Here’s a summary of the most interesting news, articles, interviews and videos from the past week.
Microsoft releases tool to speed up recovery of systems corrupted by CrowdStrike update
By now, most of us are aware of or have been personally affected by the largest IT outage the world has ever witnessed, which was caused by a flaw in an update for Crowdstrike Falcon Sensor that caused Windows hosts to enter a Blue Screen of Death (BSOD) loop.
Vulnerability in Telegram Android app allows sending malicious files disguised as videos
ESET researchers discovered a zero-day exploit targeting the Telegram app for Android, which was listed for sale for an unspecified price in an underground forum posting from June 2024.
CrowdStrike blames buggy testing software for disastrous update
The company said a bug in Content Validator, a piece of software CrowdStrike uses to test and validate Rapid Response Content updates for Falcon Sensors, was part of the reason the faulty update didn’t arrive in time.
Learning from CrowdStrike’s quality assurance mistakes
CrowdStrike has published a preliminary post-incident review (PIR) into how a flawed Falcon Sensor update infiltrated millions of Windows systems, trapping them in a “blue screen of death” loop.
Cloud Security Threats CISOs Should Know
In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most important cloud security threats that CISOs need to be aware of in 2024.
Cybersecurity ROI: Key Metrics and KPIs
In this Help Net Security interview, Karthik Swarnam, Chief Security and Trust Officer at ArmorCode, discusses the key metrics and KPIs for measuring cybersecurity ROI.
Confidential AI: Enabling safe processing of sensitive data
In this Help Net Security interview, Anand Pashupathy, VP & GM of Security Software & Services at Intel, discusses how Intel’s approach to confidential computing, especially at the silicon level, strengthens data protection for AI applications, and how collaborations with technology leaders such as Google Cloud, Microsoft, and Nvidia contribute to the security of AI solutions.
A cross-industry standard for data provenance in AI
In this Help Net Security interview, Saira Jesani, Executive Director of the Data & Trust Alliance, explains the role of data provenance in AI trust and how it impacts the performance and reliability of AI models.
Shuffle Automation: An open source security automation platform
Shuffle is an open source automation platform designed by security experts for security experts.
Progress has fixed a critical RCE vulnerability in Telerik Report Server. Upgrade immediately. (CVE-2024-6327)
Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible.
Docker fixes critical authentication bypass flaw again (CVE-2024-41110)
A critical Docker Engine vulnerability (CVE-2024-41110) could allow an attacker to bypass the authentication plugin (AuthZ) via a specially crafted API request and perform unauthorized actions, including privilege escalation.
Network of ghost GitHub accounts successfully distributes malware
Researchers at Check Point have discovered an extensive network of GitHub accounts that appear to be offering malware and phishing link distribution-as-a-service.
Changes in the cyber threat landscape over the past 12 months
When it comes to the cyber threat landscape, change is the only constant, and it is inevitable due to the inevitable interaction between cybercriminals and law enforcement.
How CISOs can achieve an ITDR approach through the principle of least privilege
Right now, a CISO somewhere is sitting in a boardroom trying to figure out how best to implement stronger identity threat detection and response (ITDR) initiatives to reduce the risk of intrusion.
Despite economic uncertainty, organizations are prioritizing investments in SaaS security
In this Help Net Security video, Maor Bin, CEO and co-founder of Adaptive Shield, discusses the key findings of their recent annual SaaS security research report, conducted in collaboration with the Cloud Security Alliance (CSA).
Cybersecurity jobs open: July 24, 2024
We’ve combed the market to curate roles across a range of skill levels within the cybersecurity field. Check out our weekly selection of currently available cybersecurity roles.
CISOs’ approach to AI: Balancing transformation and trust
As organizations increasingly adopt third-party AI tools to streamline operations and gain competitive advantage, they also introduce a host of new risks.
Researchers expose GitHub Actions workflows as dangerous and open to exploits
In this Help Net Security video, Roy Blit, Head of Research at Legit Security, discusses the new Legit Security State of GitHub Actions Security report.
Infisical: An open source secrets management platform
Infisical is an open source secrets management platform used by developers to centralize application configurations and secrets such as API keys and database credentials, and to manage their internal PKI.
Cyberinsurance 2.0: Systemic changes needed to secure the future
In this Help Net Security video, Vishaal Hariprasad, CEO of Resilience, explains how cyber insurance needs to evolve to help businesses better manage cyber risk.
Infisical: An open source secrets management platform
Infisical is an open source secrets management platform used by developers to centralize application configurations and secrets such as API keys and database credentials, and to manage their internal PKI.
Ad injection malware disguised as DwAdsafe ad blocker uses Microsoft-signed drivers
ESET Research has discovered a sophisticated Chinese browser injector: a signed vulnerable ad injection driver from a mysterious Chinese company.
10 Fintech Companies to Watch in 2024
Amid economic pressures and fierce competition in nearly every sector, fintech vendors must prioritize solutions that address key pain points and deliver tangible benefits, rather than relying on speculative advances. Here’s a list of 10 companies with big plans.
New Information Security Products of the Week: July 26, 2024
Here we take a look at the most interesting products from the past week, featuring releases from GitGuardian, LOKKER, Permit.io, Secure Code Warrior, and Strata Identity.
