Category: Help Net Security

Ledger today launched Ledger Flex, featuring secure E Ink touchscreen displays powered by Ledger’s Secure OS. It’s available to purchase for $249, shipping immediately. The Ledger Flex features a high-resolution, 2.8” display that provides clarity when signing transactions or approving…

Read more →

Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About CVE-2024-6327 (and CVE-2024-6096) Telerik Report Server is an enterprise solution for storing, creating, managing and…

Read more →

As AI-generated deepfake attacks and identity fraud become more prevalent, companies are developing response plans to address these threats, according to GetApp. In fact, 73% of US respondents report that their organization has developed a deepfake response plan. This concern…

Read more →

While sysadmins recognize AI’s potential, significant gaps in education, cautious organizational adoption, and insufficient AI maturity hinder widespread implementation, leading to mixed results and disruptions in 16% of organizations, according to Action1. Knowledge gap and training needs Sysadmins’ views remained…

Read more →

With the new stringent regulations, including the SEC’s cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU, a significant challenge is emerging for many organizations, according to Onyxia Cyber. CISO role has changed…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from GitGuardian, LOKKER, Permit.io, Secure Code Warrior, and Strata Identity. GitGuardian’s tool helps companies discover developer leaks on GitHub GitGuardian released a tool to help companies…

Read more →

Chainguard has completed a $140 million Series C round of funding led by Redpoint Ventures, Lightspeed Venture Partners, and IVP, bringing the company’s total funding raised to $256 million. Existing investors, including Amplify, Mantis VC, Sequoia Capital, and Spark Capital…

Read more →

A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited…

Read more →

CrowdStrike has released a preliminary Post Incident Review (PIR) of how the flawed Falcon Sensor update made its way to millions of Windows systems and pushed them into a “Blue Screen of Death” loop. The PIR is a bit confusing…

Read more →

CAST launched CAST SBOM Manager, a new freemium product designed for product owners, release managers, and compliance specialists. CAST SBOM Manager automates and simplifies the creation and handling of Software Bill of Materials (SBOMs), which North American and European governments…

Read more →

Lakera has raised $20 million in a Series A funding round. Led by European VC Atomico, with participation from Citi Ventures, Dropbox Ventures, and existing investors including redalpine, this investment brings Lakera’s total funding to $30 million. This funding positions…

Read more →

BIND (Berkeley Internet Name Domain) is an open-source DNS software system with an authoritative server, a recursive resolver, and related utilities. BIND 9.20, a stable branch suitable for production use, has been released. According to the current software release plan,…

Read more →

Somewhere, right now, a CISO is in a boardroom making their best case for stronger identity threat detection and response (ITDR) initiatives to lower the risk of intrusion. For a good reason, too: Look no further than the Change Healthcare…

Read more →

In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware,…

Read more →

GitHub is an immensely popular platform, with over 100 million developers and over 90% of Fortune 100 companies utilizing it. Despite its widespread use, many GitHub Actions workflows remain insecure, often due to excessive privileges or high-risk dependencies. In this…

Read more →

Regulated data (data that organizations have a legal duty to protect) makes up more than a third of the sensitive data being shared with GenAI applications—presenting a potential risk to businesses of costly data breaches, according to Netskope. The new…

Read more →

Check Point researchers have unearthed an extensive network of GitHub accounts that they believe provides malware and phishing link Distribution-as-a-Service. Set up and operated by a threat group the researchers dubbed as Stargazer Goblin, the “Stargazers Ghost Network” is estimated…

Read more →

Vanta announced that it has raised a $150 million Series C funding round at a valuation of $2.45 billion. The round was led by Sequoia Capital, in addition to new investors Growth Equity at Goldman Sachs Alternatives, J.P. Morgan and…

Read more →

A bug in the Content Validator – a software element CrowdStrike relies on for testing and validating Rapid Response Content updates for its Falcon Sensors – is (partly) why the faulty update wasn’t caught in time, the company said. In…

Read more →

Coalfire announced its Cyber Security On-Demand portfolio to provide a flexible set of services that reduce cyber risks and remediate security vulnerabilities in customer environments. As attack surfaces grow, defenders need flexibility and a hacker mindset to respond. These services…

Read more →