On July 1, 2024, OpenSSH released fixes for CVE-2024-6387, a vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems allowing for potential Remote Code Execution (RCE). OpenSSH is a widely-used suite of secure networking tools based on the SSH protocol, providing encryption for secure communication and file transfers, and is essential for remote management on Unix systems. CVE-2024-6387 is a signal handler race condition that allows unauthenticated Remote Code Execution (RCE) as root.

In today’s escalating threat landscape, Security Operations Center (SOC) teams face a constant cat and mouse battle against adversaries as they try to stay one step ahead. This situation isn’t helped by the fragmented tools; multiple data feeds and data siloes they must contend with. Likewise, with so many security vendors out there with different approaches and solutions, how do they know what cybersecurity solutions they should be investing in?

We’ve seen the movies where the character needs to get out of a jam or needs to get somewhere in a hurry, so they mash the big button of Nitrous Oxide and boom they are off! Fast and the Furious and Boss Level are the two movies that come to mind. So, how does this relate to a SIEM or SIEM rules? Sit down, buckle up, and let’s go for a ride.

Although using Cash App is a convenient way to receive money from people you already know, Cash App is not safe when receiving money from strangers. Whenever you use a payment app like Cash App, it’s always better to receive money from people you trust to avoid being scammed by a stranger. Other payment apps besides Cash App include PayPal, Venmo, Zelle, Apple Pay and Chime, among others.

In the rapidly evolving landscape of artificial intelligence (AI), ensuring robust security and compliance is becoming more difficult for enterprises. AI audit logs emerge as a critical tool in this mission, offering a detailed record of all activities within AI systems. By leveraging these logs, businesses can enhance their security posture, ensure regulatory compliance, and optimize AI usage. Let's delve into how AI audit logs can serve as a secret weapon in bolstering enterprise security.

The technology your organization uses is integral to its success. When selecting vendors, security should be at the forefront of your decision. A strong vendor review process is crucial for selecting partners that align with your company's security goals, and security questionnaires are a key step in this process.

Cybersecurity is no longer solely an IT department’s concern; it's a company-wide responsibility. But with busy schedules and overflowing inboxes, getting employees to truly pay attention to cybersecurity training can feel like an uphill battle. Let’s start off with why too many staffers are apt to mentally tap out when taking an awareness course. Now, let’s look at how to design a cybersecurity awareness program that will keep employees engaged and informed.

The CISO of a major insurance company recently switched from Microsoft to CrowdStrike for endpoint and identity security following a ransomware incident that Microsoft Defender failed to block. The following Q&A explains what happened, the fallout with Microsoft and how CrowdStrike delivered the protection, consolidation and support the CISO needed. Describe your security posture before the incident. I joined the company as CISO a few years ago.

What likely started as a quick ransomware “smash and grab” has turned into a headline case resulting in responses from both U.K. and U.S. law enforcement. Earlier this month, several larger London hospitals suddenly had no access to lab results. It turned out to be the result of a ransomware attack on laboratory partner Synnovis that crippled hospitals and health services that rely on Synnovis.

Nightfall has been named a Leader in Data Loss Prevention (DLP), Sensitive Data Discovery, Data Security, and Cloud Data Security in G2’s Summer ‘24 reports. We’d like to extend a huge thank you to all of Nightfall’s customers and supporters for making this possible. We’re also happy to acknowledge the Nightfall team’s tireless innovation, all in pursuit of helping customers to protect their sensitive data across the sprawling enterprise attack surface.