Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About …
16% of organizations experience disruptions due to insufficient AI maturity
While sysadmins recognize AI’s potential, significant gaps in education, cautious organizational adoption, and insufficient AI maturity hinder widespread implementation, …
AI-generated deepfake attacks force companies to reassess cybersecurity
As AI-generated deepfake attacks and identity fraud become more prevalent, companies are developing response plans to address these threats, according to GetApp. In fact, 73% …
Most CISOs feel unprepared for new compliance regulations
With the new stringent regulations, including the SEC’s cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU, a significant …
New infosec products of the week: July 26, 2024
Here’s a look at the most interesting products from the past week, featuring releases from GitGuardian, LOKKER, Permit.io, Secure Code Warrior, and Strata Identity. …
Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, …
Learning from CrowdStrike’s quality assurance failures
CrowdStrike has released a preliminary Post Incident Review (PIR) of how the flawed Falcon Sensor update made its way to millions of Windows systems and pushed them into a …
BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements
BIND (Berkeley Internet Name Domain) is an open-source DNS software system with an authoritative server, a recursive resolver, and related utilities. BIND 9.20, a stable …
How CISOs enable ITDR approach through the principle of least privilege
Somewhere, right now, a CISO is in a boardroom making their best case for stronger identity threat detection and response (ITDR) initiatives to lower the risk of intrusion. …
Cloud security threats CISOs need to know about
In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These …
The most urgent security risks for GenAI users are all data-related
Regulated data (data that organizations have a legal duty to protect) makes up more than a third of the sensitive data being shared with GenAI applications—presenting a …
Network of ghost GitHub accounts successfully distributes malware
Check Point researchers have unearthed an extensive network of GitHub accounts that they believe provides malware and phishing link Distribution-as-a-Service. Set up and …