(IN)SECURE Magazine Notifications RSS

Want to know what’s in an open source software component before you use it? Microsoft Application Inspector will tell you what it does and spots potentially unwanted features – or backdoors. About Microsoft Application Inspector “At Microsoft, our software engineers use open source software to provide our customers high-quality software and services. Recognizing the inherent risks in trusting open source software, we created a source code analyzer called Microsoft Application Inspector to identify ‘interesting’ features … More →

The post Microsoft Application Inspector: Check open source components for unwanted features appeared first on Help Net Security.

By improving access to data and taking advantage of them in fundamentally different ways to drive profitability, IT security executives are rapidly changing perceptions of their office. Although making better sense of and use of data may be standard fare in other areas of the enterprise, who knew that modern IoT cybersecurity solutions would become network security’s newest professional lever? Actually, we should have seen it coming, because digital transformation always starts with visibility and … More →

The post IoT cybersecurity’s worst kept secret appeared first on Help Net Security.

Masergy Shadow IT Discovery: Automatically identify unauthorized SaaS applications Masergy Shadow IT Discovery immediately scans and identifies all applications, providing clients visibility through the SD-WAN management portal. Until now, IT departments have had to rely on a variety of endpoint security solutions and guesswork to access this information. The time savings and decreased threat exposure will help IT organizations increase their security posture and keep up with the blind spots created by unsanctioned usage. STEALTHbits … More →

The post New infosec products of the week: January 17, 2020 appeared first on Help Net Security.

Rapidly evolving cybersecurity threats are now commanding the attention of senior business leaders and boards of directors and are no longer only the concern of IT security professionals. A report from University of California, Berkeley’s Center for Long-Term Cybersecurity (CLTC) and Booz Allen Hamilton uses insights gleaned from board members with over 130 years of board service across nine industry sectors to offer guidance for boards of directors in managing cybersecurity within large global companies. … More →

The post How to govern cybersecurity risk at the board level appeared first on Help Net Security.

Worldwide IT spending is projected to total $3.9 trillion in 2020, an increase of 3.4% from 2019, according to the latest forecast by Gartner. Global IT spending is expected to cross into $4 trillion territory next year. “Although political uncertainties pushed the global economy closer to recession, it did not occur in 2019 and is still not the most likely scenario for 2020 and beyond,” said John-David Lovelock, distinguished research vice president at Gartner. “With … More →

The post Worldwide IT spending to total $3.9 trillion in 2020 appeared first on Help Net Security.

SecureLink, the leader in vendor privileged access management (VPAM), released SecureLink for Healthcare to provide hospitals and healthcare organizations a centralized solution for managing privileged access for third-party vendors. It is customized to meet the needs of organizations operating under HIPAA and HITECH regulations and gives network administrators the ability to limit access to specific systems and applications, while providing a full video audit and keystroke logging of sessions. As part of the offering, SecureLink … More →

The post SecureLink simplifies vendors privileged access management for healthcare organizations appeared first on Help Net Security.

Cloudflare, the security, performance, and reliability company helping to build a better Internet, announced it will be offering free security services to help political campaigns in the United States and around the world defend against cyberattacks and election interference. The Cloudflare for Campaigns program will allow any eligible campaign to access a variety of the company’s security services including enhanced firewall protection, denial-of-service (DDoS) attack mitigation, as well as internal data management and security controls. … More →

The post Cloudflare for Campaigns protects political campaigns against cyberattacks and election interference appeared first on Help Net Security.

DataVisor announced the availability of dEdge, an anti-fraud solution that detects malicious devices in real-time, empowering organizations to uncover known and unknown attacks early, and take action with confidence. Fraud detection today spans multiple vectors. With growing adoption of mobile devices and the emergence of the always-on economy, by many measures, when organizations realize that they have been subject to a cyber-attack, it is already too late. Modern fraud detection and prevention require a transformational … More →

The post DataVisor dEdge: Uncover known and unknown attacks early appeared first on Help Net Security.

CloudNine launches CloudNine Collection Manager, a breakthrough data extraction solution from the global electronic discovery technology provider. Installed in minutes, Collection Manager defensibly performs native data collections from Office 365 (O365) email custodians, as well as Microsoft OneDrive cloud storage files. Collection Manager is easy enough for first-time collectors, yet powerful enough for discovery professionals. Collection Manager quickly and securely connects to O365 and OneDrive data sources, including documents linked from email messages, which few … More →

The post CloudNine Collection Manager: Data extraction solution for Office 365 emails and OneDrive files appeared first on Help Net Security.

Micro Focus released Micro Focus AD Bridge 2.0, offering IT administrators the ability to extend Active Directory (AD) controls from on-premises resources, including Windows and Linux devices to the cloud – a solution not previously offered in the marketplace. With AD Bridge 2.0, organizations can leverage existing infrastructure authentication, security as well as policy, in order to simplify the migration of on-premises Linux Active Directory to the cloud, resulting in fully secured and managed Linux … More →

The post Micro Focus AD Bridge 2.0: Extending security policies and access controls to cloud-based Linux appeared first on Help Net Security.

Through partnership with the Defense Digital Service, the U.S. Department of Defense (DoD) and HackerOne, the number one hacker-powered pentesting and bug bounty platform, announced the results of the second Army bug bounty program, ‘Hack the Army 2.0’. The bug bounty challenge ran from October 9, 2019 to November 15, 2019 with more than 60 publicly accessible web assets, including *.army.mil, *.goarmy.mil, and the Arlington Cemetery website for the first time. Bug bounties are monetary … More →

The post 52 hackers participate in ninth U.S. Department of Defense and HackerOne bug bounty program appeared first on Help Net Security.

Very Good Security (VGS), a leader in modern data security and custodianship, announced that it has received a strategic investment from Visa to expand access to VGS’ infrastructure-as-a-service for financial technology companies (fintechs) and large enterprises. Visa joins other notable investors, including Goldman Sachs, Andreessen Horowitz, Vertex Ventures US, and Max Levchin (co-founder of PayPal), in advancing VGS’ mission to provide a better approach to data security, privacy and compliance. Earlier this year, Visa selected … More →

The post Visa invests in VGS to accelerate fintech innovation while advancing data security appeared first on Help Net Security.

Tricentis, the leader in continuous testing for DevOps, announced that it has acquired SpecFlow, the biggest and most trusted BDD solution for .NET developers around the world. SpecFlow’s pragmatic approach to specification-by-example has helped agile development teams improve collaboration with business stakeholders to build and deliver higher quality software. SpecFlow will continue to remain a free, open source offering for the software development and testing communities. SpecFlow+, SpecFlow’s commercial offering, and SpecMap, an Azure DevOps … More →

The post Tricentis acquires SpecFlow to extend support for the open source community appeared first on Help Net Security.

VIVOTEK, the global leading IP surveillance solution provider, and CyberLink, a pioneer of AI and facial recognition technologies, announced they have entered into a strategic partnership, which will integrate CyberLink’s FaceMe AI facial recognition engine into VIVOTEK’s IP surveillance solutions. “Founded in 2000, VIVOTEK has been dedicated to the IP surveillance industry for 20 years. Entering the era of AIoT, we will continue global partnerships to accelerate and enhance video applications by joining forces with … More →

The post CyberLink integrates facial recognition engine into VIVOTEK’s IP surveillance solutions appeared first on Help Net Security.

White Ops, the global leader in bot mitigation verifying the humanity of more than 1 trillion digital interactions per week, announced the appointment of Rhushabh ‘Rush’ Mehta, former Head of Foundational Technology at Audible, an Amazon Company, to White Ops Sr. Vice President of Engineering. In his new role, Rush will lead White Ops’ development efforts to further accelerate the innovation of the White Ops Bot Mitigation platform and associated products including White Ops Advertising … More →

The post White Ops appoints Rhushabh ‘Rush’ Mehta as Sr. VP of Engineering appeared first on Help Net Security.

Code42, the leader in insider threat detection and response, announced the appointment of Kathy Crusco to its board of directors. An enterprise software veteran, she currently serves on the board of directors at QAD, Poly (formerly Plantronics and Polycom), and Calix, and most recently served as chief financial officer at Kony, a cloud-based digital banking application and low-code platform solutions company. “We are pleased to welcome Kathy to Code42’s board of directors,” said Joe Payne, … More →

The post Kathy Crusco joins Code42’s board of directors appeared first on Help Net Security.

Fugue has open sourced Regula, a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations prior to deployment. Regula rules are written in Rego, the open source policy language employed by the Open Policy Agent project and can be integrated into CI/CD pipelines to prevent cloud infrastructure deployments that may violate security and compliance best practices. “Developers design, build, and modify their own cloud infrastructure environments, and they increasingly own the security and … More →

The post Fugue open sources Regula to evaluate Terraform for security misconfigurations and compliance violations appeared first on Help Net Security.

Facebook will (finally!) explicitly tell users who use Facebook Login to log into third-party apps what information those apps are harvesting from their FB account. At the same time, users will be able to react quickly if someone managed to compromise their Facebook accounts and is using their credentials to access other apps and websites. Login Notifications The new feature, called Login Notifications, will deliver notifications to users via the Facebook app and user’s associated … More →

The post Facebook users will be notified when their credentials are used for third-party app logins appeared first on Help Net Security.

Elastic Cloud on Kubernetes (ECK) is moving out of beta and into general availability. As Elastic announced with the alpha release of ECK back in May 2019, the vision for ECK is to provide an official way to orchestrate Elasticsearch on Kubernetes and provide a SaaS-like experience for Elastic products on Kubernetes. Kubernetes has continued to grow in popularity and has become the standard for orchestrating container workloads, and Elastic has seen a growing number … More →

The post Elastic Cloud on Kubernetes 1.0 is now available appeared first on Help Net Security.

As organizations proceed to move their processes from the physical world into the digital, their risk profile changes, too – and this is not a time to take risks. By not including security into DevOps processes, organizations are exposing their business in new and surprising ways. DevOps DevOps has accelerated software development dramatically, but it has also created a great deal of pain for traditional security teams raised up on performing relatively slow testing. Moving … More →

The post Embedding security, the right way appeared first on Help Net Security.