Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

GitFlops: The Dangers of Terraform Automation Platforms

Terraform is today’s leading Infrastructure-as-Code platform, relied upon by organizations ranging from small startups to multinational corporations. It enables teams to declaratively manage their cloud or on-premises infrastructure, allowing them to provision or decommission infrastructure components simply, consistently, and with auditability.

CVE-2024-42509, CVE-2024-47460: Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

On November 5, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing two critical-severity vulnerabilities affecting Aruba Networks Access Points. These vulnerabilities, identified as CVE-2024-42509 and CVE-2024-47460, could allow unauthenticated command injection.

The Global Effort to Maintain Supply Chain Security | Part Two

A well-run kitchen requires a fully stocked pantry and a clear understanding of what’s on hand. In cybersecurity, your pantry is your asset inventory—every server, every piece of software, and even those firmware components lurking in the background. You wouldn’t want to cook without knowing exactly what ingredients are available, and you don’t want to secure your supply chain without knowing what’s in your digital inventory.

The Howler Episode 14: Jeff Green, Senior Vice President, R&D

This month we sit down with Jeff Green, Senior Vice President of R&D, as he shares his experience helping open our brand-new India office, leadership advice he swears by, and more! Jeff is an industry veteran with over 30 years of experience in building world-class products and technologies for enterprises and consumers primarily focused in security. Currently as Senior Vice President of R&D, Jeff leads Arctic Wolf’s global research and engineering organization with a focus on delivering security outcomes for customers and ending cyber risk at high scale.

Mastering Classified Systems Artifact Distribution to the Tactical Edge

This JFrog webinar, hosted by our Public Sector partner Carahsoft, focused on automating the secure distribution of critical digital artifacts in air-gapped networks. For agencies, ensuring the integrity of these artifacts at the edge is paramount. Real-time access to mission-critical software for warfighters is essential, and timely software updates boost operational readiness and capabilities. Leveraging JFrog's latest tools, this approach significantly enhances operational capabilities for public sector agencies.

Prevent Security Breaches in Self-Hosted Environments with GitGuardian's Custom Host for Validity Checks

Stop chasing false positives in your self-hosted instances. With GitGuardian's custom host for validity checks, security teams get real-time insights to prioritize active threats, reduce noise, and prevent costly breaches.

Weekly Cyber Security News 07/11/2024

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Could turn nasty: Does anyone pay any attention to DocuSign random emails? I suppose if you did, you could have nasty surprise: It was bad enough with robo vacs spying but your trusty air fryer now?

How to comply with PCI DSS 4's Req 6.4.3 and 11.6.1 in 4 minutes or less?

Being PCI DSS 4 compliant is crucial for e-commerce merchants—businesses that accept credit card payments on their websites and web applications. The new PCI DSS requirements (6.4.3 and 11.6.1) are designed to strengthen payment page security, and if you’re processing online payments, you’re likely required to comply. Compliance helps protect your customers’ sensitive payment information while ensuring the integrity and security of your payment process.

Phishing Campaign Impersonates OpenAI To Collect Financial Data

Cybercriminals are impersonating OpenAI in a widespread phishing campaign designed to trick users into handing over financial information. The emails inform users that a payment for their ChatGPT subscription was declined, inviting them to click a link in order to update their payment method. The phishing emails appear fairly convincing, but trained users could spot some red flags. The most obvious giveaway is that the emails were sent from “info@mtacom,” which is clearly unrelated to OpenAI.