Search results for: software

Dawn Cappelli

OT security: Helping under-resourced critical infrastructure organizations

In this Help Net Security interview, Dawn Cappelli, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are facing, offers advice on how they can overcome obstacles that prevent them improving their cybersecurity posture, and explains how the recently set up OT-CERT she’s heading can help asset owners and operators of industrial infrastructure. [The answers have been lightly edited for clarity] Supply chain risks are compounded … More


Clearview fine: The unacceptable face of modern surveillance

The UK’s Information Commissioner’s Office (ICO) has issued its third largest ever fine of £7.5m. It was imposed on Clearview AI, the controversial facial recognition company that has already been on the wrong end of similar decisions from regulators in Italy, France and Australia. Clearview collected more than 20 billion images of people’s faces from Facebook and other social media platforms. It then sold access to those to private companies and institutions such as police … More

week in review

Week in review: Log4Shell exploitation, DevSecOps myths, 56 vulnerabilities impacting OT devices

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: QNAP NAS devices hit by DeadBolt and ech0raix ransomware Taiwan-based QNAP Systems is warning consumers and organizations using their network-attached storage (NAS) appliances of a new DeadBolt ransomware campaign. Fake voicemail notifications are after Office365, Outlook credentials A phishing campaign using fake voicemail notifications has been and is still targeting various US-based organizations, in an attempt to grab employees’ Office365 … More


Cyware completes SOC 2 Type 2 Compliance for data security

Cyware announces the successful completion of the System and Organization Controls (SOC) 2 Type 2 Audit for the trust services criteria relevant to Security (“applicable trust services criteria”) set forth in TSP section 100, Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria). The achievement highlights the company’s commitment to the highest levels of data security. SOC 2 is a reporting framework created by the American Institute of Certified … More


IOTech Edge XRT 2.0 simplifies the development of time-critical OT applications

IOTech released Edge XRT 2.0, an open software platform designed for time-critical and embedded OT applications at the industrial IoT edge. Edge XRT 2.0 greatly simplifies the development of OT applications and enables faster time-to-market for new edge systems. It is hardware agnostic, independent of the silicon provider (Intel or ARM) and operating system. Users have complete deployment flexibility. They can deploy it as a native application, containerized and/or into a virtualized environment. With its … More


Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns

If your organization is running VMware Horizon and Unified Access Gateway servers and you haven’t implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability (CVE-2021-44228) in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency (CISA) has advised on Thursday. The agency accompanied the warning with detailed technical information and indicators of compromised related to two separate incident response engagements they and the United States Coast Guard … More


SolarWinds Next-Generation Build System improves enterprise software security

SolarWinds unveils its new Next-Generation Build System, a transformational model for software development. The new software build process is a key component of the company’s Secure by Design initiative to make SolarWinds a model for enterprise software security. The software development and build process improvements were made in an accelerated timeline over the past year in response to the highly sophisticated SUNBURST cyberattack, which targeted SolarWinds and other technology companies. The Next-Generation Build System includes … More


Binarly raises $3.6 million to speed up research and development initiatives

Binarly announced $3.6 million in seed funding from WestWave Capital and Acrobator Ventures. Prominent cybersecurity leaders Michael Sutton, Thomas ‘Halvar Flake’ Dullien, Jamie Butler, Ryan Permeh, Bryson Bort, Pedram Amini, Chris Ueland and David Mandel from Emerging Ventures also joined as investors. Binarly is co-founded by security pioneers Alex Matrosov and Claudiu Teodorescu, who previously worked on hardware and software security at NVIDIA, Intel, ESET, BlackBerry, Cylance and FireEye. Matrosov, a highly regarded researcher who … More

office building

Tortuga Logic changes its name to Cycuity to address evolving needs in product security

Tortuga Logic has officially changed its name to Cycuity, introducing a brand identity that marks a new phase in the company’s growth. Cycuity will expand the scope of its vision to support more holistic product security that builds on its status as a leader in hardware security verification. The evolution comes on the heels of a fresh round of investment; Dorilton Ventures joined Eclipse Ventures and others in a round that brings the company to … More

security platform

CompoSecure expands Arculus capabilities to help users manage multiple digital assets

CompoSecure announced the expansion of its Arculus Wallet product capabilities, including NFT support, WalletConnect integration and support of 16 new cryptocurrencies. This significant boost in capabilities enables users to view, send and receive NFTs and connect to the growing DeFi (decentralized finance) market through the WalletConnect integration. “We consistently monitor user feedback in an effort to ensure we deliver the strongest product offering for our customers. We have added a tremendous amount of new functionality … More

security platform

Hillstone Networks ZTNA solution provides organizations with control over their network access

Hillstone Networks introduced its ZTNA solution, the company’s latest offering that provides remote security and network access control. Hillstone’s ZTNA solution takes a zero-trust philosophy and applies it to network infrastructure protection. It works on the concept of least privilege and provides a fine-grained, sophisticated approach to avoid unnecessary application exposure. Hillstone’s ZTNA solution allows for the user identity, device status, environmental context, as well as user behavior and other risk attributes to be taken … More


Traefik Hub enables users to secure and scale their cloud native services

Traefik Labs launched a new cloud service that eliminates the complexity of management and automation of Kubernetes and Docker networking at scale. With Traefik Hub, organizations can instantly publish and secure containers for external access from the internet, all from a single dashboard. In today’s cloud-native world, applications are more distributed than ever before, with services running across increasingly heterogeneous environments and complex technical stack. The need to publish and secure services to make them … More