Ledger today launched Ledger Flex, featuring secure E Ink touchscreen displays powered by Ledger’s Secure OS. It’s available to purchase for $249, shipping immediately. The Ledger Flex features a high-resolution, 2.8” display that provides clarity when signing transactions or approving logins. E Ink offers energy efficiency, so the battery can last for weeks or months on one charge. “After a decade of setting the standard for security and self-custody in crypto and digital assets, I’m … More → The post Ledger Flex: Secure self-custody with E Ink touchscreen display appeared first on Help Net S ..read more

Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About CVE-2024-6327 (and CVE-2024-6096) Telerik Report Server is an enterprise solution for storing, creating, managing and viewing reports in web and desktop applications. CVE-2024-6327 is an insecure (untrusted data) deserialization vulnerability that may allow attackers to remotely execute code on the underlying server through CVE-2024-6096, an insecure type resolution vulnerability that … More → The post Progress fixes critical RCE f ..read more

While sysadmins recognize AI’s potential, significant gaps in education, cautious organizational adoption, and insufficient AI maturity hinder widespread implementation, leading to mixed results and disruptions in 16% of organizations, according to Action1. Knowledge gap and training needs Sysadmins’ views remained steady over the past year, identifying the following top three areas for AI automation in the next two years: (i) log analysis, (ii) server CPU and memory monitoring, and (iii) patch management. As with last … More → The post 16% of organizations experience disruptions due to insuff ..read more

As AI-generated deepfake attacks and identity fraud become more prevalent, companies are developing response plans to address these threats, according to GetApp. In fact, 73% of US respondents report that their organization has developed a deepfake response plan. This concern stems from the growing sophistication of AI-driven impersonation attacks that can undermine traditional security measures like biometric authentication, which were previously considered highly secure but are now being called into question. Companies are developing deepfake … More → The post AI-generated deepfake attacks f ..read more

With the new stringent regulations, including the SEC’s cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU, a significant challenge is emerging for many organizations, according to Onyxia Cyber. CISO role has changed in recent years The job of a CISO has changed dramatically over the past few years. What used to be a technically minded cybersecurity role has evolved to include a greater emphasis on security strategy … More → The post Most CISOs feel unprepared for new compliance regulations appeared first on Help Net Security ..read more

Here’s a look at the most interesting products from the past week, featuring releases from GitGuardian, LOKKER, Permit.io, Secure Code Warrior, and Strata Identity. GitGuardian’s tool helps companies discover developer leaks on GitHub GitGuardian released a tool to help companies discover how many secrets their developers have leaked on public GitHub, both company-related and personal. The audit generates a score ranging from A to E. This score factors in the volume of hardcoded secrets detected, … More → The post New infosec products of the week: July 26, 2024 appeared first on Help Net Secur ..read more

Chainguard has completed a $140 million Series C round of funding led by Redpoint Ventures, Lightspeed Venture Partners, and IVP, bringing the company’s total funding raised to $256 million. Existing investors, including Amplify, Mantis VC, Sequoia Capital, and Spark Capital also participated in the round. Demand for the company’s Chainguard Images solution continues to see rapid adoption among enterprises, with a more than 5X increase in its customer base year-over-year and an over 175 percent … More → The post Chainguard raises $140 million to strengthen open source software security appeare ..read more

A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited remotely, without any user interaction, and even the attack complexity is low. “An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request … More → The post Docker fixes critical auth bypass flaw, a ..read more

CrowdStrike has released a preliminary Post Incident Review (PIR) of how the flawed Falcon Sensor update made its way to millions of Windows systems and pushed them into a “Blue Screen of Death” loop. The PIR is a bit confusing to read and parse, because it attempts to assure readers that the company carefully and comprehensively tests their products – even though the company’s failures on that front are obvious. Here is the heart of … More → The post Learning from CrowdStrike’s quality assurance failures appeared first on Help Net Security ..read more

CAST launched CAST SBOM Manager, a new freemium product designed for product owners, release managers, and compliance specialists. CAST SBOM Manager automates and simplifies the creation and handling of Software Bill of Materials (SBOMs), which North American and European governments now regularly require from their software providers. As the software supply chain faces unprecedented threats, maintaining accurate SBOMs has become critical for any organization that supplies software especially regulated device manufacturers with embedded software, government … More → The post CAST SBOM Manager ..read more