New infosec products of the week: December 15, 2023

Here's a look at the most interesting products from the past week, featuring releases from Censys, Confirm, Drata, Safe Security, and SpecterOps.
Nemesis: Open-source offensive data enrichment and analytic pipeline.
Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data.
Drata announces Third-Party Risk Management offering to help security teams identify risks.
Drata's TPRM offering provides security teams with a comprehensive tool for identifying, assessing, and continuously monitoring risks and integrating them with internal risk profiles.
This holistic approach ensures a unified, clear view of potential exposures across the entire organization to effectively and efficiently manage third-party risks.
Censys unveils two new product tiers to help researchers enhance their threat hunting work.
Censys announced two new product tiers of its search tool, Censys Search Solo and Censys Search Teams.
These additions are part of a series of strategic initiatives to enhance the security community, including the introduction of Threat Hunting Boot Camps, the Censys Beta Workshop, which provides beta access to CensysGPT and Map to Censys, and significant upgrades to its product infrastructure.
Confirm strenghtens trust and security in online marketplaces.
Using identity protocols paired with intuitive user experiences, Confirm allows people to create a secure, verified digital ID - a ConfirmID - which they can use to prove their identity online without oversharing personal information.
SAFE Materiality Assessment Module identifies top cyber risk scenarios.
The SAFE Materiality Assessment Module provides organizations with an end-to-end materiality journey.
Pre-incident, the module helps organizations define 'Materiality thresholds,' identify top cyber risk scenarios, quantify the potential materiality of these risk scenarios using FAIR-MAM framework, and assess the effectiveness of post-incident response controls.

This Cyber News was published on www.helpnetsecurity.com. Publication date: Fri, 15 Dec 2023 06:13:04 +0000

Cyber News related to New infosec products of the week: December 15, 2023

AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the organization - AuditBoard announced powerful enhancements for its InfoSec Solutions to help organizations meet their IT compliance, cyber risk, and vendor risk management needs in the face of rising risks and increased regulatory requirements. With these new ...
5 months ago Helpnetsecurity.com

Week in review: Apache Struts vulnerability exploit attempt, EOL Sophos firewalls get hotfix - SCS 9001 2.0 reveals enhanced controls for global supply chainsIn this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in ...
10 months ago Helpnetsecurity.com

The Week in Ransomware - With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. Last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it ...
10 months ago Bleepingcomputer.com

January 2024 Patch Tuesday forecast: A Focus on Printing - This article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect. December 2023 Patch Tuesday ...
10 months ago Helpnetsecurity.com

Week in review: MOVEit auth bypass flaws quitely fixed, open-source Rafel RAT targets Androids - Progress quietly fixes MOVEit auth bypass flawsProgress Software has patched one critical and one high-risk vulnerability in MOVEit, its widely used managed file transfer software product. Open-source Rafel RAT steals info, locks Android devices, ...
4 months ago Helpnetsecurity.com

LockBit targets hospitals - We did not see much research released on ransomware this week, with most of the news focusing on new attacks and LockBit affiliates increasingly targeting hospitals. These attacks include ones against Yakult Australia and the Ohio Lottery by the new ...
10 months ago Bleepingcomputer.com

Infosec pros sound off on usefulness of higher education The Register - Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. The ...
9 months ago Go.theregister.com

What is Certified information Security Manager? Definition from SearchSecurity - Certified Information Security Manager is an advanced certification that indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security program. CISM is offered by ISACA, a ...
7 months ago Techtarget.com

Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
10 months ago Bleepingcomputer.com

The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
10 months ago Bleepingcomputer.com

Google Fixes Nearly 100 Android Security Issues - December was a hectic month for updates as firms including Apple and Google rushed to get patches out to fix serious flaws in their products before the holiday break. Enterprise software giants also issued their fair share of patches, with Atlassian ...
10 months ago Wired.com

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
11 months ago Cisa.gov

Neurosurgeons of New Jersey Confirms Cyber Attack Resulting in Recent Data Breach - On December 4, 2023, Neurosurgical Associates of New Jersey filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering. In this notice, Neurosurgeons of New Jersey explains that an ...
10 months ago Jdsupra.com

Week in review: Terrapin SSH attack, Mr. Cooper breach - Creating a formula for effective vulnerability prioritizationIn this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. EMBA: Open-source ...
10 months ago Helpnetsecurity.com

December 2023 Patch Tuesday forecast: 'Tis the season for vigilance - Many in the retail industry have placed our systems in 'lockdown' since before Thanksgiving to ensure we don't interrupt ongoing sales. They won't be able to update them until after the holidays, but that doesn't mean they can't respond to threats. ...
10 months ago Helpnetsecurity.com

Week in review: 15 million Trello users' scraped data on sale, attackers can steal NTLM hashes - The reality of hacking threats in connected car systemsIn this Help Net Security interview, Ivan Reedman, Director of Secure Engineering at IOActive, discusses how manufacturers, government regulations, and consumers are adapting to these new ...
9 months ago Helpnetsecurity.com

It was other crims what did it: SBF off hook for FTX hack The Register - Infosec In Brief The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from ...
9 months ago Go.theregister.com

BT Risks Fine As Huawei Removal Deadline Nears - UK carrier BT is at risk of a fine as it nears 31 December deadline to replace Huawei equipment from its core network. BT Group is at risk of financial penalties from the UK government, as it looks set to miss the 31 December to replace equipment ...
10 months ago Silicon.co.uk

The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
9 months ago Bleepingcomputer.com

East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
11 months ago Cnn.com

New Relic CEO sets observability strategy for the AI age - The executive that replaced Gary Steele as CEO at Proofpoint when Steele left for Splunk has now followed Steele's path from cybersecurity to the helm of an observability company. Ashan Willy was appointed CEO at New Relic in December, a month after ...
4 months ago Techtarget.com

Week in review: Booking.com hotel booking scam, Kali Linux 2023.4 released - Advanced ransomware campaigns expose need for AI-powered cyber defenseIn this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in ransomware attacks, emphasizing the need for businesses to use advanced AI ...
10 months ago Helpnetsecurity.com

Year in Malware 2023: Recapping the major cybersecurity stories of the past year - Botnets kept coming back from the dead, ransomware actors found new ways to make money through data theft extortion and threat actors and malware who have been around for more than a decade find ways to stay relevant. After Microsoft blocked macros ...
10 months ago Blog.talosintelligence.com

Black Hat Europe 2023 Closes on Record-Breaking Event in London - PRESS RELEASE. LONDON, Dec. 20, 2023 - Black Hat, the cybersecurity industry's most established and in-depth security event series, today announced the successful completion of the in-person component of Black Hat Europe 2023. The event welcomed more ...
10 months ago Darkreading.com

Latest Cyber News

CVE-2024-43434 - 15 hours ago
CVE-2024-43436 - 15 hours ago
CVE-2024-43438 - 15 hours ago
CVE-2024-43440 - 15 hours ago
CVE-2024-43425 - 15 hours ago
CVE-2024-43426 - 15 hours ago
CVE-2024-43428 - 15 hours ago
CVE-2024-43431 - 15 hours ago
CVE-2024-8442 - 16 hours ago
CVE-2024-24914 - 17 hours ago
CVE-2024-10526 - 18 hours ago
CVE-2024-50169 - 19 hours ago
CVE-2024-50170 - 19 hours ago
CVE-2024-50171 - 19 hours ago
CVE-2024-50172 - 19 hours ago
CVE-2024-51504 - 19 hours ago
CVE-2024-50155 - 19 hours ago
CVE-2024-50156 - 19 hours ago
CVE-2024-50157 - 19 hours ago
CVE-2024-50158 - 19 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-10081 - 1 day ago
CVE-2024-10082 - 1 day ago
CVE-2024-10916 - 1 day ago
CVE-2024-35146 - 1 day ago
CVE-2024-6861 - 1 day ago
CVE-2024-10919 - 1 day ago
CVE-2024-10920 - 1 day ago
CVE-2024-10318 - 1 day ago
CVE-2024-20371 - 1 day ago
CVE-2024-20418 - 1 day ago
CVE-2024-20445 - 1 day ago
CVE-2024-20457 - 1 day ago
CVE-2024-20476 - 1 day ago
CVE-2024-20484 - 1 day ago
CVE-2024-20487 - 1 day ago
CVE-2024-20504 - 1 day ago
CVE-2024-20507 - 1 day ago
CVE-2024-20511 - 1 day ago
CVE-2024-20514 - 1 day ago
CVE-2024-20525 - 1 day ago