Nightfall has been named a Leader in Data Loss Prevention (DLP), Sensitive Data Discovery, Data Security, and Cloud Data Security in G2’s Summer ‘24 reports. We’d like to extend a huge thank you to all of Nightfall’s customers and supporters for making this possible. We’re also happy to acknowledge the Nightfall team’s tireless innovation, all in pursuit of helping customers to protect their sensitive data across the sprawling enterprise attack surface.

We’ve seen the movies where the character needs to get out of a jam or needs to get somewhere in a hurry, so they mash the big button of Nitrous Oxide and boom they are off! Fast and the Furious and Boss Level are the two movies that come to mind. So, how does this relate to a SIEM or SIEM rules? Sit down, buckle up, and let’s go for a ride.

In today’s escalating threat landscape, Security Operations Center (SOC) teams face a constant cat and mouse battle against adversaries as they try to stay one step ahead. This situation isn’t helped by the fragmented tools; multiple data feeds and data siloes they must contend with. Likewise, with so many security vendors out there with different approaches and solutions, how do they know what cybersecurity solutions they should be investing in?

Welcome to the latest from Corelight Labs! This blog continues our tradition of picking a popular malware family from Any.Run and writing a detector for it! Trending consistently at #1 on Any.Run’s malware trends list, Agent Tesla uses multiple protocols to communicate with its C2 infrastructure, making it more difficult to detect robustly than a malware sample utilizing only one network protocol for its C2.

In the ever-evolving landscape of cybersecurity, safeguarding critical data from unauthorized access is paramount. Our recent webinar, “Shut the Front Door,” provided invaluable insights aimed at business leaders, operations executives, and IT managers within the government contracting community, emphasizing the necessity of robust access control measures and adherence to regulations like the FAR, DFARS, and NIST 800-171.

Although using Cash App is a convenient way to receive money from people you already know, Cash App is not safe when receiving money from strangers. Whenever you use a payment app like Cash App, it’s always better to receive money from people you trust to avoid being scammed by a stranger. Other payment apps besides Cash App include PayPal, Venmo, Zelle, Apple Pay and Chime, among others.

On June 25, 2024, Fortra published a security advisory for a vulnerability affecting their FileCatalyst Workflow product. The vulnerability, labelled as CVE-2024-5275, is rated as critical severity due to its low attack complexity and high impact.

On July 1, 2024, OpenSSH released fixes for CVE-2024-6387, a vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems allowing for potential Remote Code Execution (RCE). OpenSSH is a widely-used suite of secure networking tools based on the SSH protocol, providing encryption for secure communication and file transfers, and is essential for remote management on Unix systems. CVE-2024-6387 is a signal handler race condition that allows unauthenticated Remote Code Execution (RCE) as root.

On June 28, 2024, Juniper released fixes for a critical authentication bypass vulnerability discovered during internal testing, CVE-2024-3937. Juniper has stated that this vulnerability affects only Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products running in high-availability redundant configurations.

In the last decade, outsourcing to third parties–especially in the gig economy–has taken over key functions that enterprises used to handle internally. Today’s companies are frequently virtual–using third-party services that span the likes of application development, back-office corporate functions, contract manufacturing and research, marketing, and core IT services.