Category: News Alerts

Boston and Tel Aviv, Mar. 4, 2025, CyberNewswire — Hunters, the leader in next-generation SIEM, today announced Pathfinder AI, a major step toward a more AI-driven SOC.

Building on Copilot AI, which is already transforming SOC workflows with LLM-powered investigation guidance, Hunters is introducing its Agentic AI vision, designed to autonomously enhance detection, investigation, and response. Agentic AI will launch soon, with ongoing innovations to further streamline security operations.

“Hunters has already made a significant impact on our security operations by reducing manual investigations, streamlining data ingestion, and improving threat visibility. With Pathfinder AI, we’re enhancing efficiency and response times through AI-driven detection explanations and automated investigative guidance. This innovation continues to strengthen Emburse’s security posture with cutting-edge AI-powered threat intelligence.” — Casey Sword, Endpoint Security Architect, Emburse

AI and security operations

Security investigations are complex and unpredictable—each alert triggers multiple investigative steps, creating an overwhelming number of possible paths. Traditional automation follows rigid workflows, often leaving analysts stuck chasing false leads while real threats slip through.

AI changes the equation. Unlike static rule-based automation, Agentic AI dynamically adapts, prioritizing critical threats, filtering out noise, and continuously refining investigations to keep security teams focused and efficient.

To stay ahead of evolving threats, SOCs need two key AI-driven capabilities:

•Copilot AI – Enhances analyst workflows with automated data analysis, report generation, and guided investigations.

•Agentic AI – Delivers autonomous threat detection, investigation, and response, reducing manual workloads and accelerating decision-making.

By leveraging specialized AI agents that collaborate in real time, security teams can move beyond manual triage and fragmented investigations—operating faster, smarter, and with greater precision.

Hunters Pathfinder AI

From day one, Hunters was founded with the vision of embedding analyst intelligence into the SIEM—automating triage and investigation to maximize efficiency and accuracy. With years of experience refining AI-driven security operations, they are uniquely positioned to lead the AI-driven SOC transformation, leveraging the deep expertise to deliver automation at scale.

As Hunters Pathfinder AI continues to evolve, they are expanding its capabilities in two key areas: AI-Assisted SOC and AI-Driven SOC. These advancements will further reduce manual workloads while enhancing detection, investigation, and response.

AI-Assisted SOC with Copilot AI

•Lead Summarization – AI-generated summaries that provide analysts with immediate and comprehensive context on security events.

•Guided Investigation Workflows – Suggests next steps across the entire attack surface.

•Natural Language Querying – Enables SOC analysts to interact with the system using conversational AI to retrieve insights efficiently.

•Custom Detection Authoring – Helps analysts refine detections with guided logic and iterative fine-tuning.

•Threat Classification – AI evaluates signals and context to determine whether a threat is benign or malicious, reducing manual triage time.

AI-Driven SOC with Agentic AI

•Autonomous Triage and Classification – AI-driven agents investigate every threat, classifying incidents and providing full investigation reports.

•Self-Optimizing Detections – Machine learning models continuously refine detection accuracy based on real-world attack data.

•Automated Root Cause Analysis – AI correlates attack signals across multiple sources to provide full attack narratives.

“Pathfinder AI is a game-changer for SOC teams, allowing us to deliver on our promise of making security operations more effective in the fight against cyber threats. By combining Copilot AI and Agentic AI, we are not just automating tasks but enabling security teams to focus on what truly matters—stopping real threats before they cause harm.” — Ian Forrest, VP of Product, Hunters

The road ahead

Hunters remains committed to pushing the boundaries of SOC automation with AI-driven investigations, automated response mechanisms, and deeper AI capabilities. Pathfinder AI represents the next advancement toward a faster, smarter, and more effective security operations center and will be delivered in the upcoming months.

For more details, users can explore Hunters’ blog post and join the webinar about this announcement on March 5th, 2025.

About Hunters: Hunters empowers SOC teams with AI-driven automation, maximizing efficiency without large security budgets. As a next-gen SIEM, the Hunters SOC Platform integrates Agentic AI, Copilot AI, machine learning, and graph-based correlation to automate detection, investigation, and response. Trusted by Cimpress, OpenLane, and The RealReal, Hunters delivers built-in detections, AI-driven investigations, and security expert support from Team Axon. For more information, users can visit Hunters Security.

Media contact: Ada Filipek Hunters ada.filipek@hunters.ai

The post News alert: Hunters announces ‘Pathfinder AI’ to enhance detection and response in SOC workflows first appeared on The Last Watchdog.

San Francisco, Calif., Mar. 3, 2025, CyberNewswire — With the growing importance of security compliance for startups, more companies are seeking to achieve and maintain compliance with frameworks like SOC 2, ISO 27001 & GDPR.

Bubba AI, Inc. is building a comprehensive solution for these organizations to easily integrate compliance workflows and build their own customized processes through an open-source alternative to existing GRC (Governance, Risk, and Compliance) automation platforms.

The company is positioning itself to address the compliance needs of organizations ranging from early-stage startups to established enterprises. Bubba AI’s flagship product, Comp AI, offers a built-in risk register, and policies required for frameworks while also allowing companies to build their compliance workflows using building blocks provided by the platform.

Introducing Comp AI

Comp AI is an open-source alternative to GRC automation platforms like Vanta and Drata. The platform includes several key features designed to automate compliance with frameworks such as SOC 2:

•A built-in risk register to help companies identify, document, and assess potential security risks

•Out-of-the-box security policies for modern companies, complete with an AI-powered editor for customization

•A comprehensive vendor management suite for tracking, assessing, and identifying third-party vendors

•Automated evidence-collection tools that reduce the manual burden of compliance documentation

The open source nature of Comp AI differentiates it from existing solutions in the market, allowing for greater community involvement, customization, and cost savings for companies on their compliance journey.

The value of open source compliance

Bubba AI was founded in late 2024 by Lewis Carhart, who recognized a significant gap in the market for affordable, flexible compliance automation tools that could serve the needs of a wide range of companies.

“While building at previous companies, I experienced firsthand how painful and resource-intensive the compliance process can be, especially for smaller organizations. The existing solutions were either prohibitively expensive or lacked the flexibility we needed. I wanted to create an open source platform that democratizes access to compliance automation,” Carhart commented.

This experience led Carhart to develop Comp AI as an open source alternative that could help organizations of all sizes achieve SOC 2 compliance without breaking the bank or getting locked into proprietary systems.

Ambitious goal

Bubba AI has set an ambitious target: helping 100,000 companies achieve compliance with cyber security frameworks like SOC 2, ISO 27001 & GDPR by 2032. This goal reflects the growing importance of security certifications as businesses increasingly handle sensitive customer data and face stricter regulatory requirements.

“We believe that strong security practices shouldn’t be a luxury that only well-funded companies can afford. By providing an open source solution, we’re removing barriers to entry and empowering organizations to build robust security programs regardless of their size or resources”, said Carhart.

The company plans to build a community around its open-source platform, encouraging contributions and extensions that can benefit the broader business ecosystem.

About Bubba AI: Bubba AI, Inc. was founded at the end of 2024. Its mission is clear: help 100,000 companies get compliant with common cyber security frameworks by 2032. To do this, Bubba AI, Inc. is launching its first product – Comp AI, an open-source alternative to Vanta & Drata.

Media contact: Lewis Carhart, Founder, Bubba AI, Inc., hello@trycomp.ai

The post News alert: Bubba AI launches Comp AI to help 100,000 startups get SOC 2 compliant by 2032 first appeared on The Last Watchdog.

Cary, NC, Feb. 25, 2025, CyberNewswire — INE, the leading provider of networking and cybersecurity training and certifications, today announced its recognition as an enterprise and small business leader in online course providers and cybersecurity professional development, along with its designation as the recipient of G2’s 2025 Best Software Awards for Education Products.

This category of awards ranks the world’s top 50 software education products based on authentic reviews from more than 100 million G2 users.

“We are thrilled to be recognized for a second consecutive year by G2’s Best Software Awards,” said Dara Warn, CEO of INE. “This is not only a testament to INE’s robust educational offerings but also underscores our dedication to empowering enterprise teams and professionals with the skills they need to thrive in a challenging digital landscape. We are proud to set the standard for quality and effectiveness in cybersecurity and technical education, as evidenced by the success of our students.”

G2’s Best Software Awards rank the world’s best software companies and products based on verified user reviews and publicly available market presence data. Fewer than 1% of vendors listed on G2 are named to the list.

“The 2025 Best Software Award winners represent the very best in the industry, standing out for their exceptional performance and customer satisfaction. The stakes for choosing the right business software are higher than ever,” said Godard Abel, co-founder & CEO at G2. “With over 180,000 software products and services listings and 2.8 million verified user reviews in the G2 marketplace, we’re proud to help companies navigate these critical choices with insights rooted in authentic customer feedback. Congratulations to this year’s honorees!”

G2 badges, released quarterly, recognize INE’s strong performance compared to competitors in specific areas, including its enterprise cybersecurity training and certification offerings, the depth and breadth of its online learning library, and global impact. INE earned the following G2 badges for Winter 2025:

•Fastest Implementation, Online Course Providers

•Leader, Cybersecurity Professional Development

•Leader, Online Course Providers

•Leader, Technical Skills Development

•Enterprise Leader, Online Course Providers

•Small Business Leader, Online Course Providers

•Leader, Asia Online Course Providers

•Leader, Asia Pacific Online Course Providers

•Momentum Leader, Technical Skills Development

•Momentum Leader, Online Course Providers

•Small Business High Performer, Technical Skills Development

•High Performer, India Online Course Providers

•High Performer, Europe Online Course Providers

•High Performer, Asia Technical Skills Development

INE was recently named to Security Boulevard’s list of the Top 10 Hacking Certifications for both the Certified Professional Penetration Tester (eCPPT) and Web Application Penetration Tester eXtreme (eWPTX) certifications. The list showcases some of the best ethical hacking certifications for cybersecurity professionals.

In reviewing the eCPPT, reviewers noted:

•The realistic experience

•A robust training program

•Its credentials to boost employability in Europe (specifically noted as “remarkable”).

In reviewing the eWPTX, reviewers applaud:

•The challenging nature of the exam

Requiring advanced methodologies and skills in creating exploits that “modern tools couldn’t fathom.”

With a suite of the best cybersecurity certifications and training programs designed for teams and individuals, INE continues to lead in developing cybersecurity professionals equipped with real-time, hands-on experience to manage cyber threats and security incidents. Our award-winning cybersecurity software and comprehensive training in network security, cloud security, and risk management, prepare learners to become certified ethical hackers (CEH), certified information systems security professionals (CISSP), and more, solidifying our reputation as the trusted partner in cybersecurity excellence and threat intelligence.

About INE: INE is the premier provider of online technical training for the IT industry. Harnessing the world’s most powerful hands-on lab platform, cutting-edge technology, global video distribution network, and world-class instructors, INE is the top training choice for Fortune 500 companies worldwide, and for IT professionals looking to advance their careers. INE’s suite of learning paths offers an incomparable depth of expertise across cybersecurity, cloud, networking, and data science. INE is committed to delivering the most advanced technical training on the planet, while also lowering the barriers worldwide for those looking to enter and excel in an IT career. 

Media contact: Kathryn Brown, Director of Global Strategic Communications and Events, INE Security, kbrown@ine.com

The post News alert: INE secures spot in G2’s 2025 Top 50 education software rankings first appeared on The Last Watchdog.

Cary, NC, Feb. 19, 2025, CyberNewswire — 2025 marks a time of unprecedented volatility in the technology job market.

On one hand, dependence on technology is soaring. The growth of AI and machine learning is propelling a surge in new technologies, tactics, and ideas.

At the same time, organizations are trying to adapt to the changing dynamic. This has led to more job uncertainty, which the technology sector usually avoids. This year alone, roughly 7,000 jobs have been cut across dozens of tech giants, fueling growing concerns among industry professionals.

As the technology job market weathers this volatility, INE Security, a global leader in networking and cybersecurity training, is highlighting its commitment to equipping IT professionals with the skills they need to thrive. INE focuses on practical training, certifications, and preparation. This helps networking and cybersecurity professionals succeed in a changing job market.

“Continuous learning and adaptation are more important than ever for individuals hoping to succeed in their networking and cybersecurity career,” said Dara Warn, CEO of INE Security. “It is vital that professionals maintain a continuous cycle of learning. Training gives learners the knowledge and skills they need to succeed. Hands-on practice helps them understand tasks better. Certifications show that they have learned well and prove their skill mastery.”

INE’s key benefits

•Enhanced employability: Executives, supervisors, and HR professionals are completely aligned in considering industry or professional certifications the most compelling during the hiring process, according to the Society for Human Resource Management (SHRM).

•Practical Experience: The human element was involved in 68% of cybersecurity breaches in 2023 (Verizon’s 2024 Data Breach Investigations Report). Practical, hands-on experience and industry-recognized certifications validate the skills needed to minimize this risk.

•Flexible Learning Paths: From foundational courses to advanced certifications, learners can tailor their education to career goals and market needs.

“With every technological advancement, the skill sets required to manage, secure, and innovate within these systems evolve,” added Warn. “INE Security’s commitment to updating our course materials and labs ensures that our students are always at the forefront of the industry. Our focus is on making them indispensable in their current roles and highly attractive to prospective employers. INE’s training programs are more than just skill-building—they are career lifelines for professionals affected by market disruptions. ”

For more information about how INE can help you stabilize your cybersecurity and networking career goals, users can visit www.ine.com.

For a limited time, access INE Security training and certifications for up to 50% off, including eJPT, eMAPT, eCTHP, eCIR, eCDFP, and ICCA. Bundle certifications with Premium training and save even more.

About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for red-team and blue-team security training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Media contact: Kathryn Brown, Director of Global Strategic Communications and Events, INE Security, kbrown@ine.com

The post News alert: INE Security’s focus on practical security training enhances career stability in tech first appeared on The Last Watchdog.

Luxembourg, Luxembourg, Feb. 11, 2025, CyberNewswire — Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q3-Q4 2024 Radar report into DDoS attack trends.

DDoS attacks have reached unprecedented scale and disruption in 2024, and businesses need to act fast to protect themselves from this evolving threat. The report reveals a significant escalation in the total number of DDoS attacks and their magnitude, measured in terabits per second (Tbps).

Q3-Q4 2024 highlights

•Compared to Q3–Q4 2023, the number of DDoS attacks have risen by 56%, which highlights a steep long-term growth trend.

•The gaming industry continues to be the most targeted by DDoS attacks, accounting for 34% of all attacks.

•In Q3-Q4 2024, the financial services sector experienced a significant increase, accounting for 26% of all DDoS attacks, up from 12% in the previous period.

•There was a 17% increase in the total number of attacks compared with Q1-Q2 2024.

•The largest attack peaked at 2Tbps in Q3-Q4 2024, which is an 18% increase from Q1-Q2 2024.

•DDoS attacks are becoming shorter in duration but more powerful.

Attackers’ shifting focus

The sectors that were targeted in Q3-Q4 2024 reflect a changing focus among DDoS attackers. The technology industry has seen a steady increase in its share of DDoS attacks, increasing from 7% to 19% since Q3-Q4 2023. This is because DDoS attackers recognise the wide-reaching disruption potential of attacking technology services. A single successful attack can take out a service that countless organizations depend on – causing significant harm to people and businesses. Another reason that technology platforms have seen an increase in DDoS attacks is due to their vast computational power, which malicious actors can exploit to intensify their attacks.

The gaming industry continues to be the most-attacked industry, although there were 31% fewer attacks compared with Q1-Q2 2024. The decline in attacks may be attributed to several factors. For instance, gaming companies are strengthening their DDoS defenses in response to ongoing attacks, which may result in fewer successful attacks. Another explanation is that attackers may be shifting their focus towards other high-value sectors, such as financial services, which saw a 117% increase in the number of attacks. The sector’s critical online services and susceptibility to ransom-based attacks make it a prime target.

Andrey Slastenov, Head of Security at Gcore, commented: “The latest Gcore Radar should be a wake-up call to businesses across all industries. Not only is the number and intensity of attacks increasing, but attackers are expanding the scope of their attacks to reach an increasingly wide range of sectors. Businesses must invest in robust DDoS detection, mitigation, and protection to prevent the financial and reputational impact of an attack.

Distribution of DDoS attacks

With a presence that spans six continents, Gcore can accurately track the geographical sources of DDoS attacks. Gcore derives these insights from the attackers’ IP addresses and the geographic locations of the data centers where malicious traffic is targeted.

Gcore’s findings have highlighted the Netherlands as a key source of attacks; leading application-layer attacks with 21% and ranking second for network-layer attacks at 18%. The U.S. ranked highly across both layers, reflecting its vast internet infrastructure for hackers to exploit.

Brazil featured prominently in network-layer attacks at 14%. Brazil’s growing digital economy and connectivity make it an emerging source of attacks. China and Indonesia also featured prominently, with Indonesia showing a growth in application-layer attacks at 8%, which reflects a broader trend of increased attack activity in Southeast Asia.

Short, potent attacks take hold

DDoS attacks are becoming shorter in duration, but no less disruptive. The longest DDoS attack duration during Q3-Q4 2024 was five hours, which is a significant decrease from 16 hours in the first half of the year. This is reflective of an increasing trend towards shorter but more intense attacks. These ‘burst attacks’ can be more difficult to detect as they may blend in with normal traffic spikes. The delay in detection gives attackers a window of opportunity to disrupt services before cyber defenses can kick in.

The trend of shorter DDoS attack durations can in part be attributed to improvements in cybersecurity. As security tightens, attackers have learned to adapt with short burst attacks designed to bypass defenses. A short DDoS attack can also double as a smokescreen to conceal a secondary attack, such as ransomware deployment.

The full report is available at https://gcore.com/library/gcore-radar-ddos-attack-trends-q3-q4-2024

About Gcore: Gcore is a global edge AI, cloud, network, and security solutions provider. Headquartered in Luxembourg, with a team of 600 operating from ten offices worldwide, Gcore provides solutions to global leaders in numerous industries. Gcore manages its global IT infrastructure across six continents, with one of the best network performances in Europe, Africa, and LATAM due to the average response time of 30 ms worldwide. Gcore’s network consists of 180 points of presence worldwide in reliable Tier IV and Tier III data centers, with a total network capacity exceeding 200 Tbps. Users can learn more at gcore.com or follow them on LinkedIn, Twitter, and Facebook.

Media contact: Gcore press contact, pr@gcore.com

The post News alert: Gcore Radar reveals 56% rise in DDoS attacks – gaming industry targeted the most first appeared on The Last Watchdog.

Austin, TX, Feb. 4, 2025, CyberNewswire — SpyCloud’s Identity Threat Protection solutions spearhead a holistic identity approach to security, illuminating correlated hidden identity exposures and facilitating fast, automated remediation.

SpyCloud, a leading identity threat protection company, announced key innovations in its portfolio, pioneering the shift to holistic identity threat protection. By operationalizing its vast collection of darknet data with automated identity analytics that correlate malware, phishing, and breach exposures across individuals’ past and present work and personal personas, SpyCloud enables security and fraud prevention teams to comprehensively uncover hidden identity assets, rapidly remediate exposures, and better protect their businesses from previously unseen threats.

Identity security vendors have focused narrowly on securing corporate accounts, leaving organizations vulnerable to cybercriminals exploiting the broader identity exposures of employees, consumers, and suppliers. A shift to an identity-centric perspective is needed, particularly as the scope of identity exposures continues to grow. SpyCloud research reveals that the average individual has as many as 52 unique usernames/emails and 221 passwords exposed on the darknet across their online personal and professional identities.

The impact of these exposures is evident: nearly a quarter of data breaches resulted from compromised identity data. Credential attacks led to $4.81 million in related costs per breach and took the longest to identify and contain.

SpyCloud’s holistic identity threat protection addresses these challenges by encompassing the full spectrum of an individual’s online presence. This innovative approach empowers security teams to proactively protect against previously unseen risks, including the darknet exposures of identity and authentication data stolen about employees, consumers, and suppliers that have been beyond their visibility to date.

“The cybersecurity industry has spent years and billions of dollars securing accounts, but criminals have moved far beyond account-level access,” said Ted Ross, SpyCloud’s CEO and Co-Founder. “The dirty secret of the identity security industry is that efforts to lock down the perimeter fail because they focus on accounts, while bad actors target the full scope of users’ holistic identities. These sprawling identities, exposed through breaches, infostealer infections, and phishing attacks, create shadow data that traditional tools simply can’t address. ”

Ross continued, “SpyCloud changes the dynamic by providing unmatched visibility into the same data criminals are exploiting, enabling organizations to remediate exposures across the entirety of users’ online personas. This shifts the advantage back to security leaders, empowering them to act on threats that were previously beyond their reach.”

Key innovations

Here’s what underpins SpyCloud’s holistic identity threat protection:

•Refined analytics driving actionability on exposed identities: SpyCloud applies advanced data science and proprietary technology to dynamically correlate billions of recaptured darknet data points, providing a broader and more accurate view of identities. By connecting authentication data, financial data, and personally identifiable information (PII), SpyCloud uncovers hidden relationships across seemingly unrelated accounts, continuously and at scale.

•Automated remediation in <15 minutes: SpyCloud’s holistic identity portfolio now enables rapid, automated remediation within enterprise security ecosystems, including EDR, IdP, SOAR, and SIEM tools. This allows security teams to neutralize threats in less than 15 minutes of discovery, reducing risk without straining resources or operational bandwidth.

•Malware reverse engineering to combat ransomware: SpyCloud specializes in the tracking and analyzing of malware – with deep insights into pervasive infostealers such as Lumma C2, Redline Stealer, Vidar, and more – as they are often a precursor to ransomware. Through its advanced malware reverse analysis, SpyCloud provides comprehensive visibility into malware-exposed data, helping organizations identify compromised devices, users, and applications and closes critical security gaps, including those stemming from unmanaged or under-managed devices used by employees, contractors, and vendors.

•Accelerated cybercrime investigations: SpyCloud’s Investigations solution, used by cyber threat intelligence (CTI) teams, security operations, fraud and risk prevention analysts, and law enforcement globally, includes automated identity analytics to uncover the full scope of digital identity exposures, accelerating complex cybercrime investigations into threat actor attribution, insider risk (including potential hiring fraud), and supply chain risk analysis from days or hours to minutes.

Holistic identity lens

SpyCloud’s capabilities set a new standard for identity security. SpyCloud champions the transition to holistic identity security, backed by nearly a decade of experience and the industry’s largest repository of recaptured breach, malware-exfiltrated, and successfully phished data. Its holistic identity lens reveals a comprehensive view of exposed identity information – from credentials and PII to financial data and sensitive digital artifacts.

“SpyCloud’s innovative identity threat protection is about as important as it gets in cyber; identity is everything,” said John N. Stewart, SpyCloud Board Member and former Chief Security and Trust Officer of Cisco. “By making it possible to view and act on the world’s best source for identity exposures, SpyCloud raised the bar to the top for proactive defense against all types of identity-driven cyber exploitation.”

“We are redefining identity security by making holistic protection practical and achievable for our customers,” added Damon Fleury, SpyCloud’s Chief Product Officer. “SpyCloud has a long history of leading the way in understanding the cybercrime ecosystem, from our early days in world-class ATO prevention to continuing to build solutions that empower organizations to proactively protect against threats stemming from infostealer malware, phished and breach data.”

Fleury continued, “This evolution to make holistic identity threat protection a reality for enterprises is critical to our mission of disrupting cybercrime. We aim to stop identity-based threats once and for all.”

To learn more, users can contact SpyCloud or view the following resources:

•The Holistic Identity Frontier: Why Shift from account-centric Security to holistic identity threat protection

•Stop identity-based cybercrimes once and for all

About SpyCloud: SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated holistic identity threat protection solutions leverage advanced analytics to proactively prevent ransomware and account takeover, safeguard employee and consumer accounts, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.To learn more and see insights, users can visit spycloud.com.

Media contact: Emily Brown, REQ on behalf of SpyCloud, ebrown@req.co

The post News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection first appeared on The Last Watchdog.

San Francisco, Calif., Jan. 30, 2025, CyberNewswire — Doppler, the leading provider of secrets management solutions, announced a new integration with Datadog, a cloud application monitoring and security platform..

This collaboration provides engineering and operations teams with an integrated solution for securely managing sensitive credentials and gaining insights into cloud environments through real-time monitoring.

In an era of rapid cloud adoption, DevOps and security teams face mounting challenges in safeguarding sensitive data across distributed systems. By combining Doppler’s automated secrets management capabilities with Datadog’s comprehensive monitoring platform, this integration enables teams to enhance their security practices while maintaining operational visibility.

Doppler’s automated secrets storage and rotation, paired with Datadog’s continuous monitoring, empowers teams to mitigate risks of secret sprawl and prevent unauthorized access in a scalable, automated fashion.

Streamlining visibility

Many DevOps teams need help maintaining consistent security practices as secrets are often scattered across environments, increasing the risk of misconfigurations. The Doppler integration with Datadog addresses this issue head-on by creating a centralized workflow for managing secrets and monitoring activity across all environments. With Datadog’s alerts and Doppler’s automated security measures, teams can detect and respond to suspicious activity, helping to ensure security and compliance.

“We are thrilled to integrate with Datadog to combine our secrets management capabilities with their monitoring platform,” said Brian Vallelunga, CEO and Founder of Doppler. “This integration simplifies security for developers and gives organizations the ability to manage secrets at scale, gaining visibility and control over sensitive information across the entire cloud environment. Together, we’re helping teams protect their data while allowing them to stay focused on building great software.”

Solving key challenges

•Automated secrets management: Doppler’s platform automates the rotation, storage, and encryption of secrets, minimizing the risk of human error and unauthorized access.

•Real-time monitoring and alerts: Datadog’s continuous monitoring enables teams to track secret usage, receive alerts for suspicious access, and respond quickly to any anomalies.

•Security across hybrid environments: This integration unifies secrets management and monitoring, providing consistency in security practices across hybrid and multi-cloud setups.

Centralized deployment

The integration allows teams to centralize secrets management in Doppler while benefiting from Datadog’s secret usage observability. This provides a simplified solution for both managing and monitoring sensitive information. This approach enhances security without disrupting workflows, helping organizations to meet compliance requirements, reduce risk, and modernize their operations.

Availability

The integration is available now. For more information on how this integration can improve users’ security posture and improve secrets management, users can visit the Datadog Integration Documentation.

About Doppler: Doppler is a leader in secrets management, providing a centralized, secure solution that automates handling sensitive information such as API keys, tokens, and credentials. Thousands of development teams worldwide trust Doppler to simplify secrets management, improve operational efficiency, and prevent data breaches.

Media Contact: Doppler Press, press@doppler.com

The post News alert: Doppler announces integration with Datadog to streamline credential security first appeared on The Last Watchdog.

Palo Alto, Calif., Jan. 30, 2025, CyberNewswire — Browser extensions have been under the spotlight in enterprise security news recently due to the wave of OAuth attacks on Chrome extension developers and data exfiltration attacks.

However, until now, due to the limitations browser vendors place on the extension subsystem and extensions, it was thought to be impossible for extensions to gain full control of the browser, much less the device.

SquareX researchers Dakshitaa Babu, Arpit Gupta, Sunkugari Tejeswara Reddy and Pankaj Sharma debunked this belief by demonstrating how attackers can use malicious extensions to escalate privileges to conduct a full browser and device takeover, all with minimal user interaction.

Critically, the malicious extension only requires read/write capabilities present in the majority of browser extensions on the Chrome Store, including common productivity tools like Grammarly, Calendly and Loom, desensitizing users from granting these permissions.

This revelation suggests that virtually any browser extension could potentially serve as an attack vector if created or taken over by an attacker. To the best of our understanding, extensions submitted to the Chrome Store requesting these capabilities are not put through additional security scrutiny at the time of this writing.

The browser syncjacking attack can be broken up into three parts: how the extension silently adds a profile managed by the attacker, hijacks the browser and eventually gains full control of the device.

Profile hijacking

The attack begins with an employee installing any browser extension – this could involve publishing one that masquerades as an AI tool or taking over existing popular extensions that may have up to millions of installations in aggregate. The extension then “silently” authenticates the victim into a Chrome profile managed by the attacker’s Google Workspace.

This is all done in an automated manner in a background window, making the whole process almost imperceptible to the victim. Once this authentication occurs, the attacker has full control over the newly managed profile in the victim’s browser, allowing them to push automated policies such as disabling safe browsing and other security features.

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victim’s browser. For example, the malicious extension can open and modify Google’s official support page on how to sync user accounts to prompt the victim to perform the sync with just a few clicks.

Once the profile is synced, attackers have full access to all credentials and browsing history stored locally. As this attack only leverages legitimate sites and has no visible sign that it has been modified by the extension, it will not trigger any alarm bells in any security solutions monitoring the network traffic.

Browser takeover

To achieve a full browser takeover, the attacker essentially needs to convert the victim’s Chrome browser into a managed browser. The same extension monitors and intercepts a legitimate download, such as a Zoom update, and replaces it with the attacker’s executable, which contains an enrollment token and registry entry to turn the victim’s Chrome browser into a managed browser.

Thinking that they downloaded a Zoom updater, the victim executes the file, which ends up installing a registry entry that instructs the browser to become managed by the attacker’s Google Workspace. This allows the attacker to gain full control over the victim’s browser to disable security features, install additional malicious extensions, exfiltrate data and even silently redirect users to phishing sites.

This attack is extremely potent as there is no visual difference between a managed and unmanaged browser. For a regular user, there is no telltale sign that a privilege escalation has occurred unless the victim is highly security aware and goes out of their way to regularly inspect their browser settings and look for associations with an unfamiliar Google Workspace account.

Device hijacking

With the same downloaded file above, the attacker can additionally insert registry entries required for the malicious extension to message native apps. This allows the extension to directly interact with local apps without further authentication. Once the connection is established, attackers can use the extension in conjunction with the local shell and other available native applications to secretly turn on the device camera, capture audio, record screens and install malicious software – essentially providing full access to all applications and confidential data on the device.

The browser syncjacking attack exposes a fundamental flaw in the way remote-managed profiles and browsers are managed. Today, anyone can create a managed workspace account tied to a new domain and a browser extension without any form of identity verification, making it impossible to attribute these attacks.

Unfortunately, most enterprises currently have zero visibility into the browser – most do not have managed browsers or profiles, nor any visibility to the extensions employees are installing often based on trending tools and social media recommendations.

What makes this attack particularly dangerous is that it operates with minimal permissions and nearly no user interaction, requiring only a subtle social engineering step using trusted websites – making it almost impossible for employees to detect. While recent incidents like the Cyberhaven breach have already compromised hundreds, if not thousands of organizations, those attacks required relatively complex social engineering to operate.

The devastatingly subtle nature of this attack – with an extremely low threshold of user interaction – not only makes this attack extremely potent, but also sheds light on the terrifying possibility that adversaries are already using this technique to compromise enterprises today. Unless an organization chooses to completely block browser extensions via managed browsers, the browser syncjacking attack will completely bypass existing blacklists and permissions-based policies.

SquareX’s founder Vivek Ramachandran says “This research exposes a critical blind spot in enterprise security. Traditional security tools simply can’t see or stop these sophisticated browser-based attacks. What makes this discovery particularly alarming is how it weaponizes seemingly innocent browser extensions into complete device takeover tools, all while flying under the radar of conventional security measures like EDRs and SASE/SSE Secure Web Gateways. A Browser Detection-Response solution isn’t just an option anymore – it’s a necessity. Without visibility and control at the browser level, organizations are essentially leaving their front door wide open to attackers. This attack technique demonstrates why security needs to ‘shift up’ to where the threats are actually happening: in the browser itself.”

SquareX has been conducting pioneering security research on browser extensions, including the DEF CON 32 talk Sneaky Extensions: The MV3 Escape Artists that revealed multiple MV3 compliant malicious extensions. This research team was also the first to discover and disclose the OAuth attack on Chrome extension developers one week before the Cyberhaven breach. SquareX was also responsible for the discovery of Last Mile Reassembly attacks, a new class of client-side attacks that exploits architectural flaws and completely bypasses all Secure Web Gateway solutions.

Based on this research, SquareX’s industry-first Browser Detection and Response solution protects enterprises against advanced extension-based attacks including device hijacking attempts by conducting dynamic analysis on all browser extension activity at runtime, providing a risk score to all active extensions across the enterprise and further identifying any attacks that they may be vulnerable to.

For more information about the browser syncjacking attack, additional findings from this research are available at sqrx.com/research.

About SquareX: SquareX helps organizations detect, mitigate and threat-hunt client-side web attacks happening against their users in real time.

SquareX’s industry-first Browser Detection and Response (BDR) solution, takes an attack-focused approach to browser security, ensuring enterprise users are protected against advanced threats like malicious QR Codes, Browser-in-the-Browser phishing, macro-based malware and other web attacks encompassing malicious files, websites, scripts, and compromised networks.

Additionally, with SquareX, enterprises can provide contractors and remote workers with secure access to internal applications, enterprise SaaS, and convert the browsers on BYOD / unmanaged devices into trusted browsing sessions.

Media contact: Junice Liew, Head of PR, SquareX, junice@sqrx.com

The post News alert: SquareX discloses ‘Browser Syncjacking’ – a new attack to hijack browser first appeared on The Last Watchdog.

Cary, NC, Jan. 26, 2025, CyberNewswire — INE Security, a leading global provider of cybersecurity training and certifications, today announced a new initiative designed to accelerate compliance with the Department of Defense’s (DoD) newly streamlined Cybersecurity Maturity Model Certification (CMMC) 2.0.

This initiative aims to assist Defense Industry Base (DIB) contractors in swiftly adapting to the updated certification standards, which are critical to securing and maintaining defense contracts.

With the DoD’s reduction of CMMC levels from five to three, the path to compliance has become more direct but not less demanding. Recognizing the urgency for contractors to comply without delay, INE Security is offering a guide to strategic compliance acceleration. This includes a comprehensive checklist and guidance on how to implement the compliance requirements.

“The DoD’s updated framework requires greater clarity and speed in the compliance process than ever before,” said Dara Warn, CEO of INE Security. “At INE Security, we recognize the challenges organizations face in navigating the complexities of CMMC compliance. Our goal is to empower organizations to not only meet but exceed their compliance objectives by providing them with the tools and strategies needed for a faster and smoother journey. We are committed to simplifying the path to compliance, enabling our clients to focus on what they do best: securing their operations and contributing to our national defense.”

Certification requirements

Each level carries its own stringent requirements, ranging from broad in scope at Level 1 to highly specialized at Level 3. Organizations can use this checklist to track progress and identify areas requiring attention before assessment.

Level 1 technical controls

•Basic password management

•Access control implementation

•Information integrity checks

•Basic endpoint protection

Documentation needs

•System security policies

•Access control documentation

•Asset inventory

•Basic security procedures

Assessment preparation

•Self-assessment documentation

•Evidence collection

•Policy review

•Annual review planning

Level 2 technical controls

•Multi-factor authentication

•Network segmentation

•Security monitoring tools

•Incident response capabilities

•Audit logging systems

Documentation needs

•System Security Plan (SSP)

•Configuration management plans

•Incident response procedures

•Risk assessment documentation

•POA&M development

Assessment preparation

•Third-party assessment readiness

•Evidence compilation

•Technical demonstrations

•Staff interview preparation

•Control validation testing

Level 3 technical controls

•Advanced threat detection

•Security orchestration

•Continuous monitoring

•Zero-trust implementation

•Advanced access control

Documentation needs

•Enhanced SSP

•Threat modeling documentation

•Advanced security procedures

•Risk management framework

•Continuous monitoring plan

Assessment preparation

•Government assessment readiness

•Advanced evidence compilation

•Security control testing

•Personnel training records

•Program effectiveness metrics

Implementation guidance

Successfully navigating the compliance requirements of CMMC 2.0 demands a structured approach to implementation and preparation. Each step, from initial technical review to mock assessments, is designed to build upon the previous, ensuring a seamless path to CMMC certification.

Technical control implementation

•Reviewing current architecture

•Identifying gaps in controls

•Developing implementation plan

•Testing controls in staging

•Deploying to production

•Validating effectiveness

Documentation best practices

•Using standard templates

•Including revision history

•Maintaining clear procedures

•Documenting configurations

•Tracking changes

•Regular reviews

Assessment readiness

•Internal pre-assessment

•Documentation review

•Technical validation

•Staff preparation

•Evidence organization

•Mock assessment

How INE Security helps organizations accelerate compliance technical training

•INE Security’s comprehensive technical training program provides hands-on experience through practical labs focused on control implementation and security tool configuration. Structured learning paths cover essential skills in network security implementation and monitoring system setup, giving users real-world experience with the tools and techniques required for CMMC compliance.

Assessment preparation

•Organizations can prepare confidently for CMMC assessment with INE Security’s practical scenarios and technical training tools. The training helps students master control validation exercises and provides thorough interview preparation guidance, ensuring students are prepared and the assessment process is smooth.

About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Media contact: Kathryn Brown, Director of Global Strategic Communications and Events, INE Security, kbrown@ine.com

The post News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance first appeared on The Last Watchdog.

Silver Spring, MD, Jan. 15, 2025, CyberNewswire — Aembit, the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. 28 and headlined by industry luminary Kevin Mandia.

NHIcon 2025 is co-presented by Aembit and Veza, alongside industry partners Identity Defined Security Alliance and Cloud Security Alliance.

Bringing together diverse viewpoints from the cybersecurity and DevSecOps communities, NHIcon 2025 will provide technical insights and practical guidance to address the challenges of securing non-human identities, such as service accounts, AI agents, and other software workloads.

The widespread adoption of cloud technologies, the growth of APIs and microservices, and the increasing scale of machine-to-machine communications have made securing non-human identities more challenging. Traditional identity management practices and tools often fail to provide adequate visibility and control, leaving critical security gaps that elevate breach risk.

As non-human identities become central to modern infrastructure, securing them has become a top priority for enterprises worldwide, with Gartner® naming machine identity management a top security trend for 2025.

“My vision for NHIcon is that it gives organizations the opportunity to rethink – or even begin to explore for the first time – their approach to non-human identity security,” said David Goldschlag, CEO and co-founder of Aembit. “This unique event is designed to provide clear, actionable takeaways, a deeper understanding of how to secure the identities that power enterprise innovation, and the justification for prioritizing it.”

NHIcon 2025 will provide an experiential platform for interactive learning and meaningful collaboration. Attendees can openly engage with speakers, connect with a global community of identity security professionals, and uncover cutting-edge strategies for securing non-human identities in today’s fast-evolving environments.

Mandiant Founder Mandia, co-founder of Ballistic Ventures and one of the world’s most recognizable security voices, will share his perspective on the year ahead, focusing on identity security and the growing role of AI in threat landscapes.

The agenda also includes:

•A keynote from Talha Tariq, chief security officer at HashiCorp, on zero-trust principles for non-human identities.

•Heather Flanagan, executive director of IDPro, discusses modernizing identity standards.

•Software Architect Victor Ronin leading a technical session titled From Hardcoded to Hardened: The 7 Stages of Non-Human Identity Maturity.

•Ed Amoroso, CEO of TAG Cyber, shares experience in securing non-human identities in complex environments.

•A panel featuring security leaders from Twilio, Grafana Labs, and SoFi addressing business and compliance risks tied to non-human identities.

Registration for NHIcon 2025 is free and open at NHIcon.com.

About Aembit: Aembit is the leading provider of workload identity and access management solutions, designed to secure non-human identities like applications, AI agents, and service accounts across on-premises, SaaS, cloud, and partner environments. Aembit’s no-code platform enables organizations to enforce access policies in real time, ensuring the security and integrity of critical infrastructure. Users can visit aembit.io and follow us on LinkedIn.

 Media contact: Apurva Davé, Chief Marketing Officer, Aembit, info@aembit.io

The post News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security first appeared on The Last Watchdog.