ImmuniWeb has launched the new Discovery Phishing Websites Takedown service which takes down malicious and phishing websites in just one click to reduce the risks of surging phishing campaigns that aptly exploit human error. Both the number and success rate of phishing attacks are skyrocketing: 74% of organizations fell victim to successful phishing attacks last year, whilst 54% of the phishing incidents led to a compromise of customer data or other sensitive information. To tackle … More →

The post ImmuniWeb launches service for discovery and take down of phishing websites appeared first on Help Net Security.

LastPass and its affiliate GoTo (formerly LogMeIn) have announced that they suffered a security incident and, in LastPass’ case, a possible data breach. “Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service,” GoTo CEO Paddy Srinivasan noted, and explained that the third-party cloud storage service in question is shared by GoTo, a cloud-baser SaaS provider of remote work collaboration and IT management tools, and … More →

The post LastPass, GoTo announce security incident appeared first on Help Net Security.

72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from over 500 million tests. A vulnerability that’s difficult to eradicate When Log4Shell was discovered in December 2021, organizations around the world scrambled to determine their risk. In the weeks following its disclosure, organizations significantly reallocated resources and invested tens of thousands of hours to identification and remediation efforts. One federal … More →

The post A year later, Log4Shell still lingers appeared first on Help Net Security.

When the Federal Trade Commission (FTC) releases new regulations or changes to existing ones, the implications may not be obvious to the average business or company employees. The FTC and privacy The FTC is a federal agency that protects consumers from fraudulent, deceptive, and unfair business practices. The Commission, often in collaboration with other regulatory agencies such as the United States Department of Justice and Attorney General, has enforcement authority and other responsibilities under more … More →

The post Cybersecurity engineering under the Federal Trade Commission appeared first on Help Net Security.

Lookout researchers have discovered nearly 300 Android and iOS apps that trick victims into unfair loan terms, exfiltrate excessive user data from mobile devices, and then use it to pressure and shame the victims for repayment. Aimed at consumers in developing countries – Colombia, India, Indonesia, Kenya, Mexico, Nigeria, the Philippines, Thailand, and Uganda – the apps and their operators are taking advantage of victims’ inability to qualify for a traditional loan. Android and iOS … More →

The post Predatory loan mobile apps grab data, harass users and their contacts appeared first on Help Net Security.

A recent report from the US Government Accountability Office (GAO) has shown that K-12 educational institutions are reluctant to report cyber incidents as they fear they would be penalized. During the fiscal year of 2022, FSA received 409 incident reports, which was down from 460 of the previous year. This isn’t a sign of reduced incidents occurring, but a sign of reduced reporting of incidents. In this Help Net Security video, Stan Golubchik, CEO at … More →

The post Why are K-12 educational institutions reluctant to report cyber incidents? appeared first on Help Net Security.

Defense contractors hold information that’s vital to national security and will soon be required to meet Cybersecurity Maturity Model Certification (CMMC) compliance to keep those secrets safe. Nation-state hackers are actively and specifically targeting these contractors with sophisticated cyberattack campaigns. A shocking 87% of contractors have a sub-70 Supplier Performance Risk System (SPRS) score, the metric that shows how well a contractor meets Defense Federal Acquisition Regulation Supplement (DFARS) requirements. DFARS, which has been law … More →

The post Federal defense contractors are not properly securing military secrets appeared first on Help Net Security.

A new report conducted by Enterprise Strategy Group (ESG) highlights why today’s security teams find it increasingly difficult to detect and stop cyber threats targeting their organizations. The research found that 70% of organizations have fallen victim to an attack that used encrypted traffic to avoid detection. 45% admitted they’ve fallen victim multiple times. Worryingly, 66% still don’t have visibility into all their encrypted traffic, leaving them highly vulnerable to further encrypted attacks. The report … More →

The post Security pros feel threat detection and response workloads have increased appeared first on Help Net Security.

Here’s a look at the most interesting products from the past month, featuring releases from: Abnormal Security, Acronis, Bearer, Bitdefender, Clumio, Cohesity, Flashpoint, Forescout, ForgeRock, ImmuniWeb, Keyo, Lacework, LOKKER, Mitek, NAVEX, OneSpan, Persona, Picus Security, Qualys, SecureAuth, Solvo, Sonrai Security, Spring Labs, Tanium, Tresorit, and Vanta. Qualys TotalCloud with FlexScan helps enterprises strengthen cloud-native security Qualys announced TotalCloud with FlexScan delivering cloud-native VMDR with Six Sigma Accuracy via agent and agent-less scanning for comprehensive coverage … More →

The post Infosec products of the month: November 2022 appeared first on Help Net Security.

Delinea announced the latest release of Cloud Suite, its solution that controls privileged access and authorization for on-premise and cloud servers. A new granular privilege elevation workflow allows users to request elevated privileges to execute specific commands or command sets that require full administrator rights. New functionality also enables administrators to assign privileged roles on Linux servers with more detailed control, helping to ensure that productivity does not compromise security. According to the 2022 VMWare … More →

The post Delinea unveils granular privilege elevation workflow for on-premise and cloud servers appeared first on Help Net Security.

Sophos has released Sophos Managed Detection and Response (MDR) with new threat detection and response capabilities. Sophos is the endpoint security provider to integrate vendor agnostic telemetry from third-party security technologies into its MDR offering, providing visibility and detection across diverse operating environments. Sophos also introduced the Sophos Marketplace and $1 million Sophos Breach Protection Warranty. The need for MDR services and specialized defenders has never been greater, as shown in new research, “LockBit 3.0 … More →

The post Sophos introduces new threat detection and response capabilities within its MDR offering appeared first on Help Net Security.

Viral Nation launches VN Secure, an AI-powered solution for screening social media conduct across major platforms and all media types to help companies mitigate reputation risk and potential brand crises. Built for medium-to-large enterprises and public sector organizations, VN Secure enables marketing, communications, HR and legal teams, among others, to screen and monitor social media activity of brand advocates, sponsored influencers, executives and employees, to ensure online behavior is aligned with core values. The meteoric … More →

The post Viral Nation launches VN Secure to empower companies to monitor social media activity appeared first on Help Net Security.

Amazon Web Services (AWS) has unveiled AWS Supply Chain, a new application that helps businesses increase supply chain visibility to make faster, more informed decisions that mitigate risks, lower costs, and improve customer experiences. AWS Supply Chain combines and analyzes data across multiple supply chain systems so businesses can observe their operations in real-time, find trends more quickly, and generate more accurate demand forecasts that ensure adequate inventory to meet customer expectations. Based on nearly … More →

The post AWS Supply Chain helps businesses optimize supply chain processes appeared first on Help Net Security.

Adaptive Shield announced new capabilities to discover and monitor 3rd party apps connected to the core SaaS stack. With this new capability, Adaptive Shield is minimizing the risk that SaaS-to-SaaS, also known as 3rd party app access, presents. Security teams can now quickly and easily manage sanctioned apps and discover unsanctioned apps that have access to the company’s data. Today’s modern workforces rely on SaaS apps to run their business — and employees in pursuit … More →

The post Adaptive Shield reduces supply chain risks with SaaS-to-SaaS capabilities appeared first on Help Net Security.

Datadog launches Universal Service Monitoring, which automatically detects all microservices across an organization’s environment and provides instant visibility into their health and dependencies—all without any code changes. Services are independent units of code that perform specific business functions and are accessible through an API. Visibility into these services is essential for organizations to monitor and assess the overall health of the applications that depend on them. However, if these services cannot be instrumented, either because … More →

The post Datadog Universal Service Monitoring discovers and maps all microservices appeared first on Help Net Security.

Wib announced an API PenTesting-as-a-Service (PTaaS) designed to help organizations proactively cover the latest PCI-DSS 4.0 mandates for testing application security, APIs, and vulnerabilities in Business Logic. According to Gartner, 90% of web-enabled applications will expose more attack surface via APIs than in the user interface (UI), and API abuses will become the most-frequent attack vector. In recognition of this changing attack landscape, Wib’s PTaaS solution supports the evolving requirements for frameworks such as PCI … More →

The post Wib API PTaaS provides validation of API security posture appeared first on Help Net Security.

Starburst launches foundational Data Products capabilities for its managed service, Starburst Galaxy. New data and schema discovery and data privileges capabilities simplify and streamline the traditional Extract, Transform, Load (ETL) process for the curation of Data Products, accelerating data querying, access and analytics across the organization. The foundational Data Products capabilities are now available in public preview. Data volumes and use are exploding across industries. Connected internet of things (IoT) devices are expected to generate … More →

The post Starburst Galaxy enhancements accelerate data querying appeared first on Help Net Security.

Codenotary has released TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lamda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code. Until now, SBOM generation for serverless apps was nearly impossible. With TrueSBOM, applications self-report their components so that the SBOM always remains up-to-date. That is really the only way to create an SBOM for serverless … More →

The post Codenotary announces TrueSBOM for Serverless, a self-updating SBOM appeared first on Help Net Security.

Varonis has launched its public vulnerability disclosure program via HackerOne. The VDP enables the entire HackerOne community to report potential security issues related to Varonis’ corporate and cloud environments, including Varonis SaaS products. Varonis CISO Guy Shamilov said, “Varonis has had tremendous success with our private bug disclosure program, and the logical next step for us is to partner with HackerOne, the undisputed leader in vulnerability coordination and bug bounty management.” “Varonis has always remained … More →

The post Varonis and HackerOne launch vulnerability disclosure program appeared first on Help Net Security.

BigID has expanded partnership with Wiz to bring together Cloud-Native Application Protection (CNAPP) and Data Security Posture Management (DSPM) to reduce cloud risk and accelerate cloud security strategies. The partnership enables customers to continuously monitor for critical data exposure to help prevent breaches. Customers can take a data-driven approach when automating security controls in the cloud: making it easy to prioritize risk management based on deep data insight, with the granularity customers need to both … More →

The post Wiz and BigID expand collaboration to boost cloud security strategies appeared first on Help Net Security.