Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data across standard industry SBOM formats. “he Protobom project was born out of a project from CISA and DHS S&T to create an SBOM conversion tool. While considering the use cases, it became evident that beyond conversion, SBOM applications needed to read … More → The post Protobom: Open-source software supply chain tool appeared first on Help Net Sec ..read more

From branded emails and marketing campaigns to critical protocols, internal portals, and internet traffic, domains are central to digital enterprise operations. They are constantly created for new assets and initiatives. In this Help Net Security video, Mark Flegg, Global Director of Security Services at CSC, discusses how CISOs often don’t view domains as a foundational component in their security starter plans. This is evidenced by a general lack of awareness of how many digital domain … More → The post The key pillars of domain security appeared first on Help Net Security ..read more

Threat actors are continuing to successfully breach across the entire attack surface and the stakes are only getting higher: 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result, according to Pentera. Pentera surveyed 450 CISOs, CIOs, and IT security leaders at enterprise companies with more than 1,000 employees across the Americas, EMEA, and APAC. IT environment changes outstrip pentesting frequency Enterprises are continuing to prioritize pentesting … More → The post 51% of enterprises experienced a breach despite large security s ..read more

Here’s a look at the most interesting products from the past week, featuring releases from IDnow, Immuta, Privacera, Redgate, ShadowDragon, and Tanium. ShadowDragon Horizon enhancements help users conduct investigations from any device Horizon is accessible with any internet connection and allows users to access critical data and conduct investigations from any device, providing flexibility and mobility. Mapping advancements, plotting capability, visual geofencing, and geoestimation allow for different starting points that pinpoint precise locations and uncover … More → The post New infosec pr ..read more

Gurucul announced enhancements to its federated search capabilities. Gurucul federated search empowers users to run queries from a single console across any data source, including data lakes, cloud object storage, databases, identity systems, threat intel sources, and SIEMs – including Splunk. This universal search capability uses a familiar syntax and workflow that makes security analysts more efficient by significantly increasing the data available to them and adding context to security investigations. Since federated search keeps … More → The post Gurucul federated search provides insights ..read more

The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary commands on the underlying Windows system. “We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure,” the company said on Wednesday. CVE-2024-29204 and CVE-2024-24996 Both critical vulnerabilities are heap overflow bugs: … More → The post Ivanti patches critical Avalanche flaw ex ..read more

Immuta launched Domains policy enforcement, a new capability in the Immuta Data Security Platform that provides additional controls for data owners to implement a data mesh architecture with domain-specific data access policies. Centralizing data access decisions across organizations often leads to bottlenecks, preventing timely policy authoring, editing, and access to data. With Domains, data owners define data controls with both broad reach and specific domain controls. This is done by mirroring structures such as business … More → The post Immuta launches Domains policy enforcement to impro ..read more

Redgate has launched an enterprise version of its popular database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations. Redgate Monitor Enterprise offers advanced capabilities for monitoring large, complex estates, optimizing performance, and ensuring security, compliance and high availability with a single, all-in-one tool. “In delivering extended monitoring capabilities, Redgate Monitor Enterprise addresses the needs of large organizations, delivering on multiple challenges for those … More → The post Redgate Moni ..read more

SAS is launching new AI products and services to improve AI governance and support model trust and transparency. Model cards and new AI Governance Advisory services will help organizations navigate the turbulent AI landscape, mitigating risk and helping them pursue AI goals more confidently. SAS has also published a Trustworthy AI Life Cycle Workflow, mapped to the National Institute of Standards and Technology (NIST) AI Risk Management Framework. “Our customers are enthusiastic about the potential … More → The post SAS unveils products and services to help customers embrace AI appeared first ..read more

Law enforcement from 19 countries severely disrupted one of the world’s largest phishing-as-a-service platform, known as LabHost. This year-long operation, coordinated at the international level by Europol, resulted in the compromise of LabHost’s infrastructure. International investigation disrupts phishing-as-a-service platform LabHost Between Sunday 14 April and Wednesday 17 April a total of 70 addresses were searched across the world, resulting in the arrest of 37 suspects. This includes the arrest of 4 individuals in the United … More → The post Authorities take down LabHost, phishing-as-a ..read more