Hot stuff

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)

Code White, CVE, Don't miss, enterprise, Hot stuff, News, Progress, vulnerability /

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) 2024-07-26 at 09:46 By Zeljka Zorz Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About CVE-2024-6327 (and CVE-2024-6096) Telerik Report Server is an enterprise solution for storing, […]

React to this headline:

Loading spinner

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) Read More »

Docker fixes critical auth bypass flaw, again (CVE-2024-41110)

containers, CVE, Docker, Don't miss, Hot stuff, News, security update, virtualization, vulnerability /

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) 2024-07-25 at 15:01 By Zeljka Zorz A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited remotely,

React to this headline:

Loading spinner

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) Read More »

Learning from CrowdStrike’s quality assurance failures

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, security testing, software, update /

Learning from CrowdStrike’s quality assurance failures 2024-07-25 at 13:01 By Help Net Security CrowdStrike has released a preliminary Post Incident Review (PIR) of how the flawed Falcon Sensor update made its way to millions of Windows systems and pushed them into a “Blue Screen of Death” loop. The PIR is a bit confusing to read

React to this headline:

Loading spinner

Learning from CrowdStrike’s quality assurance failures Read More »

How CISOs enable ITDR approach through the principle of least privilege

access control, access management, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, News, Opal Security, opinion, regulation, threat detection /

How CISOs enable ITDR approach through the principle of least privilege 2024-07-25 at 07:31 By Help Net Security Somewhere, right now, a CISO is in a boardroom making their best case for stronger identity threat detection and response (ITDR) initiatives to lower the risk of intrusion. For a good reason, too: Look no further than

React to this headline:

Loading spinner

How CISOs enable ITDR approach through the principle of least privilege Read More »

Cloud security threats CISOs need to know about

AlgoSec, Artificial Intelligence, cloud security, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, Incident Response, News, opinion, vulnerability management /

Cloud security threats CISOs need to know about 2024-07-25 at 07:01 By Mirko Zorz In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API

React to this headline:

Loading spinner

Cloud security threats CISOs need to know about Read More »

Researchers expose GitHub Actions workflows as risky and exploitable

cyber risk, cybersecurity, Don't miss, GitHub, Hot stuff, Legit Security, Video /

Researchers expose GitHub Actions workflows as risky and exploitable 2024-07-25 at 06:31 By Help Net Security GitHub is an immensely popular platform, with over 100 million developers and over 90% of Fortune 100 companies utilizing it. Despite its widespread use, many GitHub Actions workflows remain insecure, often due to excessive privileges or high-risk dependencies. In

React to this headline:

Loading spinner

Researchers expose GitHub Actions workflows as risky and exploitable Read More »

Network of ghost GitHub accounts successfully distributes malware

automa, Check Point, Don't miss, GitHub, Hot stuff, Malware, News, phishing /

Network of ghost GitHub accounts successfully distributes malware 2024-07-24 at 17:31 By Zeljka Zorz Check Point researchers have unearthed an extensive network of GitHub accounts that they believe provides malware and phishing link Distribution-as-a-Service. Set up and operated by a threat group the researchers dubbed as Stargazer Goblin, the “Stargazers Ghost Network” is estimated encompass

React to this headline:

Loading spinner

Network of ghost GitHub accounts successfully distributes malware Read More »

CrowdStrike blames buggy testing software for disastrous update

CrowdStrike, cybersecurity, Don't miss, Hot stuff, Microsoft, News /

CrowdStrike blames buggy testing software for disastrous update 2024-07-24 at 15:32 By Zeljka Zorz A bug in the Content Validator – a software element CrowdStrike relies on for testing and validating Rapid Response Content updates for its Falcon Sensors – is (partly) why the faulty update wasn’t caught in time, the company said. In a

React to this headline:

Loading spinner

CrowdStrike blames buggy testing software for disastrous update Read More »

Cybersecurity ROI: Top metrics and KPIs

ArmorCode, Artificial Intelligence, automation, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, security ROI /

Cybersecurity ROI: Top metrics and KPIs 2024-07-24 at 07:31 By Mirko Zorz In this Help Net Security interview, Karthik Swarnam, Chief Security and Trust Officer at ArmorCode, discusses key metrics and KPIs to measure cybersecurity ROI. Swarnam shares strategies for enhancing ROI through proactive measures and effective communication with executive leadership. What are the primary

React to this headline:

Loading spinner

Cybersecurity ROI: Top metrics and KPIs Read More »

Infisical: Open-source secret management platform

Don't miss, GitHub, Hot stuff, News, open source, software /

Infisical: Open-source secret management platform 2024-07-24 at 07:01 By Help Net Security Infisical is an open-source secret management platform developers use to centralize application configurations and secrets, such as API keys and database credentials, while also managing their internal PKI. In addition to managing secrets with Infisical, you can scan your files, directories, and Git

React to this headline:

Loading spinner

Infisical: Open-source secret management platform Read More »

The changes in the cyber threat landscape in the last 12 months

Artificial Intelligence, BEC scams, cybercrime, cybercriminals, dark web, Don't miss, EU, Europol, extortion, fraud, Hot stuff, News, phishing, Ransomware, sextortion /

The changes in the cyber threat landscape in the last 12 months 2024-07-23 at 14:31 By Zeljka Zorz When it comes to the cyber threat landscape, change is the only constant: the inevitable interplay between cybercriminals and law enforcement agencies makes it inevitable. Europol’s recently released Internet Organised Crime Threat Assessment (IOCTA) 2024 report covers

React to this headline:

Loading spinner

The changes in the cyber threat landscape in the last 12 months Read More »

The CISO’s approach to AI: Balancing transformation with trust

access control, Artificial Intelligence, CISO, cybersecurity, Devo Technology, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, policy, risk, Risk Management /

The CISO’s approach to AI: Balancing transformation with trust 2024-07-23 at 07:31 By Help Net Security As organizations increasingly adopt third-party AI tools to streamline operations and gain a competitive edge, they also invite a host of new risks. Many companies are unprepared, lacking clear policies and adequate employee training to mitigate these new dangers.

React to this headline:

Loading spinner

The CISO’s approach to AI: Balancing transformation with trust Read More »

10 fintech companies to watch in 2024

Compliance, Don't miss, Fintech, GoCardless, Hot stuff, News, Paysafe, Riskified, SaaS, Socure, tokenization /

10 fintech companies to watch in 2024 2024-07-23 at 07:01 By Anamarija Pogorelec The fintech market is experiencing a swift transformation driven by emerging technologies like Open Finance and GenAI, as highlighted by Juniper Research. This evolution is compounded by intense competition to become customers’ preferred choice, making the market more competitive and unpredictable than

React to this headline:

Loading spinner

10 fintech companies to watch in 2024 Read More »

Despite economic uncertainty, organizations are prioritizing SaaS security investments

Adaptive Shield, CISO, Cloud Security Alliance, cybersecurity, Don't miss, Hot stuff, News, report, SaaS, strategy, survey, tips, Video /

Despite economic uncertainty, organizations are prioritizing SaaS security investments 2024-07-23 at 06:31 By Mirko Zorz In this Help Net Security video, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the key findings of their recent annual SaaS Security Survey Report, conducted in partnership with the Cloud Security Alliance (CSA). Seventy percent of organizations have

React to this headline:

Loading spinner

Despite economic uncertainty, organizations are prioritizing SaaS security investments Read More »

Confidential AI: Enabling secure processing of sensitive data

Artificial Intelligence, Compliance, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, Intel, News, opinion, software /

Confidential AI: Enabling secure processing of sensitive data 2024-07-23 at 06:01 By Mirko Zorz In this Help Net Security interview, Anand Pashupathy, VP & GM, Security Software & Services Division at Intel, explains how Intel’s approach to confidential computing, particularly at the silicon level, enhances data protection for AI applications and how collaborations with technology

React to this headline:

Loading spinner

Confidential AI: Enabling secure processing of sensitive data Read More »

Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update

CrowdStrike, Don't miss, Hot stuff, Microsoft, News, Orca Security, phishing, tech support scam, Trend Micro, virtualization, Windows, Windows Server /

Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update 2024-07-22 at 15:16 By Zeljka Zorz By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for Crowdstrike Falcon Sensors that threw Windows

React to this headline:

Loading spinner

Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update Read More »

Cross-industry standards for data provenance in AI

Artificial Intelligence, Compliance, cybersecurity, data, Data & Trust Alliance, Don't miss, Features, Hot stuff, News, opinion, regulation, standards /

Cross-industry standards for data provenance in AI 2024-07-22 at 07:31 By Mirko Zorz In this Help Net Security interview, Saira Jesani, Executive Director of the Data & Trust Alliance, discusses the role of data provenance in AI trustworthiness and its impact on AI models’ performance and reliability. Jesani highlights the collaborative process behind developing cross-industry

React to this headline:

Loading spinner

Cross-industry standards for data provenance in AI Read More »

Shuffle Automation: Open-source security automation platform

automation, Don't miss, GitHub, Hot stuff, News, open source, security operations, software /

Shuffle Automation: Open-source security automation platform 2024-07-22 at 07:01 By Mirko Zorz Shuffle is an open-source automation platform designed by and for security professionals. While security operations are inherently complex, Shuffle simplifies the process. It’s designed to integrate with Managed Security Service Providers (MSSPs) and other service providers. Key features Feature-rich workflow editor. App creator

React to this headline:

Loading spinner

Shuffle Automation: Open-source security automation platform Read More »

Cyber insurance 2.0: The systemic changes required for future security

cyber insurance, cyber risk, cybercrime, Don't miss, Hot stuff, resilience, Video /

Cyber insurance 2.0: The systemic changes required for future security 2024-07-22 at 06:31 By Help Net Security Digitalization has evolved into a systemic risk for organizations – and, therefore, cyber insurers. With the global cost of cybercrime skyrocketing, something has to change. In this Help Net Security video, Vishaal Hariprasad, CEO at Resilience, discusses how

React to this headline:

Loading spinner

Cyber insurance 2.0: The systemic changes required for future security Read More »

Update: Worldwide IT outage due to buggy Crowdstrike update

BH Consulting, Brian Honan, CrowdStrike, cyber resilience, disruption, Don't miss, ESET, Hot stuff, Hunter Strategy, News, Performanta, SANS ISC, Windows /

Update: Worldwide IT outage due to buggy Crowdstrike update 2024-07-19 at 19:46 By Zeljka Zorz The world is 16+ hours into what looks like the biggest IT outage in history, triggered by a defective update for Crowdstrike endpoint security software for Windows machines. The price of both Crowdstrike’s and Microsoft’s shares tumbled down as a

React to this headline:

Loading spinner

Update: Worldwide IT outage due to buggy Crowdstrike update Read More »

Scroll to Top