Discover the top 10 best practices for Privileged Access Management in 2024 to secure your critical systems and data. Learn expert tips now!

Astra Security identified a vulnerability in the InvenTree Inventory Management System on October 2nd, 2024, which has since been patched. This vulnerability, CVE-2024-47610, is stored cross-site scripting (stored XSS) that targets versions of InvenTree below 0.16.5, where ‘Markdown,’ in the Notes feature, can enable attackers to run code. Cross-site scripting vulnerabilities allow a hacker to inject HTML code into an application and affect the users who intercept the code.

Remote and hybrid workplaces are here to stay. In August 2023, 20% of U.S. employees worked from home at least once. By 2025, more than 36 million U.S. employees will work remotely, up from 19 million in 2019. That’s good news for employers who want the widest talent pool and employees who want to do their best work from anywhere. However, it’s also potentially good news for cyber criminals, who can exploit remote access policies to compromise cloud data.

The Rename-Item cmdlet in PowerShell can be used to change the name of an item. This item can be a file, directory, or any object in a path. The cmdlet can also be used to rename items both locally and in a network environment. Users can also perform batch renaming operations, integrate renaming tasks into scripts for automation, and even manage complex renaming requirements with the help of wildcard characters and regular expressions.

Choosing S3 storage like AWS, Google Cloud, or Azure Blob Storage is a strategic choice. Especially as data volumes grow fast and disaster recovery strategies require more focus. Such an investment may reduce operational overhead and optimize costs. Then, new technical and economic perspectives follow. 99% of IT decision-makers state they have a backup strategy. And yet, 26% of them couldn’t fully restore their data when recovering from backups (according to a survey of Apricorn from 2022).

Data Execution Prevention (DEP) is a Windows security feature that protects systems by preventing code from executing in memory areas designated for data storage. By ensuring only authorized programs can run in specific memory regions, DEP helps block malicious software, such as viruses, from executing harmful code. It operates at both hardware and software levels, monitoring memory usage to prevent exploits like buffer overflow attacks.

Tools like ADUC and ADAC enable Sysadmins to create a new user in an Active Directory quite easily, but they has certain limitations when it comes to bulk user creation. PowerShell is a powerful and flexible tool for creating Active Directory accounts, and much more at scale. This blog reviews the process to create a new Active Directory user with PowerShell cmdlet New-ADUser. We’ll cover the top use cases for this cmdlet and provides its full syntax so you can explore it further.

In a world where digital transformation is accelerating, the stakes for safeguarding critical infrastructure, government systems, and financial services have never been higher. These sectors are increasingly targeted by sophisticated payment fraud schemes and AI-powered cyberattacks, leaving them under immense pressure to shield their customers from threats.

CVE-2024-45409 is a critical vulnerability in the Ruby-SAML (affecting versions up to 12.2 and from 1.13.0 to 1.16.0) and OmniAuth SAML libraries. It hence effectively poses a security risk for unpatched versions of GitLab (read more on the GitLab blog). This vulnerability arises from improper verification of the SAML Response signature. An attacker with access to any signed SAML document can forge a SAML Response or Assertion with arbitrary contents.

Sticking to container security best practices is critical for successfully delivering verified software, as well as preventing severe security breaches and its consequences. These best practices are an important part of implementing a robust Cloud Native Application Protection Platform (CNAPP). According to the 2023 CNCF Survey, over 90 percent of companies are using containers, while 84 percent of companies were using or evaluating Kubernetes.