Businesses migrating to the cloud face a complex landscape requiring advanced cloud data protection measures. Conventional security approaches often fail to provide the needed flexibility and comprehensiveness for modern cloud environments. To truly harness the cloud’s power, businesses need three essential capabilities: unified control, federated protection, and comprehensive data protection mechanisms.

Whenever anything of value is transferred between parties online, there will be crooks lurking in the shadows, looking to defraud the participants. As consumers, we almost expect them to be there. As businesses, it’s often our responsibility to protect our customers and prospects from being defrauded by bad actors masquerading as our representatives. Airline-related fraud accounts for an estimated 46% of all fraudulent online transactions.

In today's rapidly evolving digital landscape, software supply chain security has emerged as a critical concern for organizations worldwide. Among the countless security threats, ‘secret leaks’ stand out as a predominant issue, posing significant risks to the integrity and confidentiality of software systems. This blog post delves into the intricacies of secret leaks, exploring why they are a pervasive problem and what steps can be taken to mitigate this threat.

Schools and libraries often lack the funding and staffing needed to build and maintain a robust cybersecurity program. They are also the exact kind of organizations threat actors prefer— under defended and a storehouse of personally identifiable information (PII). Considering that, in 2024, education was the second-most represented industry in ransomware attacks, and third-most in business email compromise (BEC) attacks, it’s clear that protection is paramount.

On September 4, 2024, Veeam released a security bulletin announcing that they have fixed several vulnerabilities affecting various Veeam products. Arctic Wolf has highlighted five of these vulnerabilities, which are classified as critical. Arctic Wolf has not observed any exploitation of these vulnerabilities in the wild and has not identified any publicly available proof of concept (PoC) exploit code.

On August 22, 2024, a remote code execution vulnerability (CVE-2024-40766) was disclosed in SonicOS, affecting a selection of SonicWall firewall devices. At the time of disclosure, active exploitation was not known and no proof-of-concept exploit was publicly available. As of September 6, 2024, however, the security advisory has been updated with additional details, indicating that the vulnerability is potentially being actively exploited.

Security teams today normally perform ongoing vulnerability remediation as a key part of their efforts to secure applications. This process entails applying updates to remove known flaws, typically published as Common Vulnerabilities and Exposures (CVEs), that are discovered in third-party libraries within application code. While “applying updates” might sound like a straightforward task, in practice, eliminating vulnerabilities has become increasingly challenging in the current environment.

This month, the Vanta team launched new features to help you: ‍

In the ever-evolving field of information security, curiosity and continuous learning drive innovation. This blog series is tailored for those deeply engaged in experimental projects, leveraging Rust's capabilities to push the boundaries of what's possible. The focus on Rust, after exploring various programming languages, has led to the creation of several cutting-edge projects that are highlighted in this report.