Over the last decade, many vulnerabilities were initially perceived as critical or high but later deemed less important due to different factors. One of the famous examples was the “Bash Shellshock” vulnerability discovered in 2014. Initially, it was considered a critical vulnerability due to its widespread impact and the potential for remote code execution.
“What’s New in Sysdig” is back with the July 2023 edition! My name is Curtis Collicutt, based in Toronto, Canada, and the Sysdig team is excited to share our latest feature releases with you. This month, Sysdig Secure Live has been enabled for all the users!
The way we manage our money has changed dramatically. In little more than a decade, we’ve gone from branch-led services to feature-rich apps offering 24/7 access to our money. Open Banking is driving product innovation, fintechs are setting a new benchmark for customer-centric experiences, and AI is taking personalization to a new level. Financial services have never been so accessible and convenient.
As competition ramps up in the financial services sector, agile and efficient application development is critical to delivering the seamless digital experiences today’s customers want. Chances are, if you’re not already moving applications to cloud and containers, you’re considering it. But cloud-native development also brings security and compliance implications you may not have fully thought through.
There is no question that cybersecurity is on the brink of an AI revolution. The cloud security industry, for example, with its complexity and chronic talent shortage, has the potential to be radically impacted by AI. Yet the exact nature of this revolution remains uncertain, largely because the AI-based future of cybersecurity is still being invented, step by step.
In today’s digital landscape, cyber threats continue to evolve at an alarming pace, with hackers constantly finding new ways to infiltrate systems and compromise sensitive data. One such sophisticated threat is fileless malware, a stealthy form of malicious software that operates entirely in the computer’s memory without leaving any trace on the hard drive.
Relying solely on the Common Vulnerability Scoring System (CVSS) is insufficient when it comes to effective vulnerability management. While the CVSS score provides a quantitative measure of a vulnerability’s severity, it fails to capture the contextual nuances that can significantly impact the actual risk to an organization. In this article, we will discuss how best to choose a vulnerability management solution.
SCARLETEEL, an operation reported on by the Sysdig Threat Research Team last February, continues to thrive, improve tactics, and steal proprietary data. Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture.
In the face of persistent data breaches and escalating cyber threats, organizations are compelled to prioritize cloud defense in depth. These measures are indispensable for protecting critical assets and upholding the integrity of cloud-based systems. By establishing a comprehensive security plan, organizations can effectively convey their commitment to security and lay a solid foundation for a resilient and secure cloud environment.
During May, a new vulnerability CVE-2023-32784 was discovered that affected KeePass. KeePass is a popular open source password manager which runs on Windows, Mac, or Linux. The vulnerability allows the extraction of the master key in cleartext from the memory of the process that was running. The master key will allow an attacker to access all the stored credentials. We strongly recommend updating to KeePass 2.54 to fix the vulnerability.
