CyberSecurity Updates

BastionZero has announced the release of SplitCert to provide password-free authentication access to databases. It uses Mutual TLS (mTLS) and cryptographic multi-party computation (MPC) to provide certificate-based authentication for popular, self-hosted Postgres and MongoDB databases, according to the vendor. Other new BastionZero platform features include passwordless access support for GCP cloud SQL and AWS RDS via a new desktop app, along with password-free support for Microsoft Windows servers with Remote Desktop Protocol (RDP), BastionZero said.…

Cybersecurity vendor Guardz has announced the release of a new AI-powered phishing protection solution to help small- and medium-sized businesses (SMBs) and managed service providers (MSPs) prevent phishing attacks. It uses AI to provide small businesses and the MSPs that support them automatic phishing detection and remediation capabilities by combining email security, web browsing protection, perimeter posture, and awareness into one native solution, according to the firm. The release comes in the wake of the…

IT infrastructure services provider Kyndryl has announced a new cybersecurity incident response and forensics (CSIRF) service as well as a new threat intelligence collaboration with AWS. The CSIRF will help customers proactively prepare for and respond to threats by applying the latest threat intelligence and experience from Kyndryl’s security experts, the firm said. Its partnership with AWS will combine operational IT data across cybersecurity, compliance, and resilience to provide actionable insights and security intelligence driven…

Enterprise security company Barracuda has warned its customers against using email security gateway (ESG) appliances impacted by a recently disclosed zero-day exploit and to replace them immediately. A patch for the vulnerability, which has been exploited since October 2022, had been issued by Barracuda last month to stop the exploit from allowing ESG backdooring. “The vulnerability existed in a module which initially screens the attachments of incoming emails,” the company had said previously. “No other Barracuda…

The threat group behind the Clop ransomware took credit for the recent attacks exploiting a zero-day SQL injection vulnerability in a popular web-based managed file transfer (MFT) tool called MOVEit Transfer. In a message posted on its data leak site, the gang instructs victims to contact them and negotiate a payment until June 14 or see their data leaked publicly. The message, which was modified several times, including to extend the deadline from June 12…

The latest version of Network Perception’s NP-View platform, which is designed to provide deep insights into industrial and other operational technology (OT) networks, features new capabilities like improved parsing and more flexible lookup options. The Chicago-based vendor announced NP-View 4.2 today, saying that the new features include an improved algorithm for access rules and object groups reports, faster parsing, higher performing tables, and object content lookup. The idea, according to Network Perception CEO Robin Berthier,…

Looking to harness a decade of AI/ML development Cisco this week previewed generative AI-based features it will soon bring to its Security Cloud service and Webex collaboration offerings. Cisco said it was looking meld the network and security intelligence it has amassed over the years with the large language models (LLMs) of generative AI to simplify enterprise operations and address threats with practical, effective techniques.   The first fruits of this effort will be directed…