Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! A story of a total train crash… Good guy hits bad guy, hits another bad guy and maybe someone wins…

CVE-2024-24919 is a critical security vulnerability identified in Check Point Quantum Security Gateway, a widely used network security appliance. This vulnerability allows attackers to exploit the gateway, leading to the exposure of sensitive information. As a zero-day exploit, it presents significant risks to organizations relying on Check Point for their network security.

The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.

There’s been a lot of excitement around generative AI technology over the past few years, especially in software development. Developers of all levels are turning to AI tools, such as GitHub Copilot, Amazon CodeWhisperer, and OpenAI’s ChatGPT, to support their coding efforts. In fact, GitHub found that 92% of developers use AI coding tools. However, many businesses are realizing that they need to be more cautious when using AI in software development.

Learn how managed services can help state, local, and education (SLED) organizations improve their operations and security while enabling them to innovate and serve their communities better.

The software supply chain is increasingly complex, giving threat actors more opportunities to find ways into your system, either via custom code or third-party code. In this blog we’ll briefly go over five supply chain threats and where to find them. For a deeper look to finding these threats, with more specifics and tool suggestions, check out our threat hunting guide.

We are more, but we are the same. Ekran System Inc. is happy to announce that our company changes its name from Ekran System to Syteca. Following over a decade of continuous development and growth, we see that it’s now the time to expand our product and adjust its perception accordingly. In October 2024, we will take the first steps of transforming into Syteca by releasing a significant expansion of our core platform and changing our website domain from ekransystem.com to syteca.com.

Implementation of a DevSecOps approach is the most impactful key factor in the total cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. DevSecOps, security practices integrated in DevOps, represents an advanced practice where the choice of tools is crucial for maximum risk reduction.

The Evolution of Email Threats Email has long been a favored vector for cyber attacks. From the early days of simple phishing scams to the more advanced spear-phishing campaigns, email threats have consistently evolved. However, the integration of AI has brought about a paradigm shift in both the complexity and frequency of these attacks. AI-Powered Phishing Phishing attacks have traditionally relied on mass-distribution strategies, hoping to catch a small percentage of victims.

Read also: the US dismantles the 911 S5 proxy botnet, a T-Mobile hacker arrested in Turkey, and more.