Tag: Help Net Security

The rapid evolution of cybercrime is weighing on security teams substantially more than it did last year, leading to widespread burnout and potential regulatory risk, according to Magnet Forensics. “Digital forensics and incident response teams have proven to be indispensable…

Read more →

The ongoing cybersecurity skills shortage is a critical issue plaguing organizations and causing serious problems. The lack of trained and qualified professionals in the field has resulted in numerous security breaches, leading to the loss of large amounts of money.…

Read more →

SANS Security Awareness, a division of the SANS Institute, launched its new short-form technical training modules, “Security Essentials for IT Administrators.” This series provides a comprehensive review of cybersecurity principles, specifically targeting those with a foundational understanding of IT systems…

Read more →

Twitter has announced that starting with March 20, users who don’t pay the Twitter Blue subscription will no longer be able to use the SMS-based two-factor authentication (2FA) option. “While historically a popular form of 2FA, unfortunately we have seen…

Read more →

If an organization relies on automation and tools to highlight API security issues, it is still up to a trained developer to manage API behavior. Since there is no standard for managing APIs, organizations must rely on more than tools…

Read more →

Despite economic volatility and tighter budgets, adoption of software as a service (SaaS) continues to increase. Gartner forecasts a 16.8% growth for SaaS in 2023 as companies – including SMBs – add new SaaS platforms to their IT stack. This…

Read more →

Scientists have taken a key step toward harnessing a form of artificial intelligence known as deep reinforcement learning, or DRL, to protect computer networks. Autonomus cyber defense framework When faced with sophisticated cyberattacks in a rigorous simulation setting, deep reinforcement…

Read more →

Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities (CVE-2022-39952, CVE-2021-42756) affecting its FortiNAC and FortiWeb solutions. Since cyberattackers love to exploit vulnerabilities in Fortinet enterprise solutions and a PoC exploit for…

Read more →

The number of data breaches affecting healthcare providers declined in the second half of 2022, consistent with a downward trend over the past two years, according to Critical Insight. Healthcare industry sees a decrease in data breaches A deeper dive…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Combining identity and security strategies to mitigate risks The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the…

Read more →

Alteryx has unveiled new self-service and enterprise-grade capabilities to its Alteryx Analytics Cloud Platform to help customers make faster and more intelligent decisions. The enhanced platform, which now includes all access for Designer Cloud, offers an approachable easy-to-use drag-and-drop modern…

Read more →

Opsera has released the latest enhancements to its Salesforce DevOps platform that ensures the highest security and compliance standards are met for Salesforce releases through source-driven development and native integrations with security tools. Continuous security with Opsera’s Salesforce DevOps platform…

Read more →

RSA Conference announced its initial lineup of keynote speakers for its upcoming Conference, taking place at the Moscone Center in San Francisco from April 24-27, 2023. Speakers include Lisa Monaco, the Deputy Attorney of the United States, Rumman Chowdhury, a…

Read more →

Dynatrace has formed a strategic technology alliance with Snyk to make software delivery more secure. The alliance will leverage the DevSecOps Lifecycle Coverage with Snyk app, built using the new Dynatrace AppEngine. This app is designed to connect Snyk container…

Read more →

Cisco has released security updates for several of its enterprise security and networking products, fixing (among other things): A critical vulnerability (CVE-2023-20032) in the ClamAV scanning library used by its Secure Endpoint, Secure Endpoint Private Cloud, and Secure Web Appliance,…

Read more →

A joint investigation supported by Europol has led to the dismantling of a Franco-Israeli criminal network involved in large-scale CEO fraud (also known as BEC scams). The operational activities resulted in five action days, which took place between January 2022…

Read more →

ESET has launched its threat intelligence services, designed to extend an organizations’ security intelligence. These new commercially available reports provide deeper insights and actionable guidance from ESET’s renowned global research teams about specific threat vectors and attack sources. Now corporations…

Read more →

Cyber-physical system vulnerabilities disclosed in the second half (2H) of 2022 have declined by 14% since hitting a peak during 2H 2021, while vulnerabilities found by internal research and product security teams have increased by 80% over the same time…

Read more →

In this Help Net Security video, Daniel Dos Santos, Head of Security Research at Forescout, talks about recent research, which has revealed how attackers can move laterally between vulnerable networks and devices found at the controller level of critical infrastructure.…

Read more →

Recently, Entrust named Bhagwat Swaroop as President, Digital Security Solutions. In this role, Bhagwat will lead the evolution, growth, and expansion of the Entrust Digital Security portfolio, which includes solutions for data encryption, public and private certificate authorities, identity and…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from CyberSaint, DigiCert, Finite State, FireMon, and Veeam Software. CyberSaint Executive Dashboard empowers CISOs to take control of cyber risk communication The Executive Dashboard is the…

Read more →

Dynatrace AppEngine platform technology empowers customers and partners with an easy-to-use, low-code approach to create custom, compliant, and intelligent data-driven apps for their IT, development, security, and business teams. These custom apps can address boundless BizDevSecOps use cases and unlock…

Read more →

IGEL has announced IGEL COSMOS, a unified platform to securely manage and automate the delivery of digital workspaces, from any cloud. Offering a modular architecture, granular endpoint control and end-user freedom, COSMOS is designed to enable organizations to garner the…

Read more →

ESET has launched its threat intelligence services, designed to extend an organizations’ security intelligence. These new commercially available reports provide deeper insights and actionable guidance from ESET’s renowned global research teams about specific threat vectors and attack sources. Now corporations…

Read more →

Rhymetec has launched two new service offerings for SaaS companies: PCI Compliance Scanning and Phishing Testing & Training. Both offerings will assist B2B organizations in staying secure and compliant while they continue to grow and innovate. Staying on top of…

Read more →

OneSpan announced the launch of OneSpan Notary, a next-generation, all-in-one, cloud-connected solution that enables organizations to transform the way notaries and customers complete agreements and notarize documents in a secure and trusted environment. OneSpan Notary was co-designed in collaboration with…

Read more →

Perimeter 81 has unveiled a successful integration with ConnectWise. Perimeter 81’s platform, which empowers MSPs to deliver network security solutions to SMB and SME clients, is now integrated with ConnectWise PSA (formerly ConnectWise Manage). The certified integration optimizes efficiency for…

Read more →

Each year at the end of January, internet users are deluged with advice on how to keep their data protected and reclaim their online privacy. What started as Data Privacy Day has now become a Week, to match our increasing…

Read more →

Quantum computing has surged in popularity recently, with its revolutionary computational capabilities transforming the technology sector. While some are skeptical of its real-world potential, others are more visionary about its future. In this Help Net Security video, Vanesa Diaz, CEO…

Read more →

Cloud environments and application connectivity have become a critical part of many organizations’ digital transformation initiatives. In fact, nearly 40% of North American and European-based enterprises adopted industry-specific cloud platforms in 2022. But why are organizations turning to these solutions…

Read more →

Job seekers, students, and career changers around the world want to pursue roles related to science, technology, engineering, and mathematics (STEM) across different industries, but say they are not familiar with career options, according to IBM. At the same time,…

Read more →

High-risk users represent approximately 10% of the worker population and are found in every department and function of the organization, according to Elevate Security research. High-risk users represent a sizable threat to the organization Additionally, the study made several unexpected…

Read more →

Open Systems has redefined the managed detection and response (MDR) market with the launch of Ontinue, its new MDR division. Ontinue is the managed extended detection and response (MXDR) provider that leverages AI-driven automation, human expertise and the Microsoft security…

Read more →

Veeam Software has released the Veeam Data Platform, a single platform delivering more advanced data security, recovery and hybrid cloud capabilities. The Veeam Data Platform, which includes Veeam Backup & Replication (VBR) v12, provides secure backup and recovery that keeps…

Read more →

Styra Load advances the capabilities of Open Policy Agent (OPA), and alleviates the effects of data-heavy authorization while reducing infrastructure costs and increasing authorization performance for platform engineering teams. Purpose-built for enterprises managing authorization with large data sets, Styra Load…

Read more →

FireMon unveils FireMon Policy Analyzer, a complimentary firewall assessment tool that provides organizations with a comprehensive diagnostic report outlining the health of a firewall policy, complete with best practices and suggestions to improve their security posture. According to Gartner, 99%…

Read more →

Check Point has introduced Check Point Infinity Spark, a threat prevention solution that delivers AI security and integrated connectivity to small and medium-sized businesses (SMBs). Infinity Spark offers enterprise grade security across networks, email, office, endpoint, and mobile devices. With…

Read more →

GoSecure has released Titan Identity, a solution combining technology with a managed service to provide a cost-effective, deployable solution that enables organizations to improve credential theft response times. Threat actors have many techniques to abuse identity services like Active Directory…

Read more →

Together, LogRhythm and Trend Micro are empowering security teams to confidently navigate a changing threat landscape and quickly secure their environments. The combined solution allows security teams to pull threat data from multiple sources, correlate the data, and automate a…

Read more →

Deepwatch has unveiled a total of $180 million in equity investments and strategic financing from Springcoast Capital Partners, Splunk Ventures and Vista Credit Partners, a subsidiary of Vista Equity Partners and strategic credit and financing partner focused on the enterprise…

Read more →

CompTIA has reported that up to 2,000 people across the country, from communities that are underrepresented in technology, will be trained to work as technical support and help desk professionals as part of its new workforce development program. CompTIA’s new…

Read more →

Quantinuum has unveiled that Rajeeb (Raj) Hazra has been appointed to the role of CEO of Quantinuum, effective immediately. In stepping down, current Quantinuum CEO Ilyas Khan will remain a leader in the company. He remains a member of the…

Read more →

Last week, the Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, announced Jeff Reich as the organization’s new Executive Director. This was…

Read more →

Adam Shostack, the author of “Threat Modeling: Designing for Security”, and the co-author of “The New School of Information Security”, recently launched his new book – “Threats: What Every Engineer Should Learn From Star Wars”. In this Help Net Security…

Read more →

Another year of high-profile cyberattacks, another year of beating the cybersecurity drums. Clearly, we’re missing a few notes. Attack surface management (ASM) is a make or break for organizations, but before we get to the usual list of best practices,…

Read more →

SynSaber has launched OT PCAP Analyzer tool that allows users to view a high-level breakdown of the device and protocol information contained within a packet capture (PCAP) file. SynSaber’s OT PCAP Analyzer provides visibility into a snapshot of your network…

Read more →

Akamai Technologies has launched Akamai Connected Cloud, a massively distributed edge and cloud platform for cloud computing, security, and content delivery that keeps applications and experiences closer and threats farther away. Akamai also announced new strategic cloud computing services for…

Read more →

ThreatBlockr introduced major updates and features to its platform. The release improves flexibility, control, and visibility, with key updates including list consolidation, simplified policy configuration, easier protection of networks and ports, improvements to management systems and simplified access controls. These…

Read more →

CyberSaint’s Executive Dashboard allows CISOs to present their cyber risk posture to the rest of the C-suite and Board of Directors in a credible, financially quantifiable manner that enables informed decision-making. The Executive Dashboard is just the latest in a…

Read more →

Finite State has released its Next Generation Platform featuring extended SBOM management with the ability to ingest and aggregate 120+ external data sources. The new platform gives Application and Product Security teams a unified and prioritized risk view with unprecedented…

Read more →

There is a definite trend of MSPs shifting into security. There are a number of very good reasons for this, including the fact that other services traditionally offered are becoming commoditized, as well as the increasing threat that SMEs and…

Read more →

Resecurity has partnered with CSG (Centre Systems Group) to accelerate channel sales growth in UAE and enable CSG to offer a Cyber Threat Intelligence (CTI), Dark Web Monitoring (DWM), Digital Risk Management (DRM), Fraud Prevention (FP) and Identity Protection (IDP)…

Read more →

Ping Identity has formed a new strategic alliance with Deloitte to help the organizations’ shared clients improve advanced Identity Access Management (IAM) Solutions selection and onboarding. Through the alliance, Ping and Deloitte’s shared clients will be able to streamline digital…

Read more →

Elastic has appointed Mathew Donoghue as Chief Marketing Officer (CMO) effective February 13, 2023 to drive scalable growth across the company’s $88 billion total addressable market (TAM) by leveraging innovative solutions and a customer-first approach. As the leader of the…

Read more →

DirectDefense has unveiled that Christopher Walcutt has been promoted to Chief Security Officer (CSO), effective immediately. Walcutt will ensure consistent and high-quality information security management throughout the organization. Additionally, he will partner with internal teams across all levels, including the…

Read more →

Zscaler acquires Canonic Security to prevent organizations’ growing risks of SaaS supply chain attacks. With the massive migration to the cloud, as organizations are adopting hundreds of SaaS platforms, their users are connecting thousands of third-party applications and browser extensions…

Read more →

The February 2023 Patch Tuesday is upon us, with Microsoft releasing patches for 75 CVE-numbered vulnerabilities, including three actively exploited zero-day flaws (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823). The three zero-days (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823) CVE-2023-21715 a vulnerability that allows attackers to bypass a…

Read more →

Canonical released real-time Ubuntu 22.04 LTS, providing a deterministic response to an external event, aiming to minimise the response time guarantee within a specified deadline. The new enterprise-grade real-time kernel is ideal for stringent low-latency requirements. Enterprises in industrial, telecommunications,…

Read more →

Apple has released security updates that fix a WebKit zero-day vulnerability (CVE-2023-23529) that “may have been actively exploited.” The bug has been fixed in iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3.1, and possibly also in tvOS 16.3.2…

Read more →

“Swiss Army knife” malware – multi-purpose malware that can perform malicious actions across the cyber-kill chain and evade detection by security controls – is on the rise, according to the results of Picus Security’s analysis of over 550,000 real-world malware…

Read more →

Expel managed detection and response (MDR) for Kubernetes enables customers to secure their business across their Kubernetes environment and adopt new technologies at scale without being hindered by security concerns. “Organizations are adopting Kubernetes as a way to help their…

Read more →

Despite the widespread belief that understanding the cyber threat actors who could be targeting their organization is important, 79% of respondents stated that their organizations make the majority of cybersecurity decisions without insights into the threat actor targeting them. While…

Read more →

The number of DDoS attacks we see around the globe is on the rise, and that trend is likely to continue throughout 2023, according to Corero. We expect to see attackers deploy a higher rate of request-based or packets-per-second attacks.…

Read more →

The dire shortage of information security experts has left organizations struggling to keep up with the growing demand for their skills. Still, getting a job in cybersecurity tends to take time and effort. In this Help Net Security interview, Joseph…

Read more →

Recently, I was asked to imagine that I had been granted an hour with top officials at the Cybersecurity and Infrastructure Security Agency (CISA) – what advice would I offer to help it have an even bigger impact in 2023…

Read more →

Three vulnerabilities found in a variety of Korenix JetWave industrial access points and LTE cellular gateways may allow attackers to either disrupt their operation or to use them as a foothold for further attacks, CyberDanube researchers have found. “If such…

Read more →

A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal information or sharing their crypto wallet’s secret recovery phrase. Attention @Namecheap users: be wary of…

Read more →

Let’s face it, security teams are only as good as the next problem they face. But why is keeping up so difficult? New/evolving requirements, lengthy/confusing acronyms, and countless moving parts plague compliance regulations. In this Help Net Security video, Gianna…

Read more →

The concept of zero trust – as a way to improve the security of and access to an organization’s network, systems, and data – has gained traction in recent years. The basic premise is that no user or device should…

Read more →

Cybercriminals remained active in spying and information stealing, with lottery-themed adware campaigns used as a tactic to obtain people’s contact details, according to Avast. Threats using social engineering to steal money, such as refund and invoice fraud and tech support…

Read more →

Recently, at Cybertech Tel Aviv 2023, I met with Luigi Lenguito, CEO at Bfore.AI, who introduced me to their technology. In this Help Net Security interview, Lenguito talks about threat prevention challenges and how his company can predict cyber attacks…

Read more →

Integreon has unveiled the development of CyberHawk-AI, an advanced automated technology that utilizes artificial intelligence (AI) to streamline the process of extracting and analyzing sensitive data following cyber breaches. This technology will be integrated into their cyber response workflow to…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: While governments pass privacy laws, companies struggle to change In this Help Net Security interview, Bill Tolson, VP of Compliance and eDiscovery at Archive360, discusses…

Read more →

CyberData Pros has partnered with Ketch to provide data security and compliance services for clients worldwide. CyberData Pros specializes in data security, compliance, consulting, and due diligence, allowing their analysts to provide solution-oriented awareness and implementation routes to help with…

Read more →

US and South Korean agencies have issued a joint cybersecurity advisory describing the tactics, techniques and procedures used by North Korean hackers to deploy “state-sponsored” ransomware on hospitals and other organizations that can be considered part of the countries’ critical…

Read more →

Patch Tuesday falls on Valentine’s Day this year but will it be a special date? While there have been ongoing cyber-attacks of all kinds, it has been relatively quiet on the release of new patches from Microsoft. Expect that trend…

Read more →

Popular social news website and forum Reddit has been breached (again) and the attacker “gained access to some internal docs, code, as well as some internal dashboards and business systems,” but apparently not to primary production systems and user data.…

Read more →

75% of the organizations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average potential costs of more than $1 million for their most expensive attack, according to a new…

Read more →

Are ageing technologies and infrastructure threatening the security and productivity of your business? A recent investigation by the National Audit Office (NAO – UK’s independent public spending watchdog) revealed that the Department for Environment, Food and Rural Affairs is relying…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Cequence Security, Deepwatch, Neustar Security Services, OPSWAT, and SecuriThings. OPSWAT MetaDefender Kiosk K2100 secures critical networks in challenging environments The OPSWAT MetaDefender Kiosk K2100 is…

Read more →

SecuriThings announced a new Managed Service Platform for the physical security space that enables managed service providers to manage, visualize and maintain customer environments from a single pane of glass. Organizations across the globe invest extensively in buying and installing…

Read more →

Strike Graph has integrated a new solution which allows customers to go through security audits powered by technology at a fraction of the cost and time. This new streamlined offering was made available in 2022 and resulted in over 80%…

Read more →

Acalvio launched Identity Threat Detection and Response (ITDR) solution that offers identity attack surface area visibility and management, and Active Defense against identity threats. By incorporating Active Defense, Acalvio’s ITDR solution changes the environment to not only catch and counter…

Read more →

SentryBay adds to its family of Armored Client products with a solution specifically designed to address the client-side security gaps of Microsoft Azure Virtual Desktop and Windows 365 – while harnessing the strengths of Intune. Users of endpoint devices that…

Read more →

N-able launched N-able Managed Endpoint Detection and Response (Managed EDR), a threat monitoring, hunting, and response service designed for MSPs that have standardized on N-able Endpoint Detection and Response (EDR). Managed EDR supplements EDR with dedicated managed security services. Powered…

Read more →

IT and security teams are consolidating management and security functions to help better deliver new applications to end users, improve regulatory compliance, and reduce cyberattacks resulting from poor coordination between endpoint security and management teams, according to Syxsense. Endpoint security…

Read more →

Socure has joined the FIDO (Fast IDentity Online) Alliance to advance identity verification standards that make it easy to verify identity online and protect against identity fraud across industries. Socure’s mission is to verify 100% of good identities in real-time…

Read more →

Adaptive Shield has partnered with Datadog to provide joint customers with the ability to stream and visualize SaaS security alerts from Adaptive Shield. For all SaaS apps, users, and associated devices, the Adaptive Shield platform continuously monitors and immediately identifies…

Read more →

With Veza and GitHub integration, Veza customers who use GitHub can now keep company IP out of the hands of threat actors by managing access permissions to the organization’s codebase. Identity-related attacks continue to be the top culprit behind data…

Read more →

ASCON is the name of the group of lightweight authenticated encryption and hashing algorithms that the U.S. National Institute of Standards and Technology (NIST) has chosen to secure the data generated by Internet of Things (IoT) devices: implanted medical devices,…

Read more →

As a new year commences, it’s not unusual for people to take the opportunity to adopt better practices and principles and embrace new ways of thinking in both their personal and professional lives. Software development teams always strive to master…

Read more →

Between July–December 2022, the median open rate for text-based business email compromise (BEC) attacks was nearly 28%, according to Abnormal Security. Business email and supply chain compromise as attack strategies Additionally, of the malicious emails that were read, an average…

Read more →

Russia’s invasion of Ukraine continues to have a major impact on energy prices, inflation, and cyberthreats, with the ransomware scene experiencing some of the biggest shifts, according to ESET. “The ongoing war in Ukraine has created a divide among ransomware…

Read more →

The popular notion might view the rail industry as a laggard compared to auto or high-tech manufacturing when embracing Industry 4.0. Yet railways are increasingly dependent on sophisticated connected systems to enhance efficiency and customer satisfaction. Rail industry needs to…

Read more →

TikTok and Lensa AI have sparked worldwide conversations on the future of social media and consumer data privacy. In this Help Net Security video, Rick McElroy, Principal Security Strategist at VMware, offers a perspective on these trends, including tips on…

Read more →

Skybox Security appoints Mordecai Rosen as Chief Executive Officer and closes $50 million in financing from CVC Growth Funds, Pantheon, and J.P. Morgan. Mr. Rosen is a seasoned security technology executive with over 25 years of experience and will focus…

Read more →

Opscura has received $9.4M in Series A funding as it scales to engage further U.S. partners and customers seeking to protect and connect their critical operations. Founded in Spain as Enigmedia, the new global entity Opscura is also launching a…

Read more →

Appdome has released the first Appdome Orb for CircleCI as part of the Appdome Dev2Cyber Agility Partner Initiative to accelerate delivery of secure mobile apps globally. The new Appdome Build_2Secure Orb for CircleCI integrates directly into the CircleCI CI/CD platform,…

Read more →

Riskonnect has enhanced its Business Continuity and Resilience solution through a partnership with OnSolve. Riskonnect will utilize OnSolve’s Risk Intelligence to offer a new Threat Intelligence module to provide resilience leaders the ability to monitor global threats in real time…

Read more →

SonarSource has launched SonarQube 9.9 Long-Term Support (LTS) that empowers organizations to achieve the Clean Code state securely and at scale. With accelerated pull request analysis, support for building and deploying secure cloud-native applications, enterprise-grade capabilities, and many innovations related…

Read more →