST (static application security testing) platform provides deep safety and security vulnerability intelligence to ArmorCode for orchestrating…

Read more →

AWS has unveiled three new capabilities for Amazon GuardDuty, AWS’s threat detection service, that further strengthen customer security through expanded coverage and continuous enhancements in machine learning, anomaly detection, and integrated threat intelligence. GuardDuty is part of a broad set…

Read more →

IBM unveiled at the RSA conference 2023, its new Security QRadar Suite designed to unify and accelerate the security analyst experience across the full incident lifecycle. The IBM Security QRadar Suite represents a major evolution and expansion of the QRadar…

Read more →

An unauthenticated RCE flaw (CVE-2023-27350) in widely-used PaperCut MF and NG print management software is being exploited by attackers to take over vulnerable application servers, and now there’s a public PoC exploit. About the vulnerability According to PaperCut, the attacks…

Read more →

Cyberattackers leveraged more than 500 unique tools and tactics in 2022, according to Sophos. The data, analyzed from more than 150 Sophos Incident Response (IR) cases, identified more than 500 unique tools and techniques, including 118 “Living off the Land”…

Read more →

MITRE is launching its MITRE Caldera for OT tool, which allows security teams to run automated adversary emulation exercises that are specifically targeted against operational technology (OT). At RSA Conference 2023, MITRE is also showcasing its Infrastructure Susceptibility Analysis (ISA)…

Read more →

Arista Networks announced at the RSA Conference 2023 a cloud-delivered, AI-driven network identity service for enterprise security and IT operations. Based on Arista’s flagship CloudVision platform, Arista Guardian for Network Identity (CV AGNI) expands Arista’s zero trust networking approach to…

Read more →

IBM unveiled at the RSA conference 2023, its new Security QRadar Suite designed to unify and accelerate the security analyst experience across the full incident lifecycle. The IBM Security QRadar Suite represents a major evolution and expansion of the QRadar…

Read more →

In this Help Net Security video interview, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, discusses the 12th annual Cybersecurity Insights Report, released at RSA Conference 2023. This comprehensive survey aims to provide insights into the current state of…

Read more →

As digital transformation revolutionizes the healthcare industry, its use of API (application programming interfaces) technology is skyrocketing. APIs, which help users and apps interact and exchange information, are essential tools for healthcare systems striving to achieve greater interoperability. The ability…

Read more →

Phishing scams are a growing threat, and cybercriminals’ methods are becoming increasingly sophisticated, making them harder to detect and block, according to Zscaler report. The report found that a majority of modern phishing attacks rely on stolen credentials and outlined…

Read more →

The lack of visibility into the software supply chain creates an unsustainable cycle of discovering vulnerabilities and weaknesses in software and IT systems, overwhelming organizations, according to Lineaje. Diversity and complexity of the open-source community Lineaje Data Labs analyzed 41,989…

Read more →

As user credentials continue to be a top vector for cyberattacks, organizations are under tremendous pressure to rethink the effectiveness of current authentication initiatives, according to SecureAuth. Additionally, cyber insurance carriers are requiring companies to demonstrate strong controls over authentication…

Read more →

Cybercriminals around the world are using generative artificial intelligence (AI) to execute malicious attacks that can take down companies and governments. SentinelOne plans to use the same technologies to defeat them. The company has unveiled a threat-hunting platform that integrates…

Read more →

The National Cybersecurity Alliance (NCA) launched their Historically Black Colleges and Universities Scholarship Program. Established in partnership with One In Tech, an ISACA Foundation, the initiative will provide support to individuals who are currently underrepresented in the industry by ensuring…

Read more →

At RSA Conference 2023, the key theme for Mend is automation. Their focus is on helping people put their application security programs on autopilot. They encourage and enable the automation of as much of AppSec as possible because the manual…

Read more →

At RSA Conference 2023, Akamai Technologies unveiled Brand Protector, a new solution that detects and disrupts phishing sites, fake stores, and brand impersonations. Brand Protector enables organizations to retain and grow customer loyalty while minimizing loss, drops in productivity and…

Read more →

Flashpoint has released Ignite, a new intelligence platform that accelerates cross-functional risk mitigation and prevention across CTI, vulnerability management, national security, and physical security teams. Ignite combines Flashpoint’s intelligence with an integrated user experience to help organizations streamline workflows, find…

Read more →

D3 Security will unveil its MSSP Client Portal this week at the 2023 RSA Conference. The MSSP Client Portal is a one-stop shop for managed security service providers (MSSPs) and their clients to manage interactions and share information. Taking inspiration…

Read more →

Pieces of the 3CX supply chain compromise puzzle are starting to fall into place, though we’re still far away from seeing the complete picture. In the meantime, we now also know that: The source of the 3CX breach was a…

Read more →

Global median dwell time drops to just over two weeks, reflecting the essential role partnerships and the exchange of information play in building a more resilient cybersecurity ecosystem, according to Mandiant. Modern cyber defense capabilities The report reveals the progress…

Read more →

At RSA Conference 2023, Trellix announced it has expanded its Threat Intelligence portfolio to increase threat expertise and actionable intelligence to help global customers stay ahead of cyber adversaries. The new offerings include Vulnerability Intelligence and Trellix Intelligence as a…

Read more →

VMware has fixed two vulnerabilities (CVE-2023-20864, CVE-2023-20865) in VMware Aria Operations for Logs (formerly vRealize Log Insight), a widely used cloud solution for log analysis and management. About the vulnerabilities (CVE-2023-20864, CVE-2023-20865) CVE-2023-20864, a deserialization vulnerability, could be exploited by…

Read more →

Product security has been driving major changes throughout the automotive, medical, and industrial sectors. However, just a few short years ago, it was a term few knew and even less considered its own discipline. Slava Bronfman, Co-Founder & CEO of…

Read more →

Resecurity is excited to announce its participation at RSA Conference 2023, the cybersecurity event that brings together industry leaders and professionals to share knowledge and insights on the latest trends, threats, and solutions. The event will take place from April…

Read more →

More than ever, organizations are relying on third parties to streamline operations, scale their business, expand and leverage expertise, and reduce costs. In the complex and fast-moving world of cybersecurity-meets-regulations, working with third parties requires diligent third-party risk management oversight…

Read more →

Although interest in passwordless technology, which aims to eliminate the need for passwords, is relatively low, 65% of consumers are receptive to using new technology that simplifies their lives, according to 1Password. Passkeys, the newest and most secure passwordless technology,…

Read more →

Critical exposures outside of an organization’s firewall are the greatest source of cybersecurity threats, according to CybelAngel. Across all industries, these vulnerabilities, composed of unprotected or compromised assets, data and credentials, have proven to be an increasing challenge for organizations…

Read more →

Due to the increasing importance of multi-cloud and the intricate nature of cloud infrastructure, obtaining a comprehensive understanding of the various cloud workloads operating within your system, and ensuring their security, can be challenging. In this Help Net Security video,…

Read more →

Ransomware operators have been increasingly launching frequent attacks, demanding higher ransoms, and publicly exposing victims, leading to the emergence of an ecosystem that involves access brokers, ransomware service providers, insurance providers, and ransom negotiators, according to Deepwatch. Evolving threats The…

Read more →

Expel has released Expel Vulnerability Prioritization, a new solution that highlights which vulnerabilities pose the greatest risk, so organizations can take immediate, informed action. The solution empowers security teams to understand their most urgent risk areas within their detection and…

Read more →

Patented.ai has released its introductory tool, LLM Shield that allows companies to safeguard their most sensitive data – proprietary source code, private customer information, unreleased financial data, legal documents, board reports and more – from large language models (LLM), such…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Balancing cybersecurity with business priorities: Advice for Boards In this Help Net Security interview, Alicja Cade, Director, Financial Services, Office of the CISO, Google Cloud,…

Read more →

The last decade of digital transformation has turned most organizations today into true digital businesses. But the effectiveness and economics of cloud operating models have become top concerns. How to best secure, optimize, and automate hybrid cloud environments in the…

Read more →

Onapsis has unveiled a series of new product updates for the Onapsis Platform. Enriched with the threat intelligence, the Onapsis Platform further simplifies business application security for CISOs and CIOs alike with a new Security Advisor, new updates to its…

Read more →

Next DLP has unveiled the addition of ChatGPT policy templates to the company’s Reveal platform, which uncovers risk, educates employees and fulfills security, compliance, and regulatory needs. The launch of these new policy templates is in response to the dramatic…

Read more →

Virsec has unveiled a suite of capabilities that automates the path to zero trust workload protection to increase the speed of protection, stopping attacks—including zero-days—in milliseconds. Its distinctive feature-set strikes the right balance between granular control, ease of onboarding, and…

Read more →

Fraudsters are taking advantage of the widening fraud knowledge gap, outlining the urgent need for banks to educate and protect their customers with technology, according to Feedzai. The report reveals that while 56% of respondents have been a victim of…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Armorblox, Cofense, D3 Security, Sotero, Venafi, Veracode, Versa Networks, and Zyxel Networks. Zyxel SCR 50AXE boosts network security for small businesses and remote workers The…

Read more →

There was a time, not too long ago, when most IT leaders believed shadow IT was a negligible element in their companies. They felt their IT organizations were so in control of what applications were purchased and who was granted…

Read more →

Bugcrowd has released new capabilities in its Penetration Testing as a Service (PTaaS) offering that enables buyers to purchase, set up, and manage pen tests directly online without a need for lengthy sales calls and scoping sessions. PTaaS is one…

Read more →

Cofense has released Cofense Protect+, a fully integrated and automated email security solution specifically designed to protect mid-size organizations from ever-evolving cyber threats. Today’s mid-market organizations are faced with growing attack surfaces and email threats that are increasing in complexity.…

Read more →

Armorblox has released its newest product, Graymail and Recon Attack Protection, developed to decrease the time security teams spend managing graymail and mitigate the security risks from malicious recon attacks. This is in addition to the announcement of new capabilities…

Read more →

Sotero has launched Sotero Ransomware Protection, giving organizations the ability to proactively protect unstructured data from attack by utilizing behavior-based detection. Most currently available ransomware solutions use a signature-based approach that detects only currently known ransomware strains – a method…

Read more →

47% of employees report feeling stressed in their everyday life, but nearly 70% believe their employer would support them in a time of need, according to Mercer Marsh Benefits. The report surveyed over 17,500 employees in 16 markets across the…

Read more →

Talon Cyber Security has integrated the Talon Enterprise Browser with Microsoft Azure OpenAI Service to provide enterprise-grade ChatGPT access to customers. “The productivity gains that ChatGPT enables for organizations are too game changing for us to not make an enterprise-level…

Read more →

Dashlane has unveiled an integration of AWS Nitro Enclaves into its security architecture, starting with the launch of Dashlane Confidential SSO in public beta. Leveraging AWS Nitro Enclaves to create isolated computing environments to further protect and securely process highly…

Read more →

Intruder has joined the Google Cloud Partner Advantage program as a technology partner, giving organisations the ability to easily monitor their cloud systems for potential security breaches and vulnerabilities. As part of the collaboration, customers are able to connect Intruder…

Read more →

Orange Cyberdefense has been selected to carry out cyber crisis management exercises by the GIP SESAN (Groupement Régional d’Appui au Développement de l’eSanté d’Île-de-France) and by CAIH (Centrale d’Achat de l’Informatique Hospitalière) to support healthcare players in the region. These…

Read more →

Too many people have access to company data they don’t need. Also, too many companies focus on authentication (verifying identity) as a security measure and overlook the importance of authorization (verifying right to access). While it’s important to give employees…

Read more →

Almost all IT and security leaders (96%) globally are concerned their organization will be unable to maintain business continuity following a cyberattack, according to Rubrik. Data security is becoming increasingly complex Data security is becoming increasingly complex and the datasets…

Read more →

A recent Code42 report reveals a rapidly growing number of inside risk incidents and a concerning lack of training and technology, further exacerbated by increasing workforce turnover and cloud adoption. In this Help Net Security video, Joe Payne, President at…

Read more →

Venafi has introduced Venafi Firefly, the lightweight machine identity issuer that supports highly distributed, cloud native environments. Part of the Venafi Control Plane for Machine Identities, Firefly enables security teams to easily and securely meet developer-driven machine identity management requirements…

Read more →

NICE Actimize has launched its Suspicious Activity Monitoring (SAM-10) solution. Built to detect more suspicious activity while reducing false positives, NICE Actimize’s SAM-10 introduces enhancements to its anti-money laundering solution, incorporating multiple layers of defense which strengthen the others and…

Read more →

Picus Security has announced the expansion of its continuous threat exposure management (CTEM) solution to help CISOs better answer the question: “what is our cyber risk?”. The company’s new capabilities – Picus Cyber Asset Attack Surface Management (CAASM) and Picus…

Read more →

Worldwide IT and business services revenue is expected to grow (in constant currency) from $1.13 trillion in 2022 to $1.2 trillion in 2023, or 5.7% year-over-year growth, according to IDC. In nominal dollar-denominated revenue based on today’s exchange rate, the…

Read more →

Organizations experienced a significant increase in ransomware – from an average of four attacks over five years in 2021 versus four attacks over the course of one year in 2022, according to ExtraHop. Of those who fell victim, 83% admitted…

Read more →

Tentacle has announced Tentacle AI Control Mapping; a machine learning and natural language processing-fueled feature expected to transform an organization’s ability to centralize and leverage critical cyber security information. AI Control Mapping is the first of a series of machine…

Read more →

VMware has unveiled VMware Cross-Cloud managed services, a set of prescriptive offers with enhanced partner and customer benefits that will enable skilled partners to expand their managed services practices. Cross-Cloud managed services will make building managed services faster for partners…

Read more →

Daon has unveiled TrustX, its next-generation cloud-based platform for identity proofing and authentication to support the creation and deployment of user journeys across their entire digital identity lifecycle. Daon TrustX is optimized by artificial intelligence (AI) and machine learning (ML)…

Read more →

Oracle is introducing new capabilities across Oracle Fusion Cloud Applications Suite that help customers accelerate supply chain planning, increase operational efficiency, and improve financial accuracy. The updates include new planning, usage based pricing, and rebate management capabilities within Oracle Fusion…

Read more →

Digi International has released its latest value-added service — Digi WAN Bonding — to deliver true Gigabit speeds for enhanced network performance. This solution, which is fully integrated into the Digi technology stack, also improves Internet reliability and increases bandwidth…

Read more →

LogRhythm and Zscaler work together to help organizations around the globe increase network insight and address a variety of cloud access security challenges faced by the modern SOC. LogRhythm SIEM and the Zscaler Zero Trust Exchange platform provide visibility and…

Read more →

Looking at configuration data, 56% of decommissioned routers disposed of and sold on the secondary market contained sensitive corporate data, according to ESET. Of the networks that had complete configuration data available: 22% contained customer data 33% exposed data allowing…

Read more →

As cyberattacks increase in frequency and sophistication, small and medium-sized businesses (SMBs) become more vulnerable to cyber threats. Unlike larger enterprises, SMBs often lack the financial and technical resources to secure their networks and data against malicious actors effectively. With…

Read more →

Healthcare, manufacturing, and utilities are suffering long-term financial impact of major cyber attacks, according to ThreatConnect. “With the National Cyber Strategy coming out of the White House focusing on decreasing cyber risk from critical infrastructure and the new SEC Cyber…

Read more →

Destructive ransomware attacks impact enterprises, governments, airlines, hospitals, hotels, and individuals, causing widespread system downtime, economic loss, and reputational damage. In this Help Net Security video, AnnMarie Nayiga, Lead MDR Analyst at Malwarebytes, talks about the dangers of ransomware reinfection.…

Read more →