Tag: Help Net Security

Phishing attacks have become increasingly prevalent and sophisticated, making it more difficult for individuals to protect themselves from these scams. In this Help Net Security video, Ofek Ronen, Software Engineer at Perception Point, discusses two-step phishing attacks, which are not…

Read more →

Unpatched vulnerabilities are responsible for 60% of all data breaches. The Department of Homeland Security has estimated that the proportion of breaches stemming from unpatched flaws may be as high as 85%. Timely patching is an important aspect of managing…

Read more →

While 93% of CIOs expect an increase in IT budgets for 2023, 83% of them are feeling pressured to stretch their budgets even further than before, with a focus on managing cloud costs more efficiently and addressing the growing issue…

Read more →

With the rise of faster multi-gig internet speeds now available to more and more households, the growing number of connected devices per family and the ever-increasing growth of bandwidth hungry 4K/8K video streaming, HD Zoom calls, hybrid collaborative graphics-intensive work,…

Read more →

Neurotechnology has released MegaMatcher 13.0 that provides a range of products for developing multi-biometric solutions that require high accuracy, speed and scalability. The latest release features MegaMatcher SDK, MegaMatcher Accelerator and MegaMatcher ABIS updates and improvements and adds a new…

Read more →

ReversingLabs has unveiled new secrets detection features within its Software Supply Chain Security (SSCS) platform. ReversingLabs improves secrets detection coverage by providing teams with the context and transparency needed to prioritize developers’ remediation efforts, reduce manual triage fatigue, and improve…

Read more →

Cloudflare is entering the fraud detection market to help businesses identify and stop online fraud – including fraudulent transactions, fake account signups, account takeover attacks, and carding attacks – before it impacts their brand or their bottom line. Powered by…

Read more →

ESET researchers have uncovered a compromise of an East Asian data loss prevention (DLP) company. The attackers utilized at least three malware families during the intrusion, compromising both the internal update servers and third-party tools utilized by the company. This…

Read more →

If you are developing a modern medical, manufacturing, or logistics facility, there’s no doubt that a large portion of your investment was made into the electronic aspects of your device. Sensors, connected devices, and machinery are synchronized to deliver a…

Read more →

So, you want to deploy Kubernetes in an air-gapped environment, but after months of grueling work, you’re still not up and running. Or maybe you’re just embarking on the journey but have heard the horror stories of organizations trying to…

Read more →

As server-side security advances, more attackers are exploiting vulnerabilities and launching malicious attacks through the less protected and seldom monitored client-side supply chain. Unfortunately, because of these attacks’ sophisticated and subtle nature, they can be hard to detect until it’s…

Read more →

While massive public data breaches rightfully raise alarms, the spike in malware designed to exfiltrate data directly from devices and browsers is a key contributor to continued user exposure, according to SpyCloud. The 2023 report identified over 22 million unique…

Read more →

There is a consensus among MSPs and MSSPs that vCISO services pose an excellent opportunity for a new revenue stream, but how do you successfully do that? Watch this panel discussion to hear from MSSP leaders who already sell vCISO…

Read more →

Today, phishing is the fastest growing Internet crime, and a threat to both consumers and businesses. Finance, technology, and telecom brands were the most commonly impersonated industries, notably for the unprecedented access and financial benefit that bank accounts, email and…

Read more →

Startpage’s latest enhancements include private local in-map results, knowledge panels and instant answers, providing users with a more intuitive search experience while also prioritizing user privacy. They also feature what every user wants, fewer ads. Search results now incorporate information…

Read more →

Tanium has released its new certificate manager and enhanced policy management capabilities, offering organizations convenient tool consolidation, cost and time savings, and more accurate reporting via Tanium’s XEM platform. Organizations today struggle to see and manage digital certificates; the average…

Read more →

Motorola Solutions announced the new Avigilon physical security suite that provides secure video security and access control to organizations of all sizes around the world. The Avigilon security suite includes the cloud-native Avigilon Alta and on-premise Avigilon Unity solutions, each…

Read more →

Concentric AI announced a DSPM solution with support for optimized large language models delivering improved data security and protection. As a result, Concentric AI’s Semantic Intelligence delivers semantic understanding of data and leverages context to offer precise accuracy in discovering…

Read more →

Canonical is partnering with MediaTek to meet the growing demands of the IoT industry, reduce development costs and accelerate time-to-market. By partnering to enable Ubuntu on the Genio platform, MediaTek and Canonical will make it easier for developers, innovators and…

Read more →

Cloudflare announced new integrations with Atlassian, Microsoft, and Sumo Logic to help businesses of any size secure the tools and applications they rely on with enterprise-ready zero trust security. Now businesses will be able to use security insights from the…

Read more →

It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors. About CVE-2023-23397 “CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is…

Read more →

Organizations in critical infrastructure sectors whose information systems contain security vulnerabilities associated with ransomware attacks are being notified by the US Cybersecurity and Infrastructure Security Agency (CISA) and urged to implement a fix. A pilot program to strengthen critical infrastructure…

Read more →

Canonical announced its Ubuntu Core OS is now compatible with the Arm SystemReady IR system specification, enabling security best practices across connected devices. In addition, the OS has achieved the PSA Certified Level 1. Ubuntu Core is a minimal version…

Read more →

Old ads can be startling—cigarette ads used to boast their health-giving properties, sugar-laden candy was once advertised as a dietary aid, and soft drinks were advertised as a milk alternative for babies. None of this would fly today, of course,…

Read more →

Hopefully, you’ve been working with the Center for Internet Security (CIS) on securing your cloud infrastructure for a while now. Initially, you might have used our CIS Benchmarks and other free resources to manually configure your operating systems in the…

Read more →

BEC attacks are growing year over year and are projected to be twice as high as the threat of phishing in general, according to IRONSCALES and Osterman Research. 93% of organizations experienced one or more of the BEC attack variants…

Read more →

Skyhigh Security has seen firsthand how 33,000 enterprise users have accessed ChatGPT through corporate infrastructures. Almost 7 TB of data has been transacted with ChatGPT through corporate web and cloud assets between Nov 2022 – Feb 2023. In this Help…

Read more →

Managing user access in applications has always been a headache for any developer. Implementing policies and enforcing them can prove to be quite complex, and very time-consuming. Even if a homebrew authorization solution has been developed for an application, sooner…

Read more →

Adtran and Satelles collaboration will enable operators of critical infrastructure to safeguard their timing networks with Satellite Time and Location (STL) technology. By integrating Satelles’ STL into its Oscilloquartz network synchronization products, Adtran will provide an alternative to GNSS systems…

Read more →

OffSec (formerly Offensive Security) has released Kali Linux 2023.1, the latest version of its popular penetration testing and digital forensics platform, and the release is accompanied by a big surprise: a technical preview of Kali Purple, a “one stop shop…

Read more →

For those who haven’t followed the drama, Silicon Valley Bank has been shut down by the California Department of Financial Protection and Innovation, after a bank run that followed an insolvency risk and a stock crash. The Federal Deposit Insurance…

Read more →

The Transportation Security Administration (TSA) issued a new cybersecurity amendment to the security programs of certain TSA-regulated (airport and aircraft) operators in the aviation sector, following similar measures announced in October 2022 for passenger and freight railroad carriers. This is…

Read more →

Passwords are still the weakest link in an organization’s network, as proven by the analysis of over 800 million breached passwords, according to Specops Software. The study found 88% of passwords used in successful attacks consisted of 12 characters or…

Read more →

Keeping up with financial fraud is incredibly difficult because accurate fraud detection requires a deep, real-time analysis of all the events surrounding a transaction. Consider a typical payment transaction: A single transfer of funds to a new payee may not…

Read more →

Microsoft to boost protection against malicious OneNote documents Microsoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document – a known high-risk phishing file…

Read more →

ThreatBlockr and Engaged Security Partners announced a partnership focusing on “left of boom” protection to bring enhanced breach prevention to customers. Engaged Security Partners uses ThreatBlockr’s platform for threat intelligence management and integration into the network. Together, Engaged Security Partners’…

Read more →

Avast launched Avast One Platinum, the new premium tier of the Cyber Safety service, Avast One. The new Platinum offering combines the full feature set from Avast One Family with identity monitoring and protection, identity theft resolution and reimbursement, and…

Read more →

Aura announced a multi-year partnership with Robert Downey Jr. Through the partnership, Downey Jr. joins Aura’s Board of Directors, invests in the company and commits to working with Aura as a strategist and brand advocate, supporting consumer education. Honestly, the…

Read more →

Atera announced a new strategic partnership and integration with ESET, enabling Atera’s community of IT professionals to deploy anti-malware solutions to protect their customers. “As cyberattacks increase in sophistication and frequency, it is important that we partner with cybersecurity leaders…

Read more →

QuSecure has accomplished the first known live, end-to-end quantum-resilient cryptographic communications satellite link through space, marking the first time U.S. satellite data transmissions have been protected from classical and quantum decryption attacks using post-quantum cryptography (PQC). The quantum-secure communication to…

Read more →

Microsoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document – a known high-risk phishing file type. “Users will receive a notification when the…

Read more →

This week, as part of a global law enforcement operation, federal authorities in Los Angeles successfully confiscated www.worldwiredlabs.com, a domain utilized by cybercriminals to distribute the NetWire remote access trojan (RAT) allowed perpetrators to assume control of infected computers and…

Read more →

“In 2022, investment scam losses were the most (common or dollar amount) scheme reported to the Internet Crime Complaint Center (IC3),” the FBI shared in its 2022 Internet Crime Report. This category includes crypto-investment scams such as liquidity mining, celebrity…

Read more →

Every month I touch on a few hot topics related to security around patching and some important updates to look out for on the upcoming Patch Tuesday. Diligence to this ongoing patch process, and not luck, is critical to protecting…

Read more →

Sophos introduced innovative advancements to its portfolio of endpoint security offerings. New adaptive active adversary protection; Linux malware protection enhancements; account health check capabilities; an integrated zero trust network access (ZTNA) agent for Windows and macOS devices; and more improve…

Read more →

Economic uncertainty is squeezing organizations globally. Gartner predicts nearly half of cybersecurity leaders will change jobs by 2025. These findings are alarming but undoubtedly unsurprising in today’s IT landscape. In this Help Net Security video, Denis Dorval, VP of International…

Read more →

In 2022, US financial institutions and the credit card sector lost an estimated $4.88 billion to synthetic identities through falsified deposit accounts and unsecured credit cards. That’s because legacy fraud prevention procedures often come up short in the effort to…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 1Password, GrammaTech, Kensington, Palo Alto Networks, and Persona. New Kensington privacy screens protect against visual hacking The SA270 Privacy Screen for Studio Display (K50740WW), SA240…

Read more →

Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible. About CVE-2023-27532 The nature of CVE-2023-27532 has not been explained –…

Read more →

1Password has launched Unlock with Single Sign-On (SSO) which enables enterprise customers to use Okta for unlocking their 1Password accounts, with Azure AD and Duo integration to follow in the coming months. Unlock with SSO helps IT teams improve their…

Read more →

Hybrid work has exposed another area of vulnerability, with 70% of government workers reporting they work virtually at least some of the time, according to Ivanti. The proliferation of devices, users, and locations adds complexity and new vulnerabilities for government…

Read more →

Cado Security raised $20M in funding from Eurazeo, a global investment company, and Ten Eleven Ventures, a cybersecurity-focused, global, stage-agnostic investment firm. This latest investment brings the company’s total investment to $31.5M. The funds will build on the company’s impressive…

Read more →

ActiveFence has completed the acquisition of Rewire, a London-based startup that’s building AI for online safety. Combining ActiveFence’s Trust and Safety platform, content detection AI models and scalable API with Rewire’s repertoire of innovative text models will arm customers in…

Read more →

Atakama has partnered with Panzura to deliver a seamless end-to-end data management and protection solution. “The crippling impact of ransomware and data exfiltration is at an all-time high,” said Scott Glazer, CRO, Atakama. “This is why our integration with Panzura…

Read more →

Whistic has formed a collaboration with Google Cloud to provide customers with a transparent security profile, which includes a full Google Cloud Assessment Report. Google Cloud customers can now leverage Whistic’s Trust Catalog to view the latest security information. More…

Read more →

SecurityScorecard has unveiled a strategic partnership with the International Legal Technology Association (ILTA) to provide ILTA members with enterprise licenses to monitor their own organization and a portfolio of vendors, partners, or clients. “SecurityScorecard is committed to helping the global…

Read more →

Starting March 13, GitHub will gradually introduce the 2FA enrollment requirement to groups of developers and administrators, beginning with smaller groups. This measured approach allows the platform to ensure successful onboarding and make necessary adjustments before scaling to larger groups…

Read more →

ChatGPT has garnered a lot of questions about its security and capacity for manipulation, partly because it is a new software that has seen unprecedented growth (hosting 100 million users just two months following its launch). Security concerns vary from…

Read more →

Fortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy. None of the patched vulnerabilities is actively exploited, but Fortinet’s devices are often targeted by ransomware gangs and…

Read more →

Google One unveiled two exciting additions to its range of features. Firstly, VPN by Google One will now be available to all plans, offering additional security while carrying out online activities. Secondly, introducing the dark web report in the U.S.…

Read more →

In this Help Net Security video, David King, Director of Innovation at GlobalSign, discusses document signing. Digital signatures utilize advanced cryptographic technology to provide the highest level of security for electronic signatures, surpassing all other forms of e-signatures. Due to…

Read more →

GitGuardian scanned 1.027 billion new GitHub commits in 2022 (+20% compared to 2021) and found 10,000,000 secrets occurrences (+67% compared to 2022). What is interesting beyond this ever-increasing number is that 1 code author out of 10 exposed a secret…

Read more →

Healthcare and financial services organizations have embraced cloud technology due to the ease of managing increasing volumes of data, according to Blancco. Cloud adoption has had significant effects on data classification, minimization, and end-of-life (EOL) data disposal. However, 65% of…

Read more →

Trend Micro’s overall threat detections increased by 55%, and the number of blocked malicious files surged by 242% due to indiscriminate targeting by threat actors who went after both consumers and organizations in all sectors. Trends for 2022 and beyond…

Read more →

Digitization and the heavy adoption of connected devices are enabling organizations to reach new heights and, at the same time, have intensified the threat landscape and extended the attack surface. As organizations work to reap the benefits of the IT,…

Read more →

11:11 Systems has announced general availability of 11:11 Managed Backup for Cohesity, a fully managed service for on-premises data protection. By combining Cohesity’s solution deployed on-site with 11:11’s onboarding, configuration and ongoing management, customers get comprehensive protection from a secure,…

Read more →

GrammaTech has unveiled a new version of its CodeSentry binary SCA platform that is available in three editions. Unlike source-code SCA tools that only inspect components under development, CodeSentry analyzes the binary that executes to identify all components or vulnerabilities…

Read more →

Code42 Software and SentinelOne have formed a new partnership that integrates the Code42 Incydr solution with the SentinelOne Singularity Platform. This integration grants users additional visibility over their most sensitive data and expands response capabilities in the event of an…

Read more →

CTERA seamlessly integrates Concentric AI‘s Semantic Intelligence solution into customer environments by deploying an edge filer that acts as a cache server for Concentric AI’s data security posture management capabilities. Together, the partnership helps joint customers find, evaluate, store, and…

Read more →

In this Help Net Security video, Avani Desai, CEO at Schellman, talks about how teaching STEM subjects like cybersecurity is essential for addressing the staffing crisis and ensuring that organizations have the talent to protect themselves from cyber threats in…

Read more →

With 10% of startups failing in the first year, making wise and future-proof decisions for your new cybersecurity venture is essential. Building the perfect cybersecurity startup As society adapts to an increasingly digital world, opportunities for cybercrime and attacks are…

Read more →

92% of organizations have fallen victim to successful phishing attacks in the last 12 months, while 91% of organizations have admitted to experiencing email data loss, according to Egress. Not surprisingly, 99% of cybersecurity leaders confess to being stressed about…

Read more →

After combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, the results clearly illustrate that the API threat landscape is becoming more dangerous, according to Wallarm. API attack…

Read more →

Kensington has expanded its robust portfolio of data protection solutions with the launch of three new privacy screens. The SA270 Privacy Screen for Studio Display (K50740WW), SA240 Privacy Screen for iMac 24” (K55170WW), and MagPro Elite Magnetic Privacy Screen for…

Read more →

Akamai Technologies has introduced the Akamai Hunt security service that enables customers to capitalize on the infrastructure of Akamai Guardicore Segmentation, Akamai’s global attack visibility, and expert security researchers to hunt and remediate the most evasive threats and risks in…

Read more →

Persona has launched Graph to help businesses stop online identity fraud. Leveraging advanced link analysis technology and a configurable query, Graph detects risky connections between users, enabling organizations to uncover and proactively block hard-to-detect fraud. Risk and compliance teams now…

Read more →

SANS Institute has launched the SANS Cloud Diversity Academy (SCDA) in collaboration with Google. This academy provides training and certifications to Black, Indigenous, and People of Color (BIPOC), women, and other underrepresented groups who are passionate about pursuing a technical…

Read more →

When it comes to data breaches, organizations are generally informed about the risks and procedures for mitigating them. They can (typically) respond with minimal collateral damage. But the impact a data breach can have on individuals can be devasting; getting…

Read more →

ESET researchers have analyzed MQsTTang, a custom backdoor that they attribute to the China-aligned Mustang Panda APT group. This backdoor is part of an ongoing campaign that ESET can trace back to early January 2023. Execution graph showing the subprocesses…

Read more →

Serious security vulnerabilities have been identified in multiple DJI drones. These weaknesses had the potential to allow users to modify crucial drone identification details such as its serial number and even bypass security mechanisms that enable authorities to track both…

Read more →

Palo Alto Networks released new Identity Threat Detection and Response (ITDR) module for Cortex XSIAM, enabling customers to ingest user identity and behavior data and deploy AI technology to detect identity-driven attacks within seconds. The module further strengthens XSIAM’s ability…

Read more →

F5 and Visa join forces to enable merchants to securely reduce login friction for their customers. Customers expect seamless commerce experiences and transactions to be secure. Yet, in today’s digital-first world, customers are under threat from bad actors looking to…

Read more →

Resecurity accelerates Digital Forensics & Incident Response Services portfolio with the newly appointed industry professional, Akash Rosen. Akash Rosen is a recognized digital forensics expert and investigator. He assisted international law enforcement on numerous cases related to online-banking theft, financial…

Read more →

An unknown threat actor has discreetly compromised business-grade DrayTek routers in Europe, Latin and North America, equipping them with a remote access trojan (dubbed HiatusRAT) and a packet capturing program. “The impacted models are high-bandwidth routers that can support VPN…

Read more →

In a joint effort, the German Regional Police, Ukrainian National Police, Europol, Dutch Police, and FBI joined forces on February 28, 2023, to take down the masterminds behind a notorious criminal organization responsible for unleashing devastating cyberattacks using the DoppelPaymer…

Read more →

A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available. Patches for the flaw – which affects a wide variety of…

Read more →

Today’s business leaders are grappling with two opposing challenges. On the one hand, present day global economic and recessionary pressures mean spending policies need to be reviewed and cash reserves built up. On the other hand, the volume and increasing…

Read more →

In today’s digital age, cybersecurity and privacy have become major concerns for internet users. With the increase in cyber attacks and data breaches, it is vital to protect your online privacy and security. One way to do this is by…

Read more →

92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, according to Approov. The Approov Mobile Threat Lab downloaded, decoded and scanned the top 200 financial…

Read more →

Recently, Claroty released its State of XIoT Security Report, which shares analyses of publicly disclosed vulnerabilities affecting operational technology (OT), internet of things (IoT) devices, and most recently, the internet of medical things (IoMT). In this Help Net Security video,…

Read more →

OneTrust introduces OneTrust Certification Automation to the OneTrust ecosystem to help organizations navigate the complex and evolving regulatory landscape. OneTrust Certification Automation brings together automation, pre-built policies, and controls for 29 industry frameworks, over 100 integrations, and tailored guidance from…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google Cloud Platform allows data exfiltration without a (forensic) trace Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving…

Read more →

Akamai Technologies reached a definitive agreement to acquire Ondat, a cloud-based storage technology provider with a Kubernetes-native platform for running stateful applications anywhere at scale. Ondat’s technology delivers persistent storage directly onto any Kubernetes cluster for running business-critical, stateful applications…

Read more →

Snowflake and Amazon Web Services (AWS) have unveiled a multi-year expansion of their partnership, with Snowflake growing its AWS spend and both companies jointly contributing millions of dollars to support go-to-market efforts. The expansion of the collaboration will take a…

Read more →

The Trusted Cybersecurity Services (TCS) solution, a hosted intrusion detection service that utilizes classified government threat intelligence to identify and address existing, potential, and emerging cyber threats on an organization’s network, has been introduced by Viasat. The service leverages cyber…

Read more →

Hewlett Packard Enterprise (HPE) revealed that it entered into a definitive agreement to acquire Axis Security, a cloud security provider. This acquisition will allow HPE to expand its edge-to-cloud security capabilities by offering a unified Secure Access Services Edge (SASE)…

Read more →

Spec and Fingerprint joined forces to provide companies with an solution that tackles fraud while ensuring a seamless customer experience. By integrating Fingerprint’s device identification technology into its no-code Trust Cloud platform, Spec can now offer its customers accuracy in…

Read more →

A new plug-in, created by Microsoft and MITRE, integrates various open-source software tools to aid cybersecurity professionals in bolstering their defenses against attacks on machine learning (ML) systems. The Arsenal tool implements tactics and techniques defined in the MITRE ATLAS…

Read more →

Ermetic revealed that its Cloud Native Application Protection Platform (CNAPP) can now automatically detect and correct misconfigurations, compliance violations, and risky or excessive privileges in Kubernetes clusters for its customers. Unlike traditional Kubernetes security tools, Ermetic combines signals from the…

Read more →

While there was a reduction in the widespread exploitation of new vulnerabilities in 2022, the risk remains significant as broad and opportunistic attacks continue to pose a threat, according to Rapid7. Deploying exploits Attackers are developing and deploying exploits faster…

Read more →