Tag: Help Net Security

Known vulnerabilities – those for which patches have already been made available – are the primary vehicle for cyberattacks, according to Tenable. The Tenable report categorizes important vulnerability data and analyzes attacker behavior to help organizations inform their security programs…

Read more →

To unleash the power of AI, it’s essential to integrate some human input. The technical term is Reinforcement Learning from Human Feedback (RLHF): a machine-learning technique that uses human feedback to train and improve the accuracy of an AI model.…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Fastly, Forescout, ManageEngine, and Veeam Software. Forescout XDR enables SOC teams to reduce the attack surface Forescout XDR is an eXtended detection and response…

Read more →

ManageEngine has added a security and risk posture management dashboard to Log360, its unified security information and event management (SIEM) solution with integrated DLP and CASB capabilities. Enterprises can leverage this new feature to implement proactive security strategies and prevent…

Read more →

WatchGuard launched ThreatSync, a comprehensive XDR solution included as part of WatchGuard’s Unified Security Platform architecture that provides XDR technology for WatchGuard Network and Endpoint Security products. WatchGuard ThreatSync equips organizations with XDR capabilities to centralise cross-product detections and orchestrate…

Read more →

Fastly introduced Fastly Managed Security Service, a service for threat detection and response available around the clock, aimed at assisting businesses in mitigating the risk of web application attacks and minimizing the costs incurred due to lost transactions. Available to…

Read more →

Forescout revealed Forescout XDR, a solution designed to aid enterprises in detecting, investigating, and responding to an extensive range of sophisticated threats throughout their extended enterprise. A typical SOC is flooded with 450 alerts per hour, and analysts waste precious…

Read more →

The AI Bill of Rights, bias, and operational challenges amid tightening budgets are pressing issues affecting the adoption of ML as well as project and initiative success, according to Comet. “Our latest survey comes as ML practitioners are facing a…

Read more →

For many years now, unsecured internet-facing Redis servers have been steadily getting co-opted by criminals to mine cryptocurrency, so the latest cryptojacking campaign spotted by Cado Labs researcher cannot be considered news. But one its elements points to a new…

Read more →

The National Cybersecurity Strategy was unveiled today by the Biden-Harris Administration. The Strategy recognizes that government must use all tools of national power in a coordinated manner to protect national security, public safety, and economic prosperity. The United States will…

Read more →

ESET researchers have published the first analysis of a UEFI bootkit capable of circumventing UEFI Secure Boot, a critical platform security feature. The functionality of the bootkit and its features make researchers believe that it is a threat known as…

Read more →

Appdome has released its next generation ThreatScope product, delivering Extended Detection and Response (XDR) for consumer mobile apps and brands globally. Mobile brands gain the power and agility of XDR to address any cyber, fraud and other attacks in the…

Read more →

With the EU Cyber Resilience Act (CRA), the industry is dealing with one of the strictest regulatory requirements. Manufacturers, importers and even distributors of products with digital elements – in other words, anything with a microchip – will be required…

Read more →

Apps, whether for communication, productivity or gaming, are one of the biggest threats to mobile security, according to McAfee. The end of 2022 saw the release of some game-changing applications such as OpenAI’s ChatGPT chatbot and DALL-E 2 image generator.…

Read more →

A cybersecurity technique that shuffles network addresses like a blackjack dealer shuffles playing cards could effectively befuddle hackers gambling for control of a military jet, commercial airliner, or spacecraft, according to Sandia National Laboratories and Purdue University researchers. However, the…

Read more →

In this Help Net Security video interview, James Edgar, CISO at Fleetcor, discusses what consequences SMBs are most concerned about when it comes to cyberattacks, what technology SMBs are most interested in, and much more. The post Uncovering the most…

Read more →

ThreatNG announced its agentless Cloud and SaaS Exposure Module as a part of its External Attack Surface Management (EASM) and Digital Risk solution. The ThreatNG “Cloud and SaaS Exposure” Module supports the following vendors and technology categories: Amazon Web Services…

Read more →

ReasonLabs FamilyKeeper parental control app helps make parenting easier in the digital world by equipping parents with the tools they need to protect their kids online. Data shows that kids face numerous significant risks online. For example: 51% of teenagers…

Read more →

Radiant Logic announced redesigned Identity Data Platform, offering an identity-first approach to security and business decisions. To drive confident policies, enterprises need real-time access to a tremendous amount of data, synchronized across hybrid and complex environments. It must be accurate,…

Read more →

Pliant launched Observability Automation solution developed specifically for leading performance monitoring vendors and their customers. The Pliant Observability Solution elevates performance monitoring for operations teams at large enterprises, carriers, and managed service provider organizations. This new offering revolutionizes how teams…

Read more →

Appdome has released its next generation ThreatScope product, delivering Extended Detection and Response (XDR) for consumer mobile apps and brands globally. Mobile brands gain the power and agility of XDR to address any cyber, fraud and other attacks in the…

Read more →

HCLSoftware and SolarWinds are expanding their partnership to build an end-to-end 5G network observability platform from Cloud to RAN (Radio Access Network). This joint AI-based solution combines HCLSoftware’s Augmented Network Automation (HCL ANA) platform, HCL DRYiCE iObserve powered by SolarWinds,…

Read more →

With access control as a cornerstone of physical security, and today’s businesses requiring more advanced tools, Axis Communications and Genetec have partnered to introduce an enterprise-level access control solution. Axis Powered by Genetec combines Axis network door controllers and Genetec…

Read more →

Otorio and Compugen have formed a business partnership to protect customers against industrial cyber threats to OT environments. Through the alliance, Otoeio’s comprehensive OT solution and Compugen’s professional services will empower global industrial customers with a powerful way to combat…

Read more →

InQuest appointed Darren Spruell, a seasoned information security professional, as its Chief Intelligence Officer. Darren brings an array of technical skills bolstered by intense curiosity and a passion for continual mastery. Darren’s career includes specialties in several areas of cybersecurity,…

Read more →

Your technology is always changing, and you often end up playing catchup to secure it. This is difficult in the cloud when you share security responsibility with the cloud service providers (CSP). You need to know what’s changing so that…

Read more →

Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s storage access logs, Mitiga researchers have discovered. GCP data exfiltration attack (Source: Mitiga) Covert data exfiltration…

Read more →

What DNS abuse techniques are employed by cyber adversaries and which organizations can help incident responders and security teams detect, mitigate and prevent them? The DNS Abuse Techniques Matrix published by FIRST provides answers. The Domain Name System (DNS) is…

Read more →

When it comes to assessing the security of computer systems, penetration testing tools are critical for identifying vulnerabilities that attackers may exploit. Among these tools, Burp Suite stands out as one of the most popular and widely used options among…

Read more →

Developers care about the quality and security of their code, and when empowered to help, developers make great security advocates who can help harden your supply chain security while reducing the burden on DevOps and security teams. Introducing security tools…

Read more →

Successful attacks on systems no longer require zero-day exploits, as attackers now focus on compromising identities through methods such as bypassing MFA, hijacking sessions, or brute-forcing passwords, according to Oort. “The vast majority of successful breaches in the past year…

Read more →

2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall. “The past year reinforced the need for cybersecurity…

Read more →

In this Help Net Security video, Frank Catucci, CTO, and Dan Murphy, Distinguished Architect at Invicti Security, break down the different types of application security testing tools, explore the strengths and tradeoffs, and provide you with the information you need…

Read more →

AlertEnterprise revealed the launch of its Guardian AI Chatbot powered by OpenAI ChatGPT. The Guardian AI Chatbot is developed with the world-renowned GPT-3 platform created by OpenAI and is designed to instantly deliver security operators the physical access and security…

Read more →

Your technology is always changing, and you often play catchup to secure it. This isn’t easy in the cloud when you share security responsibility with the cloud service providers (CSP). You need to know what’s changing so that you can…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Arkose Labs, Cequence Security, CyberGRX, CyberSaint, Deepwatch, DigiCert, Finite State, FireMon, Hornetsecurity, HYCU, KELA, Lacework, Malwarebytes, Netography, Neustar Security Services, Nudge Security, OPSWAT, SecuriThings, Trulioo,…

Read more →

VMware has delivered new and enhanced remote worker/device connectivity and intelligent wireless capabilities to its SD-WAN and SASE customers. Relatedly, VMware announced an expanded collaboration with Intel to deliver new edge appliances featuring 5G connectivity allowing support for additional SD-WAN…

Read more →

Veeam Software has released new Veeam Backup for Microsoft 365 v7, backup and recovery solution for Microsoft 365 including Microsoft Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams. The latest version of Veeam Backup for Microsoft 365 strengthens…

Read more →

Thales and Qualcomm Technologies have announced the certification of the commercially deployable iSIM (Integrated SIM) on the Snapdragon 8 Gen 2 Mobile Platform, enabling the functionality of a SIM within a smartphone’s main processor. Such GSMA’s security certification2 confirms the…

Read more →

Cyolo introduced partner program designed to help organizations enhance their cybersecurity capabilities for protecting sensitive systems and applications. The newly redesigned program will provide partners with a high profit margin through a simplified reseller structure and richer tools, including access…

Read more →

LastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company’s third-party cloud storage service that hosted backups: “The threat actor leveraged information stolen…

Read more →

The old phrase “sharing is caring” is something that Faye Francy has seen revolutionize entire industries. From her years as a Boeing Commercial Airplanes Cybersecurity ONE team leader, to Aviation-ISAC, and ultimately becoming the Executive Director of Automotive-ISAC, Faye has…

Read more →

Employees are providing hundreds to thousands of third-party apps with access to the two most dominant workspaces, Microsoft 365 and Google Workspace, according to Adaptive Shield. With no oversight or control from security teams, companies have no way to quantify…

Read more →

BEC (Business Email Compromise) attacks have become increasingly prevalent in recent years, with cybercriminals using a variety of tactics to gain access to sensitive information and steal money from businesses. While many people may assume that these attacks are primarily…

Read more →

While moving to the cloud increases efficiency and business agility, security strategies haven’t been adapted to account for this shift and traditional tools can’t effectively manage the unique associated risks. CISOs that ignore the risks are left completely exposed and…

Read more →

Cyber attack risks faced by businesses across states and reported data breaches are relative to the respective state governments’ cybersecurity investment, according to Network Assured. Study methodology Network Assured compared data from State Attorneys Generals and the Department of Health…

Read more →

Vouched announced $6.3 million financing led by BHG VC and SpringRock Ventures, as well as prior investors Darrell Cavens and Mark Vadon. Vouched’s expansion plans build upon the company’s rapid growth over the past year. The company now serves more…

Read more →

Red Hat extend partnership with Samsung to introduce a virtualized radio access network (vRAN) solution that offers advanced integration and automation features. The technology will be designed to help service providers better manage networks at scale while also addressing the…

Read more →

LiveRamp has expanded its partnership with Snowflake to upgrade its product capabilities built natively on Snowflake and increase data connectivity for next-generation, post-cookie marketing in the cloud. By building LiveRamp’s data activation solutions using Snowflake’s Native Application Framework, currently in…

Read more →

After having stressed the importance of keeping Exchange servers updated last month, Microsoft is advising administrators to widen the scope of antivirus scanning on those servers. Microsoft Exchange servers in attackers’ crosshairs Cyber attackers love to target Microsoft Exchange servers,…

Read more →

QNAP Systems, the Taiwanese manufacturer of popular NAS and other on-premise storage, smart networking and video devices, has launched a bug bounty program with rewards of up to US $20,000. QNAP’s NAS devices, in particular, have been getting hit in…

Read more →

Newly released Federal Trade Commission (FTC) data shows that consumers reported losing nearly $8.8 billion to fraud in 2022, an increase of more than 30 percent over the previous year. Losing money to investment and imposter scams Consumers reported losing…

Read more →

Resecurity identified one of the largest investment fraud networks by size and volume of operations created to defraud Internet users from Australia, Canada, China, Colombia, European Union, India, Singapore, Malaysia, United Arab Emirates, Saudi Arabia, Mexico, the U.S. and other…

Read more →

The threat landscape and organizations’ attack surface are constantly transforming, and cybercriminals’ ability to design and adapt their techniques to suit this evolving environment continues to pose significant risk to businesses of all sizes, regardless of industry or geography. Destructive…

Read more →

In this Help Net Security video, Caroline Wong, Chief Strategy Officer at Cobalt, offers valuable insight into what leaders can do to instill stronger cybersecurity practices from the bottom up and prevent breaches. The post Stay one step ahead: Cybersecurity…

Read more →

In today’s data-driven world, the expectations and demands faced by many organizations worldwide are reaching unseen levels. To meet the challenge, a data-driven approach is necessary, with effective digital transformation needed to improve operational efficiency, streamline processes, and get more…

Read more →

Enterprise risk management (ERM) teams are struggling to effectively mitigate third-party risk in an increasingly interconnected business environment, according to Gartner. ERM struggles to elevate the right issues In a Gartner survey of 100 executive risk committee members in September…

Read more →

Contrast Security expands Contrast Serverless Application Security offering to support Microsoft Azure Functions and enable customers to scan for security vulnerabilities on multi-cloud environments. Organizations are rapidly adopting serverless and cloud-native development due to their inherent benefits. However, companies struggle…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google Protected Computing: Ensuring privacy and safety of data regardless of location In this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy,…

Read more →

Last year, Microsoft announced automatic attack disruption capabilities in Microsoft 365 Defender, its enterprise defense suite. On Wednesday, it announced that these capabilities will now help organizations disrupt two common attack scenarios: BEC (business email compromise) and human-operated ransomware attacks.…

Read more →

Edgio has enhanced its Security platform enabling enterprises to better detect and respond to emerging threats while ensuring confidentiality, integrity and availability of their data and applications. These new capabilities are aimed at reducing the damage caused by the increase…

Read more →

Although ransomware‘s share of incidents declined only slightly from 2021 to 2022, defenders were more successful detecting and preventing ransomware, according to IBM. Despite this, attackers continued to innovate with the report showing the average time to complete a ransomware…

Read more →

In this Help Net Security video interview, Huxley Barbee, lead organizer of BSidesNYC 2023, talks about the upcoming event. BSidesNYC 2023 will take place at the John Jay College of Criminal Justice on April 22, 2023. The post What to…

Read more →

The war in Ukraine has seen the emergence of new forms of cyberattacks, and hacktivists became savvier and more emboldened to deface sites, leak information and execute DDoS attacks, according to Trellix. “Q4 saw malicious actors push the limits of…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from CyberGRX, Lacework, Malwarebytes, Netography, Nudge Security, and Xcitium. Malwarebytes Application Block restricts access to outdated and unsafe apps Malwarebytes has added Malwarebytes Application Block to…

Read more →

By 2025, nearly half of cybersecurity leaders will change jobs, 25% for different roles entirely due to multiple work-related stressors, according to Gartner. “Cybersecurity professionals are facing unsustainable levels of stress,” said Deepti Gopal, Director Analyst, Gartner. “CISOs are on…

Read more →

Darktrace has launched Darktrace Newsroom, an AI-driven system that continuously monitors open-source intelligence sources for new critical vulnerabilities and assesses each organization’s exposure through its in-depth knowledge of their unique external attack surface. Darktrace’s knowledge of “self” means it can…

Read more →

Edgio has enhanced its Security platform enabling enterprises to better detect and respond to emerging threats while ensuring confidentiality, integrity and availability of their data and applications. These new capabilities are aimed at reducing the damage caused by the increase…

Read more →

Following recent U.S. state government and other organization bans on TikTok and other social media platforms, Netography announced enhancements to Netography Fusion’s operational governance dashboards, providing analysts with real-time comprehensive views of all social media traffic. These capabilities enable customers…

Read more →

Atos has launched its new ‘5Guard’ security offering for organizations looking to deploy private 5G networks and for telecom operators looking to enable integrated, automated, and orchestrated security to protect and defend their assets and customers. A new end-to-end 5G…

Read more →

Deloitte EMEA-LATAM Cybersphere Center (ECC) and Cyberbit have announced a strategic partnership that will drive cyber readiness across industries by focusing on the human element of cybersecurity. Cyberbit delivers a holistic approach to developing cyber readiness that emphasizes the human…

Read more →

Metomic has raised a $20 million Series A funding round. The round is led by Evolution Equity Partners with participation from Resonance and Connect Ventures. The investment will be used for U.S. expansion efforts and research and development initiatives. It…

Read more →

Privacera and Databricks users can now facilitate data discovery and consistent data access across the Databricks Lakehouse Platform, including seamless migration of existing Privacera policies. With this latest integration, Privacera increases the ability for its users to provide a holistic…

Read more →

The massive popularity of OpenAI’s chatbot ChatGPT has not gone unnoticed by cyber criminals: they are exploiting the public’s eagerness to experiment with it to trick users into downloading Windows and Android malware and visit phishing pages. Fake ChatGPT apps…

Read more →

The economic downturn predicted for 2023 will lead to layoffs but cybersecurity workers will be least affected, says the latest (ISC)² report. Also, as soon as things get better, they will likely be the first ones to get (re)hired. Execs…

Read more →

Rezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools. The research revealed numerous high-severity/critical vulnerabilities hidden in hundreds of popular container images, downloaded billions of…

Read more →

Organizations face an average of six breaches in their SaaS supply chain every year, according to new data published by Nudge Security. With threat actors like Lapsus$ exploiting this modern attack surface, securing it has become a top cybersecurity priority…

Read more →

CyberGRX launched a new capability, Portfolio Risk Findings, allowing customers to gain visibility into their organization’s specific control coverages gapped by the riskiest third parties through the lens of any framework or threat profile. With Portfolio Risk Findings, CyberGRX will…

Read more →

Netwrix has released Netwrix Privilege Secure (formerly Netwrix SbPAM), which expands its zero standing privileges (ZSP) approach to databases to ensure privileged accounts exist for only as long as needed. “Netwrix Privilege Secure now eliminates standing privileged accounts across on-premises…

Read more →

Malwarebytes has added Malwarebytes Application Block to its Nebula and OneView endpoint protection platforms. The new threat prevention module helps resource-strained security teams guard against unsafe third-party Windows applications, meet key compliance requirements and encourage productivity without adding management complexity.…

Read more →

Lacework has released composite alerts on the Lacework Polygraph Data Platform, to help customers detect compromised credentials, cloud ransomware, and cryptomining that would otherwise go unnoticed. By combining human intelligence with the automatic correlation of disparate alerts, Lacework generates a…

Read more →

Bitdefender has unveiled Bitdefender Premium Security Plus, a new security suite that provides threat prevention and detection, a fully featured password manager to keep credentials safe, secure virtual private network (VPN) for online privacy, and 24/7 digital identity protection monitoring.…

Read more →

Xcitium has unveiled its endpoint security solution, ZeroDwell Containment, for customers with or without legacy EDR products. Xcitium multi-patented technology closes the gaps in enterprise cybersecurity defenses left by traditional detection methods. According to Tim Bandos, EVP of SOC services…

Read more →

84% of codebases contain at least one known open-source vulnerability, a nearly 4% increase from last year, according to Synopsys. The findings of the report deliver an in-depth look at the current state of open source security, compliance, licensing, and…

Read more →

94% of CISOs report being stressed at work, with 65% admitting work-related stress issues are compromising their ability to protect their organization, according to Cynet. Among the CISOs surveyed, 100% said they needed additional resources to adequately cope with current…

Read more →

Amid uncertain economic conditions, the technology sector has been a hot topic of discussion in recent months due to the mass amounts of layoffs across the industry. In this Help Net Security video, Nick Tausek, Lead Security Automation Architect at…

Read more →

NetSPI has appointed Scott Lundgren and John Spiliotis to its Board of Directors. The two veteran security industry executives will support the company’s next stage of growth following a year of record momentum. “We’re honored to have Scott and John…

Read more →

Sublime has launched open email security platform and raised $9.8 million in funding. The platform has been in private beta testing for more than a year and is already in use at dozens of organizations, including Fortune 500s, Global 2000s,…

Read more →

DarkLight and Resecurity partnership will give DarkLight access to Resecurity’s threat intelligence solution called Context, which identifies indications of cyber intrusions and data breaches for clients. This will give DarkLight the ability to provide comprehensive risk assessments tailored to each…

Read more →

VMware has fixed a critical vulnerability (CVE-2023-20858) in Carbon Black App Control, its enterprise solution for preventing untrusted software from executing on critical systems and endpoints. Even though the flaw has been privately reported to VMware, and there is no…

Read more →

In this Help Net Security video, J.R. Cunningham, CSO at Nuspire, discusses IoT cybersecurity concerns for 2023. With homes becoming increasingly connected and reliant on smart technology, the potential for cybercriminals to exploit vulnerabilities and wreak havoc is higher than…

Read more →

Enterprises looking to modernize their APIs are increasingly switching from the REST architecture to the open-source data query and manipulation language GraphQL. While the transition makes sense – GraphQL is more flexible, scalable, and easier for developers to use –…

Read more →

Cloud adoption among organizations has increased dramatically over the past few years, both in the range of services used and the extent to which they are employed, according to Info-Tech Research Group. However, network builders tend to overlook the vulnerabilities…

Read more →

Researchers identified 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022 – marking a 19% increase year-over-year. Threat actors are actively searching the internet and deep and dark web for 180 vulnerabilities known…

Read more →

Catalogic Software has unveiled a new bundled offering of its native back-up-as-a-service platform CloudCasa and Ondat. This combined CloudCasa and Ondat offering provides customers with a unified solution to run their stateful applications on Kubernetes, without worrying about availability, performance,…

Read more →

Mitigating persistent cyber threats has made network security mission critical for businesses of all sizes. The 2022 U.S. Cybersecurity Census Report found that the average business experiences 42 cyberattacks each year, amplifying the need for a comprehensive solution. Perimeter 81…

Read more →

Horizon3’s Attack Team has released a PoC exploit for CVE-2022-39952, a critical vulnerability affecting FortiNAC, Fortinet’s network access control solution. “Similar to the weaponization of previous archive vulnerability issues that allow arbitrary file write, we use this vulnerability to write…

Read more →

Cryptocurrency exchange Coinbase has fended off a cyberattack that might have been mounted by the same attackers that targeted Twillio, Cloudflare and many other companies last year. Leveraging smishing and vishing, the attackers tried to trick Coinbase employees into sharing…

Read more →

In this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about Protected Computing, the impact of data protection regulations, and privacy in general. Data protection regulations are rapidly developing globally. What…

Read more →

Understanding why ChatGPT is garnering so much attention takes a bit of background. Up until recently, AI models have been quite “dumb”: they could only respond to specific tasks when trained on a large dataset providing context on what to…

Read more →