(IN)SECURE Magazine Notifications RSS

Deep Instinct is continuing its strategic expansion into EMEA, contracting with T-Systems (Poland) to utilize and distribute Deep Instinct’s protection to its customers. Deep Instinct also signed strategic partnership agreements with Cyber Monks and Spinnakar to distribute Deep Instinct’s deep learning-based solution across the region. Leading Deep Instincts’ EMEA expansion is Brooks Wallace, VP Sales EMEA, a veteran cybersecurity sales leader with over 20 years of experience in building sales teams. Wallace will oversee the … More →

The post Deep Instinct contracts with T-Systems to continue expansion into EMEA appeared first on Help Net Security.

IRONSCALES announced it has closed an $8 million Series B extension led by Chicago-based venture and growth capital firm Jump Capital. The additional funding will add to the $15 million previously contributed by current investor K1 Investment Management. IRONSCALES plans to use the funding to further accelerate its aggressive growth strategy through market expansion and ongoing research and development of its email security platform. As a result of the partnership, Jump Capital Partner Saurabh Sharma … More →

The post IRONSCALES raises $8M to support email security research and development, accelerate growth appeared first on Help Net Security.

LitLingo Technologies announces that it has closed a $2 million seed round led by LiveOak Venture Partners. Krishna Srinivasan, Founding Partner at LiveOak, will join the Board of Directors of the company. The funds will be used to expand its product and engineering teams in order to accelerate growth. LitLingo was formed in 2019 to develop a new approach to help legal and compliance executives and operational leaders prevent unforced errors in communications and allow … More →

The post LitLingo raises $2M to expand its product and engineering teams, accelerate growth appeared first on Help Net Security.

Need a tool to check your Python-based applications for security issues? Facebook has open-sourced Pysa (Python Static Analyzer), a tool that looks at how data flows through the code and helps developers prevent data flowing into places it shouldn’t. How the Python Static Analyzer works Pysa is a security-focused tool built on top of Pyre, Facebook’s performant type checker for Python. “Pysa tracks flows of data through a program. The user defines sources (places where … More →

The post Facebook open-sources a static analyzer for Python code appeared first on Help Net Security.

A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands with system level privileges on the target Windows host. About ManageEngine ADSelfService Plus ManageEngine ADSelfService Plus is developed by ManageEngine, a division of Zoho Corporation, a software development company that focuses on web-based business tools and information technology. “ADSelfService Plus supports self-service password reset for WFH and remote users by enabling users to reset Windows … More →

The post Critical ManageEngine ADSelfService Plus RCE flaw patched appeared first on Help Net Security.

If Paul Newman’s Cool Hand Luke character were to address the security industry, his opening line would likely be: “What we have here is a failure to correlate.” Today, one of the major deficiencies affecting security is not a lack of data or even an aggregation of data, but the central problem is one of correlating data and connecting the dots to find otherwise hidden traces of attack activity. While many organizations have a SIEM, … More →

The post The precision of security undermined by a failure to correlate appeared first on Help Net Security.

Internal investigations in corporations are typically conducted by the human resources (HR) department, internal compliance teams, and/or the IT department. Some cases may also require the involvement of outside third parties like forensic experts, consultants, law or accounting firms, or security experts. These are often complex matters from a legal, process and technical perspective. Depending on the nature and extent of the potential misconduct, the stakes can be very high, with risks that include legal … More →

The post Internal investigations are changing in the age of COVID-19 appeared first on Help Net Security.

To accommodate remote work policies amid COVID-19, companies have increasingly adopted the public cloud to support off-site business continuity. A MarketsandMarkets analysis found that due to the impact of the current crisis, the cloud market is expected to grow from $233 billion in 2019 to $295 billion by 2021. The transition to remote work by organizations across the globe is not temporary. Companies are realizing that employees are just as productive working from home or … More →

The post Why the rapid transition to cloud demands that DevOps shift left appeared first on Help Net Security.

Cybercriminals are increasingly registering accounts with legitimate services, such as Gmail and AOL, to use them in impersonation and BEC attacks, according to Barracuda Networks. BEC attacks impact thousands of organizations In their most recent threat spotlight report, Barracuda researchers observed that 6,170 malicious accounts that have used Gmail, AOL and other email services, have been responsible for over 100,000 BEC attacks which have impacted nearly 6,600 organizations. What’s more, since April 1, these ‘malicious … More →

The post 6,600 organizations bombarded with 100,000+ BEC attacks appeared first on Help Net Security.

As IT teams across the country struggle with smaller budgets and staffing shortages, every industry has seen a rising demand for standardized process and automation to quickly address pressing needs, according to Redgate. Increasing need for DevOps in healthcare In the healthcare sector, the pandemic has forced IT to work under pressure to quickly develop and deliver effective telehealth services, while also facilitating access to electronic health records and other sensitive patient data to ensure … More →

The post DevOps is transforming database development in the healthcare sector appeared first on Help Net Security.

Datadog has acquired Undefined Labs, a testing and observability company for developer workflows. This acquisition extends Datadog’s existing platform into development environments and will provide organizations with better tooling and monitoring in continuous integration and deployment (CI/CD) workflows. “In modern distributed systems, even small changes can have a big impact on applications’ performance and availability,” said Ilan Rabinovitch, Vice President, Product and Community at Datadog. “By enabling observability early in the development cycle, we can … More →

The post Datadog has acquired Undefined Labs, a testing and observability company for developer workflows appeared first on Help Net Security.

Avaya updated its branding architecture to align its portfolio under the Avaya OneCloud name. The evolved branding reflects the company’s multi-cloud application ecosystem, and its acceleration in bringing new solutions to market delivering the future of customer and employee experiences. Avaya OneCloud encompasses the entire Avaya portfolio, offering rich capabilities across contact center, unified communications, collaboration and CPaaS. Solutions and products are now categorized into three focus areas: Avaya OneCloud CCaaS, Avaya OneCloud UCaaS and … More →

The post Avaya updated its branding to align its portfolio under the Avaya OneCloud name appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news and articles: August 2020 Patch Tuesday forecast: Planning for the end? There doesn’t seem to be an end in sight to the COVID-19 crisis, but there are some important end-of-life/end-of-support dates we should be aware of when it comes to software. Researchers flag two zero-days in Windows Print Spooler Researchers found a way to bypass the patch for CVE-2020-1048 and re-exploit the vulnerability on … More →

The post Week in review: Free security tools, TeamViewer flaw, Patch Tuesday forecast appeared first on Help Net Security.

In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach Labs. A month later, the two researchers found a way to bypass the patch and re-exploit the vulnerability on the latest Windows version. Microsoft assigned this vulnerability a new identification number – CVE-2020-1337 – and will patch it on August 2020 Patch Tuesday. They’ve also discovered a DoS flaw affecting … More →

The post Researchers flag two zero-days in Windows Print Spooler appeared first on Help Net Security.

There doesn’t seem to be an end in sight to the COVID-19 crisis, but there are some important end-of-life/end-of-support dates we should be aware of when it comes to software. Before we dig into this month’s forecast of updates, I want to spend a little time on the importance of planning ahead to avoid the high costs associated with extended support contracts, or sometimes worse, modifying your network environment to mitigate risks. Remember when Windows … More →

The post August 2020 Patch Tuesday forecast: Planning for the end? appeared first on Help Net Security.

Radiflow launches CIARA, a ROI-driven risk assessment and management platform for industrial organizations CIARA is a fully automated tool for assets data collection, data-driven analysis and transparent risk metrics calculation including risk scoring per zone and business process based on business impact. The new platform is a response to the growing digitization of the production floor that has led to rising tide of cyber threats. Fortinet unveiled the FortiGate 4400F, a firewall capable of securing … More →

The post New infosec products of the week: August 7, 2020 appeared first on Help Net Security.

Guardicore unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation (BAS) tool that maps to the MITRE ATT&CK knowledge base and tests network adherence to the Forrester Zero Trust framework. Infection Monkey is a self-propagating testing tool that hundreds of information technology teams from across the world use to test network adherence to the zero trust framework, and find weaknesses in their on-premises and cloud-based data centers. Over the past … More →

The post Open source tool Infection Monkey allows security pros to test their network like never before appeared first on Help Net Security.

Findings from Link11’s H1 2020 DDoS Report reveal a resurgence in DDoS attacks during the global COVID-19 related lockdowns. In April, May and June 2020, the number of attacks registered by Link11’s Security Operations Center (LSOC) averaged 97% higher than the during the same period in 2019, peaking at a 108% increase in May 2020. Key findings from the annual report include: Multivector attacks on the rise: 52% of attacks combined several methods of attack, … More →

The post DDoS attacks in April, May and June 2020 double compared to Q2 2019 appeared first on Help Net Security.

Could organizations recoup their share of more than $1 billion per quarter by moving away from legacy solutions to cloud-native patch management and endpoint hardening? A new report from Sedulo Group says yes. The 2020 TCO Study of Microsoft WSUS & SCCM report shows organizations using Microsoft endpoint management for patching and hardening spend nearly 2x as much as organizations using SaaS-based patch management platforms. Microsoft System Center Configuration Manager (SCCM) and Microsoft Windows Server … More →

The post What are the benefits of automated, cloud-native patch management? appeared first on Help Net Security.

Smart home tech is marketed to enhance your home and make life easier. However, UK consumers are not convinced that they can trust the privacy and security of these technologies. To better understand consumers perceptions of the desirability of the smart home, researchers from WMG and Computer Science, University of Warwick have carried out a nationally representative survey of UK consumers designed to measure adoption and acceptability, focusing on awareness, ownership, experience, trust, satisfaction and … More →

The post Consumers don’t entirely trust smart home tech appeared first on Help Net Security.