Tag: Help Net Security

Ermetic has extended its Cloud Native Application Protection Platform (CNAPP) with cloud workload protection capabilities that enable customers to detect, prevent and remediate security risks in virtual machines, containers and serverless functions. Using context that spans infrastructure configurations, network, access…

Read more →

Cloud Range has introduced Cloud Range for Critical Infrastructure—the live-fire simulation training specifically designed to proactively train and prepare incident responders (IR) and security operations (SOC) teams in operational technology (OT) and information technology (IT) environments to defend against cyber…

Read more →

Prove Identity appointed Amanda Fennell as the company’s Chief Information Security Officer (CISO) and Chief Information Officer (CIO). Fennell, who most recently served as the CISO & CIO at Relativity, brings over twenty years of security industry experience to the…

Read more →

Iron Bow Technologies acquired GuardSight, a cybersecurity operations as a service (SECOPS), and managed detection and response (MDR) company that serves businesses and organizations across the U.S. The acquisition of GuardSight will enhance Iron Bow’s existing cybersecurity solutions portfolio, combining…

Read more →

Europol supported the German, Dutch and US authorities in taking down the infrastructure of the prolific HIVE ransomware. This international operation involved authorities from 13 countries in total. Law enforcement identified the decryption keys and shared them with many victims,…

Read more →

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available. Ubuntu Pro helps teams get timely CVE patches, harden their systems at scale and remain compliant with regimes such as FedRAMP, HIPAA and PCI-DSS. The…

Read more →

Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. “An attacker could manipulate an existing public x.509 certificate to spoof their identity and perform actions such as authentication or…

Read more →

Tricking users at targeted organizations into installing legitimate remote monitoring and management (RMM) software has become a familiar pattern employed by financially motivated attackers. No organization is spared, not even agencies of the US federal civilian executive branch – as…

Read more →

Open-source software enables better security for both large and small organizations. It is the foundation of today’s society and is found throughout a modern application stack, from the operating system to networking functions. It’s estimated that around 90% of organizations…

Read more →

Malwarebytes has announced the upcoming Malwarebytes Mobile Security for Business, extending its endpoint protection capabilities to professional mobile devices. From corporate organizations to educational institutions, the increasing number of connected mobile devices introduces security risks to users and networks. With…

Read more →

ThreatConnect released ThreatConnect Platform 7.0 designed specifically for TI Ops. The new release increases the effectiveness of threat intelligence analysts and security operations teams by bringing together the power of human analysis, ML-powered analytics and intelligence, and automation. “Legacy approaches…

Read more →

Halo Security recently implemented a new feature to reduce the noise and improve attack surface visibility, helping customers identify active threats in the wild — known exploited vulnerabilities (KEVs) from the Cybersecurity and Infrastructure Security Agency (CISA) catalog — and…

Read more →

A language-generating AI model called ChatGPT, available for free, has taken the internet by storm. While AI has the potential to help IT and security teams become more efficient, it also enables threat actors to develop malware. In this interview…

Read more →

PKWARE has released its newest data discovery and protection solution, PK Secure Email. This Microsoft Outlook add-in automatically discovers sensitive information in email message body, subject line, and attachment and prompts policy-driven protection actions upon sending. Email is a staple…

Read more →

Lupovis has released Prowl, new platform capabilities designed to help security analysts automatically identify bot traffic from malicious human threat actors, to help reduce the time they waste investigating false positives. False positives are flagged by security products that identify…

Read more →

SpyCloud launched Compass, a transformative solution to help enterprises detect and respond to the initial precursors to ransomware attacks. Compass provides definitive evidence that data siphoned by malware infections is in cybercriminals’ hands and provides a comprehensive approach to incident…

Read more →

With continued transition to cloud services to support remote work, the threat of malware continues to grow, expanding each company’s attack surface. The first half of 2022 saw 2.8 billion malware attacks in which more than 270,000 “never-seen-before” malware variants…

Read more →

The first half of 2022 saw fewer compromises reported due in part to Russia-based cybercriminals distracted by the war in Ukraine and volatility in the cryptocurrency markets, according to the Identity Theft Resource Center. However, data compromises steadily increased in…

Read more →

Crypto.com has been certified with ISO 27017 for security in the cloud and ISO 27018 for privacy protection in the cloud as audited by SGS, an internationally-recognized certification authority. These two certifications, both firsts for a digital asset platform, demonstrate…

Read more →

LogicGate has hired Nicholas Kathmann as its CISO to help scale the company’s information security program, manage its external system security, drive platform security innovations and engage with LogicGate customers on security management. “To build on LogicGate’s growth and market…

Read more →

Forescout Technologies has unveiled that Barry Mainz will join the company as CEO, effective immediately. Barry Mainz brings more than 25 years of experience in executive leadership across infrastructure software and cybersecurity companies. Mainz has served as CEO and member…

Read more →

Strata has closed a $26M Series B round of financing led by Telstra Ventures with participation from existing investors Menlo Ventures, Forgepoint Capital and Innovating Capital. The company has developed, Maverics, the distributed identity orchestration platform that enables organizations to…

Read more →

The hackers who breached Riot Games last week are asking for $10 million not to leak the stolen source code for the company’s popular League of Legends online game. The company has also confirmed that source code for TFT (Teamfight…

Read more →

VMware has fixed two critical (CVE-2022-31706, CVE-2022-31704) and two important (CVE-2022-31710, CVE-2022-31711) security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility and intelligent analytics. Reported by Trend Micro’s Zero Day Initiative, none of…

Read more →

According to the FBI’s 2021 Internet Crime Report, business email compromise (BEC) accounted for almost a third of the country’s $6.9 billion in cyber losses that year – around $2.4 billion. In surprisingly sharp contrast, ransomware attacks accounted for only…

Read more →

Quantum computing poses a great opportunity but also a great threat to internet security; certain mathematical problems that form the basis of today’s most popular cryptographic algorithms will be much easier to solve with quantum than with “classical” computers. Recently,…

Read more →

Despite a difficult economic environment, organizations continue to invest in privacy, with spending up significantly from $1.2 million just three years ago to $2.7 million this year, according to Cisco. Yet, 92 percent of respondents believe their organization needs to…

Read more →

The cybersecurity skills shortage is a global problem, but each region – including Europe or, more specifically, the EU – has distinct problems it has to tackle to solve it. In this Help Net Security Dritan Saliovski, Director – Nordic…

Read more →

Datto introduced its second-generation family of cloud managed switches, along with global expansion of the early access for its secure remote access solution, Datto Secure Edge. These new networking solutions complement Datto’s existing product lines of Wi-Fi 6 access points…

Read more →

As part of the Venafi Control Plane for machine identities, TLS Protect for Kubernetes enables security and platform teams to easily and securely manage cloud native machine identities, such as TLS, mTLS and SPIFFE, across all of an enterprise’s multi-cloud…

Read more →

GoTo (formerly LogMeIn) has confirmed on Monday that attackers have stolen customers’ encrypted backups from a third-party cloud storage service related to its Central, Pro, join.me, Hamachi, and RemotelyAnywhere offerings. However, the attackers have also managed to grab an encryption…

Read more →

Apple has released security updates for macOS, iOS, iPadOS and watchOS, patching – among other things – a type confusion flaw in the WebKit component (CVE-2022-42856) that could be exploited for remote code execution on older iPhones and iPads running…

Read more →

ioSafe introduced the ioSafe 1522+, a five-bay network attached storage (NAS) device for businesses of all sizes, including those with remote locations in fire and flood-prone areas. “The 1522+ is the next proof point in our commitment to delivering the…

Read more →

Hillstone Networks latest upgrade of its operating system, Hillstone StoneOS 5.5R10, delivers AI-based threat protection, centralized zero trust control and management, and further simplification of security operations and system optimization, among over 300 new features. The new functionality enhances the…

Read more →

Arctic Wolf launched Arctic Wolf Incident Response (IR) JumpStart Retainer, an incident response offering that helps organizations proactively plan for cyber incidents without losing valuable time to remediation and the high upfront costs of traditional incident response retainers. In the…

Read more →

In this Help Net Security video, Carlos Fernandez, Security Researcher at Sonatype, talks about how their AI system caught packages that attack Python developers with a unique tactic. Sonatype calls them RAT mutants because they’re a mix of remote access…

Read more →

It has been observed that attackers will attempt to start exploiting vulnerabilities within the first fifteen minutes of their disclosure. As the time to patch gets shorter, organizations need to be more pragmatic when it comes to remediating vulnerabilities, particularly…

Read more →

The National Security Agency (NSA) published guidance to help Department of Defense (DoD) and other system administrators identify and mitigate security issues associated with a transition to Internet Protocol version 6 (IPv6). IPv6 Security Guidance highlights how several security issues…

Read more →

In March 2023, Zagreb will be added to the (already long) list of cities where information security professionals and enthusiasts can share their knowledge with peers at a Security BSides conference. We’ve talked with BSidesZG organizer Ante Jurjevic to find…

Read more →

Linor spends her days working with cybersecurity founders at her Venture Capital firm. Gaining insight into their experiences over the course of building these relationships and supporting the brick-laying of their visions, she shares observations on the tough – and…

Read more →

IoT remains the biggest hurdle in achieving an effective zero-trust security posture across an organization. In this Help Net Security video, Denny LeCompte, CEO at Portnox, discusses how IoT has been difficult to profile accurately and why zero trust strategies…

Read more →

The European Union Agency for Cybersecurity (ENISA) has made available Awareness Raising in a Box (AR-in-a-BOX), a “do it yourself” toolbox to help organizations in their quest to create and implement a custom security awareness raising program. The package includes:…

Read more →

An EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of vulnerabilities than organizations not using code scanning tools, while continuous training greatly improved code security…

Read more →

The sheer volume of reported ICS vulnerabilities and CVEs may cause critical infrastructure asset owners to feel overwhelmed, or need help knowing where to begin, according to SynSaber. The report analyzes the 920+ CVEs released by CISA in the second…

Read more →

CyberGRX has released a Predictive Data tool to the Exchange platform’s Attack Scenario Analytics feature. Customers can leverage CyberGRX’s predictive risk intelligence capabilities, which has up to 91% accuracy, to evaluate levels of risk posed by a third party against…

Read more →

Wallarm has launched the Wallarm API Leak Management solution, an enhanced API security technology designed to help organizations identify and remediate attacks exploiting leaked API keys and secrets, while providing on-going protection against hacks in the event of a leak.…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cacti servers under attack by attackers exploiting CVE-2022-46169 If you’re running the Cacti network monitoring solution and you haven’t updated it since early December, now…

Read more →

Vanta has acquired Trustpage to transform trust into a marketable advantage for companies around the world. With the addition of Trustpage, Vanta is accelerating its product innovation and continuing to scale its industry-defining trust management platform for thousands of global…

Read more →

Exterro’s acquisition of Zapproved is the latest step in furthering Exterro’s vision to empower customers to proactively and defensibly manage their legal governance, risk and compliance obligations. It also represents another strategic milestone for Exterro in its partnership with Leeds…

Read more →

Bitwarden’s acquisition of Passwordless.dev comes on the heels of a $100M funding round and allows Bitwarden to equip customers with a strong WebAuthn framework from which to develop custom features and deliver passwordless user experiences. A core part of the…

Read more →

Fingerprint and Ping Identity partnership enables PingOne DaVinci customers to identify devices throughout user journeys, which helps prevent fraud and improve the overall customer experience. Fingerprint joins a growing network of technology partners developing integrations with PingOne DaVinci through the…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from CloudSEK, Devo Technology, Immuta, Varonis, and Zyxel Networks. CloudSEK BeVigil app protects Android users from security risks By providing users with detailed information about the…

Read more →

Cybersecurity professionals are frustrated over how much time and attention they must devote to API security and worried that their defenses still need to be improved, according to Corsha. Researchers recently surveyed over 400 security and engineering professionals to learn…

Read more →

In this Help Net Security video, André Ferraz, CEO at Incognia, discusses the impact of location spoofing and location-based fraud. Any tool that enables users to alter the location information given by their device is known as location spoofing. Scammers…

Read more →

When you support a remote workforce, you risk opening your data, applications, and organization to the world. How can you sleep soundly at night while enabling a modern “work from anywhere” workforce? Acknowledging the inherited security challenges in remote access…

Read more →

Immuta has released its latest product, Immuta Detect. With its continuous data security monitoring capabilities, Immuta Detect alerts data and security teams about risky data access behavior, enabling more accurate risk remediation and improved data security posture management across modern…

Read more →

Arcserve unveiled Arcserve Unified Data Protection (UDP) 9.0, a centrally managed backup and disaster recovery solution that future-proofs every data infrastructure with robust protection for every type of workload. It combines complete data protection, Sophos cybersecurity protection, immutable storage, tape…

Read more →

Hornetsecurity has appointed Irvin Shillingford to run its Northern European regional team. Shillingford brings more than 30 years’ experience of growing cyber and software solutions at key businesses. He has held several senior leadership roles running business development teams while…

Read more →

A source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development. The latest git vulnerabilities CVE-2022-41903 is an out-of-bounds memory write flaw in log formatting and CVE-2022-23251 is a truncated…

Read more →

The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems. Industrial networks and critical infrastructures…

Read more →

SMBs are aware of increasing cyber threats and allocating resources and investing in areas such as network and cloud security, according to Datto. Key takeaways from this survey include: About a fifth of IT budget is dedicated to security and…

Read more →

Businesses widely use cloud applications, a fact not lost on attackers, which view these apps as an ideal home for hosting malware and causing harm. In this Help Net Security video, Ray Canzanese, Threat Research Director at Netskope, talks about…

Read more →

IDrive Backup has enhanced their endpoint backup solution IDrive 360 with the addition of full system backup and mobile backup, enabling users to ensure that all data from all devices within their organization can be completely recovered if a data…

Read more →

Sygnia has expanded its incident response and proactive security services to include a managed extended detection and response (MXDR) service. Sygnia’s MXDR is technology-agnostic and a 24/7 fully managed security operations service that includes monitoring, threat detection, forensic analysis, accelerated…

Read more →

TD SYNNEX has launched a new fraud defense solution, SMB Fraud Defense Click-to-Run, integrating Microsoft Azure services for small and medium business (SMB) customers during a time of increasing threats within cloud environments. The SMB Fraud Defense Click-to-Run solution elevates…

Read more →

Zyxel Networks launched the Zyxel Astra, a new cloud-based endpoint security service that enables SMBs to secure remote users regardless of their location. Designed to address the unique network security challenges presented by hybrid work environments, Astra enables network administrators…

Read more →

nsKnox has unveiled a new funding round of $17 million, bringing its total funding to date to $35.6M. Two new investors, U.S.-based Internet & technology venture capital firm Link Ventures and Harel Insurance & Finance, took a significant part in…

Read more →

Abacus Group acquired two boutique cybersecurity consulting companies, Gotham Security and its parent company, GoVanguard, both of which have unparalleled track records of excellence in the cyber arena. Gotham Security, as the new business will be known, will be a…

Read more →

Forter acquires Immue to not only strengthen the company’s existing fraud management capabilities but add Immue’s domain-specific bot expertise. Bots are used by the most sophisticated fraud operations to monitor and automate purchases from merchant sites. In fact, it’s frequently…

Read more →

Ivanti and Lookout have extended their strategic partnership to now include Lookout Mobile Endpoint Security as part of the Ivanti Neurons automation platform. The combined solution, which also includes Ivanti Go and Ivanti Neurons for Modern Device Management, is a…

Read more →

Two vulnerabilities (CVE-2022-4873, CVE-2022-4874) found in three NetComm router models could be exploited to achieve remote code execution on vulnerable devices, and there’s a public PoC chaining them, CERT/CC has warned. The good news is that they’ve been fixed by…

Read more →

The FBI has recently warned the public about search engine ads pushing malware diguised as legitimate software – an old tactic that has lately resulted in too many malicious ads served to users searching for software, cracked software, drivers –…

Read more →

Geopolitical instability is exacerbating the risk of catastrophic cyberattacks, according to the Global Cybersecurity Outlook 2023 report from the World Economic Forum. The great threat Over 93% of cybersecurity experts and 86% of business leaders believe “a far-reaching, catastrophic cyber…

Read more →

Varonis introduced least privilege automation for Microsoft 365, Google Drive, and Box — a new capability that continuously removes unnecessary data risk without human intervention. This innovation furthers Varonis’ mission to deliver effortless data security outcomes to customers. Unlike other…

Read more →

ChatGPT from OpenAI is a conversational chatbot recently released in preview mode for research purposes. It takes natural language as input and aims to solve problems, provide follow-up questions or even challenge assertions depending on your question. In this Help…

Read more →

In 2022, state-sponsored cyber activity has been drawn into sharp focus, ransomware continued to dominate as the primary threat facing organizations, and there have been several highly publicized incidents. Beyond the headlines, there have been some interesting shifts in both…

Read more →

Companies are challenged with more complex hybrid IT environments. They are raising budgets to fend off cyberattacks and keep up as production environments continue to diversify across various clouds, according to Veeam Software. The result is that IT leaders feel…

Read more →

DigiCert has released DigiCert Trust Lifecycle Manager, a digital trust solution unifying CA-agnostic certificate management and public key infrastructure (PKI) services. Trust Lifecycle Manager integrates with DigiCert’s public trust issuance for a full-stack solution governing seamless management of corporate digital…

Read more →

Devo Technology unveiled Devo DeepTrace, an autonomous alert investigation and threat hunting solution that uses attack-tracing artificial intelligence (AI) to advance how security teams identify attacks, investigate threats and secure their organizations. DeepTrace augments the work security analysts do by…

Read more →

DNS Insights by NS1 unlocks improved reliability, real-time analysis, and cost control by collecting DNS and network metrics at the edge to empower networking professionals as they troubleshoot and optimize infrastructure at scale. DNS Insights arrives at a critical time…

Read more →

Varonis introduced least privilege automation for Microsoft 365, Google Drive, and Box — a new capability that continuously removes unnecessary data risk without human intervention. This innovation furthers Varonis’ mission to deliver effortless data security outcomes to customers. Unlike other…

Read more →

CloudSEK launched the BeVigil app to provide users with detailed information about the security and privacy practices of their mobile apps. With the BeVigil App, users can search for apps by name and view detailed information about the app’s security…

Read more →

If your enterprise is running ManageEngine products that were affected by CVE-2022-47966, check now whether they’ve been updated to a non-vulnerable version because Horizon3’s will be releasing technical details and a PoC exploit this week. GreyNoise has yet to detect…

Read more →

Although cyberattacks have become more common, handling them remains extremely challenging for organizations. Even if things go well on the technical level, incident response (IR) is still a stressful and hectic process across the company; this is the reality of…

Read more →

33% of companies are not providing any cybersecurity awareness training to users who work remotely, according to Hornetsecurity. The study also revealed that nearly 74% of remote staff have access to critical data, which is creating more risk for companies…

Read more →

In this Help Net Security video, MacKenzie Jackson, Developer Advocate at GitGuardian, offers his cybersecurity predictions for 2032. These include: Developers will be a priority target for hacking campaigns Doubling down on MFA bypass Source code security More efforts to…

Read more →

The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s laptop with malware, stealing their 2FA-backed SSO session cookie, and using it to impersonate the employee…

Read more →

If you’re running the Cacti network monitoring solution and you haven’t updated it since early December, now is the time to do it to foil attackers exploiting a critical command injection flaw (CVE-2022-46169). About Cacti and CVE-2022-46169 Cacti is an…

Read more →

There are a variety of roadblocks associated with moving to passwordless authentication. Foremost is that people hate change. End users push back when you ask them to abandon the familiar password-based login page, while app owners resist changing them to…

Read more →

The quality of protected communications matters – a lot. If the sent material is highly sensitive and the legislation and/or policy demands high security, opportunistic encryption might not be enough. For organizations, deciding what email encryption solution to use is…

Read more →

A new Zapata Computing report reveals a deepening commitment from enterprises that points to a maturing industry with widespread, global interest and increased urgency regarding post-quantum cybersecurity threats. The growing interest in quantum is translating into spending, demonstrated by 71%…

Read more →

77% of IT decision makers across the United States and Canada believe their companies are likely to face a data breach within the next three years according to survey results released by Adastra. Survey respondents ranked data security as the…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google is calling EU cybersecurity founders Google announced that the Google for Startups Growth Academy: Cybersecurity program now accepts applications from EU companies. Rackspace ransomware…

Read more →

SpiderOak has raised $16.4M in Series C round led by Empyrean Technology Solutions, a space technology platform backed by funds affiliated with Madison Dearborn Partners. The Series C round included additional investment from Method Capital, and OCA Ventures. The oversubscribed…

Read more →

Crisis24 acquires Topo.ai to further strengthen its support operations, offer a one-stop shop solution with plug and play capabilities, and ensure the highest levels of client satisfaction. Crisis24 provides unrivaled curated intelligence and sophisticated technologies to enable the world’s most…

Read more →

Conceal has unveiled that it is expanding into the Spain, France, Italy, and Portugal MSSP markets through a strategic partnership with Thousand Guards. “Thousand Guards services are aimed at IT security managers and cybersecurity services companies that need to find…

Read more →

With nearly half of today’s enterprises comprised of non-employees, organizations need to factor this growing group of identities into their approach to identity security. With SecZetta, SailPoint will be able to expand its capabilities to help companies gain better visibility…

Read more →

Cloudflare has expanded its relationship with Microsoft to help customers easily deploy, automate, and enhance their organization’s zero trust security. Working from anywhere is more common than ever, and critical applications have moved to the cloud—no longer residing inside an…

Read more →

Onapsis has formed a strategic collaboration with Wipro to drive digital transformation and business growth for customers. Enterprises embarking on their digital transformation journey are often faced with a complex SAP landscape and a limited understanding of how to secure…

Read more →

Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential of using fuzzing to uncover security holes in implementations of cryptographic protocols. CVE-2022-43974 and CVE-2022-42905 CVE-2022-43974 is a buffer…

Read more →