Tag: Help Net Security

Mention IT security, and most people immediately think of software-based protections against software-based threats: ransomware, viruses, and other forms of malware. But recognition of the importance of hardware security—upon which all software security is built—is (thankfully) also growing. Established hardware…

Read more →

Versa Networks launched Versa Zero Trust Everywhere, delivering zero trust security for both remote and on-premises users, with optimized user-to-application performance. Hybrid cloud and hybrid work have changed where and how users work, challenging organizations to find ways to secure…

Read more →

With cybersecurity teams struggling to manage the remediation process and monitor for vulnerabilities, organizations are at a higher risk for security breaches, according to Cobalt. As enterprises prioritize efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures…

Read more →

Veracode launches Veracode Fix, a new AI-powered product that suggests remediations for security flaws found in code and open-source dependencies. Shifting the paradigm from merely ‘find’ to ‘find and fix’ “For far too long, organizations have had to choose between…

Read more →

Phylum has added Open Policy Agent (OPA) and continuous reporting to its policy engine. Customers now have more flexibility when creating and enforcing custom policies, and can show compliance with key software supply chain frameworks, regulations and guidelines. “We built…

Read more →

Armis enhanced its Cybersecurity Asset Attack Surface Management (CAASM) Solution giving security teams’ abilities to overcome asset visibility and exposure challenges. Security teams will be able to improve their overall security position by ensuring security controls, security posture, and asset…

Read more →

LastPass has unveiled LastPass University, a training platform featuring live and on-demand coursework to help business administrators, their end users and partners deepen their LastPass product knowledge and password management skills. LastPass University training modules range from basic to comprehensive,…

Read more →

Edgio has released Advanced Bot Management solution that proactively mitigates a wide range of evolving malicious bots while providing observability into good bots. Leveraging massive amounts of data continuously drawn from the platform’s extensive global deployment, Advanced Bot Manager applies…

Read more →

Styra has appointed Mark Pundsack as CEO, effective immediately. Pundsack brings more than thirty years of experience to the role with deep expertise in the software development industry, where he has spent much of his career leading product development teams…

Read more →

DigiCert has unveiled its new unified partner program, designed to provide partners with a comprehensive portfolio that delivers digital trust for the real world. The new program includes more sales motions for all partner types; training, support and tools that…

Read more →

Allurity has closed the acquisition of two new cybersecurity companies, CloudComputing and Securix. The former brings a complete and robust offering in identity, zero trust and information security. The latter adds substantial reinforcement in the areas of identity security, observability…

Read more →

Swimlane announced a strategic partnership with AWS, bringing the power of security automation to AWS environments via a cost-effective solution. The company today also announced Swimlane Turbine is now a cloud-native platform, helping customers automate responses to security data, which…

Read more →

Korea Trade-Investment Promotion Agency (KOTRA) will host 10 Korean cybersecurity companies as Korea Pavilion with Korea Information Security Industry Association (KISIA) at RSA Conference 2023. KOTRA and KISIA will feature companies from across a range of fields including network security,…

Read more →

A well-tuned data breach playbook can provide security teams with a clear roadmap for working through the breach response process. Foreseeing every possible twist and turn of a breach may be impossible, but through extensive wargaming, teams can simulate diverse…

Read more →

In this Help Net Security video, Michael Peters, Principal Software Engineer at Red Hat, discusses how to implement a zero-trust system that uses workload identity across a service mesh in Kubernetes to provide explicit authorization between services, as well as…

Read more →

Within the largest financial institutions, insurers, and retailers, the rise and adoption of AI, an impending recession, and the return of pre-pandemic fraud techniques are driving record rates of fraud attacks for consumers and enterprises alike, according to Pindrop. Researchers…

Read more →

In today’s rapidly evolving technological landscape, it’s more important than ever for Boards and executives to stay informed about the latest advancements and potential risks in technology and digital capability. In this Help Net Security interview, Alicja Cade, Director, Financial…

Read more →

D3 Security has launched its Smart SOAR platform, which expands beyond traditional SOAR with hyperscalable, risk-based autonomous triage and incident remediation across the entire stack. The new capabilities of Smart SOAR build on D3 Security’s designed and maintained integrations, which…

Read more →

Recent warnings by the FBI and FCC have highlighted the risks associated with using public USB chargers. Hackers have created ways to use public USB ports to introduce malware and monitoring software onto the phones of unsuspecting users. Battery Bird‘s…

Read more →

Zyxel Networks enhanced network security and productivity for small and home office users and remote workers with the launch of SCR 50AXE AXE5400 Tri-band WiFi 6E Secure Cloud-managed Router. The new business-class router delivers security and high-performance WiFi 6E as…

Read more →

Imperva and Fortanix signed a partnership agreement, and have each joined the other’s strategic partner program. This partnership brings together two innovative and trusted cybersecurity companies focused on multicloud data protection. The joint offerings from Imperva and Fortanix will provide…

Read more →

lockr has raised $2.5M in pre-seed funding. Mozilla Ventures, Junction Venture Partners, and Grit Capital Partners participated, along with individuals from the digital publishing and data industries. Founded by Keith Petri, an experienced data management executive with two prior 8-figure…

Read more →

Mobb has raised $5.4M in seed funding led by Angel Investor Ariel Maislos and joined by MizMaa Ventures, Cyber Club London and additional investors from US, EU, and Israel. The company has also launched a free community version that allows…

Read more →

With the economy experiencing instability and decline, organizations rely on their technology experts to maintain their innovative edge and generate business value. Despite being instructed to reduce expenses by 65% of the technology team leaders, 72% still intend to boost…

Read more →

Fraudsters are underestimating the power of AI to detect fake IDs, according to a new report from Ondato. Based on an analysis of millions of ID verifications carried out for its customers in 2022, Ondato found that ID cards were…

Read more →

Across all BEC attacks seen over the past year, 57% relied on language as the main attack vector to get them in front of unsuspecting employees, according to Armorblox. In other trends to watch, vendor compromise and fraud are rising…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Making risk-based decisions in a rapidly changing cyber climate In this Help Net Security interview, Nicole reveals the three key indicators she uses to assess…

Read more →

Snowflake has launched the Manufacturing Data Cloud, which enables companies in automotive, technology, energy, and industrial sectors to unlock the value of their critical siloed industrial data by leveraging Snowflake’s data platform, Snowflake- and partner-delivered solutions, and industry-specific datasets. The…

Read more →

CYFIRMA has raised a Pre-Series B round funding from venture fund OurCrowd and Larsen & Toubro’s L&T Innovation Fund. With this, these firms join CYFIRMA’s existing investors Goldman Sachs, Zodius Capital, and Z3 Partners. With the closing of this round,…

Read more →

Khoros and Cerby new partnership allows brands to launch, manage, and analyze their social media profiles quickly and securely from the Khoros platform. Cerby brings security features such as single sign-on (SSO) directly into social accounts and ad accounts for…

Read more →

Tentacle announced a SOC 2 partnership with Oread Risk & Advisory to help organizations achieve SOC 2 reporting goals and establish long-term security infrastructure. With Tentacle’s release of the indexed SOC 2 security framework earlier this year, organizations have access…

Read more →

UltraViolet Cyber has unveiled its launch to provide organizations across the globe with a streamlined approach to address the ever-expanding cyber threat. Created through the combination of four pioneering firms — Metmox, Mosaic451, Stage 2 Security, and W@tchTower — UltraViolet Cyber…

Read more →

Daon is expanding its IdentityX to the healthcare industry to enable organizations to safeguard identities for providers, staff, and patients. As the healthcare industry continues to digitize sensitive healthcare online information, cyber attacks increase and new regulations are established, Daon’s…

Read more →

Cobalt Iron has updated its Compass enterprise SaaS backup platform with new data governance capabilities comprising policy-based controls and an approval framework for decommissioning systems and deleting data. The automation and policy-based discipline for system decommissioning and associated data deletion…

Read more →

Votiro has integrated with Sumo Logic to enable reliable and secure cloud-native applications. Users can now send high-fidelity data and insights discovered by Votiro Cloud into the Sumo Logic Cloud SIEM console. Enterprises are relying on collaboration platforms, cloud workloads…

Read more →

Riskified has unveiled its partnership with Deloitte to empower merchants with real-time insight into how their chargebacks, approval rates and fraud costs compare to similar companies in their space. This benchmarking service is helping retailers formulate a scorecard that can…

Read more →

Thales has joined forces with around twenty deep tech, academic and industry partners, as part of the EuroQCI initiative (European Quantum Communication Infrastructure), which aims to deploy a quantum communication infrastructure for EU member states within three years. By 2040,…

Read more →

WhatsApp will be rolling out three new security features in the coming months, to provide users with increased privacy and control over their messages and to help prevent unauthorized account access and takeover. The new features The first feature is…

Read more →

Cybercriminals have been leveraging social engineering techniques to impersonate the popular US-based digital payments network Zelle and steal money from unsuspecting victims, according to Avanan. The fake Zelle email (Source: Avanan) The phishing email The spoofed email is cleverly crafted…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from BigID, Binarly, Cynalytica, GitGuardian, Netskope, Searchlight Cyber, ThreatX, and Wazuh. Cynalytica OTNetGuard provides visibility into critical infrastructure networks Cynalytica has launced its Industrial Control System…

Read more →

How are data teams conquering the complexity of the modern data stack? Unravel Data has asked 350+ data scientists, engineers, analysts, and others who rely upon real-time data insights for decision-making to share their practices. “For the third year in…

Read more →

On average, organizations store 61% of their sensitive data in the cloud, and most have experienced at least one cybersecurity breach (90%), threat (89%) and/or theft of data (80%), with 75% experiencing all three, according to Skyhigh Security. Overall, the…

Read more →

The illicit market for crypto giveaway scams has expanded, offering various services to facilitate fraudulent activity. The proliferation of fake crypto giveaways can be attributed to the increased availability of tools for scammers, even those with limited technical skills. In…

Read more →

Cymulate has expanded its Attack Surface Management (ASM) solution to close gaps between traditional vulnerability management and ASM. Organizations will now have advanced capabilities to easily visualize risky exposures across hybrid environments. The company achieves this by extending its coverage…

Read more →

Cerbos has released Cerbos Cloud, a managed service offering for Cerbos. Cerbos is an open source authorization layer to easily implement roles and permissions in software applications. It separates authorization logic from the core application code, making the authorization layers…

Read more →

Code42 Software has offered a complete set of response controls to allow security teams to respond to all levels of risk, ranging from unacceptable high risk that must be blocked to the most prevalent user mistakes that require correction. Instructor…

Read more →

Entrust is supporting organizations’ zero trust journey with new foundational identity, encryption, and key management solutions. “Zero trust approaches are reshaping security in a perimeter-less world. While the conversation often starts with identity and network access, organizations are quickly finding…

Read more →

Qwiet AI has released a suite of targeted AppSec and DevSecOps services that help companies address their security function needs without sacrificing time and budget. “We often hear of the notion of doing more with less. However, in today’s environment…

Read more →

DirectDefense has partnered with Claroty which empowers organizations with visibility, protection, and threat detection to secure their Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments. As digital transformation efforts have intensified…

Read more →

SentinelOne has unveiled integrations with key industry players Aruba, Checkpoint, Cisco, Darktrace, Extrahop, Fortinet, Palo Alto Networks and an enhanced collaboration with Vectra AI which expand the company’s firewall and NDR capabilities, and will allow organizations of all sizes to…

Read more →

Google has announced the Google Cloud Assured Open Source Software (Assured OSS) service, which aims to be a trusted source of secure open source packages, and the deps.dev API, which provides access to security metadata for 50+ million open source…

Read more →

To combat the surge of fake LinkedIn accounts in recent years, Microsoft has introduced Entra Verified ID, a new feature that allows users to verify their workplace on the business-focused social media platform. Verified ID automates verification of identity credentials…

Read more →

It used to be that people were the greatest cybersecurity vulnerability, but this is no longer true. The rise of the internet made people more connected than ever. Attackers capitalized on that fact and targeted employees directly to gain access…

Read more →

With over one billion websites worldwide, HTTP/HTTPS application-layer attacks have increased by 487% since 2019, with the most significant surge in the second half of 2022, according to NETSCOUT. The dynamic nature of the DDoS threat landscape Much of the…

Read more →

For the fifth consecutive month, IDC has lowered its 2023 forecast for worldwide IT spending as technology investments continue to show the impact of a weakening economy. 2023 forecast for worldwide IT spending In its monthly forecast for worldwide IT…

Read more →

Access control has become a main concern when it comes to developing secure web applications, and the NSA has a lot to say about it. Especially when it comes to the biggest access management pitfall developers make. In 2021 OWASP…

Read more →

Regula has redesigned Face SDK face liveness detection technology and offers a balance between a simple UX and high reliability by using the zero-trust concept. Every session has its own unique parameters that cannot be reused by fraudsters for tampering,…

Read more →

Binarly has released the Binarly Transparency Platform, delivering transparency for device supply chains enabling device manufacturers and endpoint protection products to analyze both firmware and hardware to identify vulnerabilities, misconfigurations, and malicious code implantation. The Binarly Transparency Platform is designed…

Read more →

Searchlight Cyber has launched Stealth Browser, a virtual machine for cyber professionals to access the dark web and conduct investigations anonymously, without risk to themselves or their organization. Stealth Browser is an enhancement to Searchlight’s Cerberus investigation platform, which is…

Read more →

Fleet has revealed a new programmable MDM, designed to give medium-to-large organizations control of remote workstation security with unsurpassed GitOps and workflow automation. Fleet’s availability as an open-source MDM not only makes it more accessible to organizations working to reduce…

Read more →

CloudCasa by Catalogic launched CloudCasa for Velero, a new offering that combines the simplicity of the service and its advanced cloud awareness with the benefits of Velero. CloudCasa for Velero gives enterprises and service providers the ability to scale their…

Read more →

The Edgio Applications Platform v7 new integrated performance and security features are designed to increase organizational revenues and accelerate developer team velocity through better website performance and multi-layer security. Through the integrated, unified platform, Edgio reduces the need for multiple…

Read more →

Wazuh launched Wazuh 4.4, the latest version of its open source security platform. The latest version adds multiple new features, including IPv6 support for the enrollment process and agent-manager connection, and support for Azure integration within Linux agents. Today’s leading…

Read more →

Cynalytica has launced its Industrial Control System (ICS/SCADA) monitoring sensor, OTNetGuard, that passively and securely captures analog, serial, and IP communications closing the capabilities gap in complete monitoring of OT networks. With the increasing frequency and sophistication of cyberattacks targeting…

Read more →

Rezonate’s ITDR offering detects and responds to active identity threats using both common and sophisticated techniques missed by traditional IAM solutions and endpoint controls. The continuous changes in identities and access privileges across multiple tools and teams at every stage…

Read more →

Armis has formed a strategic partnership and integration with TrueFort to empower customers by enriching the discovery, understanding, and enforcement of security policies for IT, Internet of Things (IoT), and operational technology (OT) environments. “Customers have shared with us just…

Read more →

Syncro has launched a new agreement with Proofpoint to enable Syncro’s MSP partners to offer their customers access to Proofpoint’s email security and security awareness training solutions. “This reseller agreement not only allows our MSPs to give their customers superior…

Read more →

The Cloud Security Alliance (CSA) has announced that registration has opened for the CSA Summit 2023: Mission Critical (San Francisco, April 24) held in conjunction with the RSA Conference. Tima Soni, Chief and Head of the Valencia office of the…

Read more →

Concentric AI has launched its new channel partner program which is aimed at enabling partners’ growth and success delivering the leading solution in the rapidly expanding AI-powered data risk management market to improve customers’ security posture. With Concentric AI’s partner…

Read more →

Raytheon Technologies’ BBN division and SpiderOak have formed a strategic partnership to develop and field a new generation of zero-trust security systems for satellite communications in proliferated low-Earth orbit, or pLEO. SpiderOak’s OrbitSecure solution will be combined with Raytheon BBN’s…

Read more →

The Connectivity Standards Alliance released Zigbee PRO 2023 of the Zigbee protocol stack. The revision brings several enhancements and new features to the technology, allowing mesh networks to have a universal language that enables smart objects to work together. What’s…

Read more →

Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API encryption keys, passwords, and certificates. The vulnerability was an SQL injection vulnerability that potentially could lead to…

Read more →

The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. What happened? The breach did not happen due to a vulnerability. Instead, an unknown attacker used the account of a…

Read more →

3CX has released an interim report about Mandiant’s findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting cryptocurrency companies. They discovered that: The attackers infected targeted 3CX systems with TAXHAUL (aka…

Read more →

GitGuardian launched its new Honeytoken module, providing intrusion detection, code leakage detection and helping companies secure their software supply chains against attackers targeting Source Control Management (SCM) systems, Continuous Integration Continuous Deployment (CI/CD) pipelines, and software artifact registries. “Honeytoken is…

Read more →

The CISO role is currently fraught with novel challenges and escalating workloads. This includes increased paperwork and time spent on risk assessments, which have surged from two to thirty hours per assessment. Furthermore, privacy regulations are expanding, and CISOs are…

Read more →

Cybersecurity threats to organizations are only increasing, not only in number but in scope, according to Team Cymru. The true cost of cyber breaches Proactive threat hunting helps organizations save money by preventing security breaches and reducing the impact of…

Read more →

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to Red Access.…

Read more →

The Qualys Threat Research Unit (TRU) has been hard at work detecting vulnerabilities worldwide, and its latest report is set to shake up the industry. In this Help Net Security interview, Travis Smith, VP of the Qualys TRU, talks about…

Read more →

Netskope unveiled its brand new Endpoint SD-WAN to provide secure, optimized access to endpoint devices from anywhere. Netskope Endpoint SD-WAN will leverage the industry’s first software-based unified SASE client, converging SD-WAN and Security Service Edge (SSE) capabilities so organizations can…

Read more →

AutoRABIT has enhanced their data and metadata security offerings by refining existing products, adding new features, and emphasizing the importance of a full-featured approach to Salesforce DevSecOps. Security continues to be an increasingly difficult consideration. The advent of tools being…

Read more →

11:11 Systems has revealed general availability of 11:11 Managed SteelDome in partnership with SteelDome Cyber. The fully managed service is designed for organizations in need of secure, scalable and cost-efficient storage of their unstructured, on-premises data. Leveraging SteelDome’s InfiniVault application…

Read more →

Xerox has unveiled new and upgraded solutions to improve productivity and security for hybrid workers. These include technologies designed for any organization to advance user experience, make the office a highly productive workplace choice, and enhance security wherever work happens.…

Read more →

In his role as Trelix’s CMO, Ash Parikh will lead global marketing teams to drive brand awareness, demand generation, and go-to-market strategies of the XDR market leader. “Trellix’s XDR platform is helping our customers bolster their cybersecurity programs,” said Bryan…

Read more →

Flashpoint has expanded its partnership with Google Cloud to deploy next-generation intelligence solutions, including generative AI, within the Flashpoint product suite. This initiative will revolutionize how organizations detect security threats and reduce risk, in support of better, faster, and more…

Read more →

It’s April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day (CVE-2023-28252). About CVE-2023-28252 CVE-2023-28252 is a vulnerability in the Windows Common Log File System (CLFS) that allows attackers to gain SYSTEM…

Read more →

Sextortion victims are already in a vulnerable position, and shady companies are taking advantage of this vulnerability to offer “sextortion assistance” services for huge sums – services that they may be unable to render or that won’t help the victims…

Read more →

BigID launched ML-powered solution for finding duplicate and similar data content. The innovative technology uses AI to locate both similar and duplicate data on any data set, enabling organizations to identify duplicate data as well as redundant, obsolete, or trivial…

Read more →

Syxsense has released new updates to the Syxsense product suite designed to extend automated workflow capabilities, improve usability, and enhance overall platform security. Key to this release is the introduction of Cortex Sequences, which uses the power of automation to…

Read more →

ThreatX has unveiled ThreatX Runtime API & Application Protection (RAAP). This patent-pending capability goes beyond basic observability to extend threat detection, tracking and blocking to customers’ runtime environments, without slowing developers or requiring expertise in cloud-native applications. As organizations transition…

Read more →

Apple has pushed out security updates that fix two actively exploited zero-day vulnerabilities (CVE-2023-28205, CVE-2023-28206) in macOS, iOS and iPadOS. Reported by researchers Clément Lecigne of Google’s Threat Analysis Group (TAG) and Donncha Ó Cearbhaill, the head of Amnesty International’s…

Read more →

While applications like Slack and Teams have transformed how we collaborate and communicate, cybersecurity training has not kept pace with these advancements. Most security training is still being delivered through web-based learning management systems, according to CybSafe. Often, important security…

Read more →

Nicole Darden Ford is Global VP & CISO at Rockwell Automation. As the company’s cybersecurity leader, Nicole is entrusted to protect enterprise IT assets with scalable, future-ready platforms that enable the business. In addition to building cybersecurity programs for organizations…

Read more →

Adversaries don’t need to use sophisticated methods to gain access to enterprise systems or to deploy ransomware – they can just buy or steal credentials and log in. By burdening users with the near-impossible task of maintaining “secure passwords,” businesses…

Read more →

As criminal groups increase in size, they adopt corporate-like behavior, but this shift brings about its own set of challenges and costs, according to Trend Micro. “The criminal underground is rapidly professionalizing – with groups beginning to mimic legitimate businesses…

Read more →

Data Subject Requests (DSRs), which are formal requests made by individuals to access, modify, or delete their personal data held by a company, increased by 72% from 2021 to 2022. The increase was primarily driven by deletion and access requests,…

Read more →

MSPs are focusing on automation and integration between their core tools to improve efficiency, service delivery and cost management, according to Kaseya. Automation, cybersecurity and integration About 90% of respondents hailed automation as a crucial technology for their business because…

Read more →

People reveal more personal information when you ask them the same questions a second time – according to new research from the University of East Anglia. A new study reveals how simple repetition can make people over-disclose, and potentially put…

Read more →

Global 5G wireless connections increased by 76% from the end of 2021 to the end of 2022, reaching up to 1.05 billion, and it will touch a mark of 5.9 billion by the end of 2027, according to Omdia and…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Passbolt: Open-source password manager for security-conscious organizations In this Help Net Security interview, Kevin Muller, CEO at Passbolt, delves into the critical concerns linked to…

Read more →