News

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)

Code White, CVE, Don't miss, enterprise, Hot stuff, News, Progress, vulnerability /

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) 2024-07-26 at 09:46 By Zeljka Zorz Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About CVE-2024-6327 (and CVE-2024-6096) Telerik Report Server is an enterprise solution for storing, […]

React to this headline:

Loading spinner

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) Read More »

16% of organizations experience disruptions due to insufficient AI maturity

Action1, Artificial Intelligence, automation, cybersecurity, News, report, survey /

16% of organizations experience disruptions due to insufficient AI maturity 2024-07-26 at 07:31 By Help Net Security While sysadmins recognize AI’s potential, significant gaps in education, cautious organizational adoption, and insufficient AI maturity hinder widespread implementation, leading to mixed results and disruptions in 16% of organizations, according to Action1. Knowledge gap and training needs Sysadmins’

React to this headline:

Loading spinner

16% of organizations experience disruptions due to insufficient AI maturity Read More »

AI-generated deepfake attacks force companies to reassess cybersecurity

Artificial Intelligence, authentication, deepfakes, GetApp, News, report, survey, threat /

AI-generated deepfake attacks force companies to reassess cybersecurity 2024-07-26 at 07:31 By Help Net Security As AI-generated deepfake attacks and identity fraud become more prevalent, companies are developing response plans to address these threats, according to GetApp. In fact, 73% of US respondents report that their organization has developed a deepfake response plan. This concern

React to this headline:

Loading spinner

AI-generated deepfake attacks force companies to reassess cybersecurity Read More »

Most CISOs feel unprepared for new compliance regulations

CISO, Compliance, cybersecurity, News, Onyxia, regulation, report, survey /

Most CISOs feel unprepared for new compliance regulations 2024-07-26 at 06:31 By Help Net Security With the new stringent regulations, including the SEC’s cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU, a significant challenge is emerging for many organizations, according to Onyxia Cyber. CISO role has changed

React to this headline:

Loading spinner

Most CISOs feel unprepared for new compliance regulations Read More »

New infosec products of the week: July 26, 2024

GitGuardian, LOKKER, News, Permit.io, Secure Code Warrior, Strata Identity /

New infosec products of the week: July 26, 2024 2024-07-26 at 06:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from GitGuardian, LOKKER, Permit.io, Secure Code Warrior, and Strata Identity. GitGuardian’s tool helps companies discover developer leaks on GitHub GitGuardian released a tool to help

React to this headline:

Loading spinner

New infosec products of the week: July 26, 2024 Read More »

Docker fixes critical auth bypass flaw, again (CVE-2024-41110)

containers, CVE, Docker, Don't miss, Hot stuff, News, security update, virtualization, vulnerability /

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) 2024-07-25 at 15:01 By Zeljka Zorz A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited remotely,

React to this headline:

Loading spinner

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) Read More »

Learning from CrowdStrike’s quality assurance failures

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, security testing, software, update /

Learning from CrowdStrike’s quality assurance failures 2024-07-25 at 13:01 By Help Net Security CrowdStrike has released a preliminary Post Incident Review (PIR) of how the flawed Falcon Sensor update made its way to millions of Windows systems and pushed them into a “Blue Screen of Death” loop. The PIR is a bit confusing to read

React to this headline:

Loading spinner

Learning from CrowdStrike’s quality assurance failures Read More »

BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements

BIND, DNS, DNSSEC, Don't miss, networking, News, open source /

BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements 2024-07-25 at 10:01 By Help Net Security BIND (Berkeley Internet Name Domain) is an open-source DNS software system with an authoritative server, a recursive resolver, and related utilities. BIND 9.20, a stable branch suitable for production use, has been released. According to the current software release

React to this headline:

Loading spinner

BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements Read More »

How CISOs enable ITDR approach through the principle of least privilege

access control, access management, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, News, Opal Security, opinion, regulation, threat detection /

How CISOs enable ITDR approach through the principle of least privilege 2024-07-25 at 07:31 By Help Net Security Somewhere, right now, a CISO is in a boardroom making their best case for stronger identity threat detection and response (ITDR) initiatives to lower the risk of intrusion. For a good reason, too: Look no further than

React to this headline:

Loading spinner

How CISOs enable ITDR approach through the principle of least privilege Read More »

Cloud security threats CISOs need to know about

AlgoSec, Artificial Intelligence, cloud security, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, Incident Response, News, opinion, vulnerability management /

Cloud security threats CISOs need to know about 2024-07-25 at 07:01 By Mirko Zorz In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API

React to this headline:

Loading spinner

Cloud security threats CISOs need to know about Read More »

The most urgent security risks for GenAI users are all data-related

cybersecurity, data, data security, generative AI, Netskope, News, report, survey /

The most urgent security risks for GenAI users are all data-related 2024-07-25 at 06:01 By Help Net Security Regulated data (data that organizations have a legal duty to protect) makes up more than a third of the sensitive data being shared with GenAI applications—presenting a potential risk to businesses of costly data breaches, according to

React to this headline:

Loading spinner

The most urgent security risks for GenAI users are all data-related Read More »

Network of ghost GitHub accounts successfully distributes malware

automa, Check Point, Don't miss, GitHub, Hot stuff, Malware, News, phishing /

Network of ghost GitHub accounts successfully distributes malware 2024-07-24 at 17:31 By Zeljka Zorz Check Point researchers have unearthed an extensive network of GitHub accounts that they believe provides malware and phishing link Distribution-as-a-Service. Set up and operated by a threat group the researchers dubbed as Stargazer Goblin, the “Stargazers Ghost Network” is estimated encompass

React to this headline:

Loading spinner

Network of ghost GitHub accounts successfully distributes malware Read More »

CrowdStrike blames buggy testing software for disastrous update

CrowdStrike, cybersecurity, Don't miss, Hot stuff, Microsoft, News /

CrowdStrike blames buggy testing software for disastrous update 2024-07-24 at 15:32 By Zeljka Zorz A bug in the Content Validator – a software element CrowdStrike relies on for testing and validating Rapid Response Content updates for its Falcon Sensors – is (partly) why the faulty update wasn’t caught in time, the company said. In a

React to this headline:

Loading spinner

CrowdStrike blames buggy testing software for disastrous update Read More »

Cybersecurity ROI: Top metrics and KPIs

ArmorCode, Artificial Intelligence, automation, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, security ROI /

Cybersecurity ROI: Top metrics and KPIs 2024-07-24 at 07:31 By Mirko Zorz In this Help Net Security interview, Karthik Swarnam, Chief Security and Trust Officer at ArmorCode, discusses key metrics and KPIs to measure cybersecurity ROI. Swarnam shares strategies for enhancing ROI through proactive measures and effective communication with executive leadership. What are the primary

React to this headline:

Loading spinner

Cybersecurity ROI: Top metrics and KPIs Read More »

Infisical: Open-source secret management platform

Don't miss, GitHub, Hot stuff, News, open source, software /

Infisical: Open-source secret management platform 2024-07-24 at 07:01 By Help Net Security Infisical is an open-source secret management platform developers use to centralize application configurations and secrets, such as API keys and database credentials, while also managing their internal PKI. In addition to managing secrets with Infisical, you can scan your files, directories, and Git

React to this headline:

Loading spinner

Infisical: Open-source secret management platform Read More »

Cybersecurity jobs available right now: July 24, 2024

cybersecurity jobs, News /

Cybersecurity jobs available right now: July 24, 2024 2024-07-24 at 06:31 By Anamarija Pogorelec Applied Cryptographer Quantstamp | EMEA | Remote – View job details As an Applied Cryptographer, you will research about various cryptographic protocols and have knowledge of cryptographic primitives or concepts, like elliptic curve cryptography, hash functions, and PCPs. You should have

React to this headline:

Loading spinner

Cybersecurity jobs available right now: July 24, 2024 Read More »

AI accelerates code development faster than security teams can keep up

automation, News, report, Seemplicity, survey, vulnerability management /

AI accelerates code development faster than security teams can keep up 2024-07-24 at 06:01 By Help Net Security 91% of respondents say their security budget is increasing this year, demonstrating a growing recognition of the importance of cybersecurity within organizations, according to Seemplicity. Vendor environments introduce complexity and fragmentation Seemplicity surveyed 300 US cybersecurity professionals

React to this headline:

Loading spinner

AI accelerates code development faster than security teams can keep up Read More »

The changes in the cyber threat landscape in the last 12 months

Artificial Intelligence, BEC scams, cybercrime, cybercriminals, dark web, Don't miss, EU, Europol, extortion, fraud, Hot stuff, News, phishing, Ransomware, sextortion /

The changes in the cyber threat landscape in the last 12 months 2024-07-23 at 14:31 By Zeljka Zorz When it comes to the cyber threat landscape, change is the only constant: the inevitable interplay between cybercriminals and law enforcement agencies makes it inevitable. Europol’s recently released Internet Organised Crime Threat Assessment (IOCTA) 2024 report covers

React to this headline:

Loading spinner

The changes in the cyber threat landscape in the last 12 months Read More »

Vulnerability in Telegram app for Android allows sending malicious files disguised as videos

cybercrime, ESET, exploit, News /

Vulnerability in Telegram app for Android allows sending malicious files disguised as videos 2024-07-23 at 12:16 By Help Net Security ESET researchers discovered a zero-day exploit, which targets the Telegram app for Android, that appeared for sale for an unspecified price in an underground forum post from June 2024. Example of how the EvilVideo exploit

React to this headline:

Loading spinner

Vulnerability in Telegram app for Android allows sending malicious files disguised as videos Read More »

The CISO’s approach to AI: Balancing transformation with trust

access control, Artificial Intelligence, CISO, cybersecurity, Devo Technology, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, policy, risk, Risk Management /

The CISO’s approach to AI: Balancing transformation with trust 2024-07-23 at 07:31 By Help Net Security As organizations increasingly adopt third-party AI tools to streamline operations and gain a competitive edge, they also invite a host of new risks. Many companies are unprepared, lacking clear policies and adequate employee training to mitigate these new dangers.

React to this headline:

Loading spinner

The CISO’s approach to AI: Balancing transformation with trust Read More »

Scroll to Top