ManageEngine DDI Central now facilitates Open Authorization (OAuth), which can be configured with your organization’s SMTP servers for implementing secure, reliable mail authentication for clients. OAuth provides credential-less authentication for accessing SMTP servers to send emails efficiently. It benefits users in a safe, secure approach to permitting third-party applications to access users’ SMTP servers without using their credentials.

Top tips is a weekly column where we highlight what’s trending in the tech world and list ways to explore these trends. This week, we explore four ways organizations can secure their OT environment. Operational technology (OT) has evolved from largely manual processes to digital, automated, and data-driven processes in recent years. As more industrial processes go digital, organizations in this sector now face a vastly expanded attack surface.

The vulnerabilities CVE-2024-0012 and CVE-2024-9474 exploit weaknesses in the PAN-OS management interface, allowing attackers to bypass authentication and escalate privileges, potentially resulting in unauthorized control over network devices. Addressing these vulnerabilities quickly and effectively is critical to maintaining security and compliance.

The NuPoint Unified Messaging (NPM) module in Mitel MiCollab versions up to 9.8 SP1 FP2 (9.8.1.201) is vulnerable to a path traversal attack caused by insufficient input validation. This vulnerability could be exploited by an unauthenticated attacker to gain unauthorized access to sensitive files, potentially allowing them to read, alter, or delete user data and critical system settings. The Mitel MiCollab Arbitrary File Read Vulnerability combines CVE-2024-41713 with another yet-to-be-assigned issue.

Giving valuable time back to threat intel analysts.

Confluent Cloud is a Kafka–as-a-service solution that simplifies the deployment, scaling, and operation of Kafka clusters. A popular feature is its Apache Kafka connectors, which make it easy to connect your Kafka clusters to any of 120+ third-party streaming data sources and destinations.

What if there were a way to negate the effectiveness of multi-factor authentication (or even bypass secure login protocols) without ever cracking a password? Session hijacking offers attackers a tempting shortcut to user accounts, bypassing the usual security barriers. In 2022 alone, researchers scouring the shadier corners of the internet (like the dark web) found 22 billion device and session cookie records – each of which could help to enable session hijacking.

Kubernetes 1.32 is right around the corner, and there are quite a lot of changes ready for the Holiday Season! So, what’s new in 1.32? Kubernetes 1.32 brings a whole bunch of useful enhancements, including 39 changes tracked as ‘Graduating’ in this Kubernetes release.

Whether managing a distributed workforce, balancing a range of devices and systems, or navigating the complexities of hybrid work, challenges are everywhere: fragmented workflows, operational inefficiencies, and concerns about insider risks. Solving these issues can feel like an uphill battle without clear visibility into digital workforce behavior.