Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Arctic Wolf

CVE-2024-42509, CVE-2024-47460: Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

Nov 7, 2024 By Andres Ramos In Arctic Wolf
On November 5, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing two critical-severity vulnerabilities affecting Aruba Networks Access Points. These vulnerabilities, identified as CVE-2024-42509 and CVE-2024-47460, could allow unauthenticated command injection.
Read Post
ciso global

The Global Effort to Maintain Supply Chain Security | Part Two

Nov 7, 2024 By Various Cybersecurity Experts In CISO Global
A well-run kitchen requires a fully stocked pantry and a clear understanding of what’s on hand. In cybersecurity, your pantry is your asset inventory—every server, every piece of software, and even those firmware components lurking in the background. You wouldn’t want to cook without knowing exactly what ingredients are available, and you don’t want to secure your supply chain without knowing what’s in your digital inventory.
Read Post

The Howler Episode 14: Jeff Green, Senior Vice President, R&D

Nov 7, 2024 By Arctic Wolf In Arctic Wolf
This month we sit down with Jeff Green, Senior Vice President of R&D, as he shares his experience helping open our brand-new India office, leadership advice he swears by, and more! Jeff is an industry veteran with over 30 years of experience in building world-class products and technologies for enterprises and consumers primarily focused in security. Currently as Senior Vice President of R&D, Jeff leads Arctic Wolf’s global research and engineering organization with a focus on delivering security outcomes for customers and ending cyber risk at high scale.
View Video

Mastering Classified Systems Artifact Distribution to the Tactical Edge

Nov 7, 2024 By JFrog In JFrog
This JFrog webinar, hosted by our Public Sector partner Carahsoft, focused on automating the secure distribution of critical digital artifacts in air-gapped networks. For agencies, ensuring the integrity of these artifacts at the edge is paramount. Real-time access to mission-critical software for warfighters is essential, and timely software updates boost operational readiness and capabilities. Leveraging JFrog's latest tools, this approach significantly enhances operational capabilities for public sector agencies.
View Video
gitguardian

Prevent Security Breaches in Self-Hosted Environments with GitGuardian's Custom Host for Validity Checks

Nov 7, 2024 By Ferdinand Boas In GitGuardian
Stop chasing false positives in your self-hosted instances. With GitGuardian's custom host for validity checks, security teams get real-time insights to prioritize active threats, reduce noise, and prevent costly breaches.
Read Post
ioncube24

Weekly Cyber Security News 07/11/2024

Nov 7, 2024 By Kevin In ionCube24
Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Could turn nasty: Does anyone pay any attention to DocuSign random emails? I suppose if you did, you could have nasty surprise: It was bad enough with robo vacs spying but your trusty air fryer now?
Read Post
Feroot

How to comply with PCI DSS 4's Req 6.4.3 and 11.6.1 in 4 minutes or less?

Nov 7, 2024 By Feroot In Feroot
Being PCI DSS 4 compliant is crucial for e-commerce merchants—businesses that accept credit card payments on their websites and web applications. The new PCI DSS requirements (6.4.3 and 11.6.1) are designed to strengthen payment page security, and if you’re processing online payments, you’re likely required to comply. Compliance helps protect your customers’ sensitive payment information while ensuring the integrity and security of your payment process.
Read Post
knowbe4

Phishing Campaign Impersonates OpenAI To Collect Financial Data

Nov 7, 2024 By Stu Sjouwerman In KnowBe4
Cybercriminals are impersonating OpenAI in a widespread phishing campaign designed to trick users into handing over financial information. The emails inform users that a payment for their ChatGPT subscription was declined, inviting them to click a link in order to update their payment method. The phishing emails appear fairly convincing, but trained users could spot some red flags. The most obvious giveaway is that the emails were sent from “info@mtacom,” which is clearly unrelated to OpenAI.
Read Post
knowbe4

Attackers Abuse DocuSign to Send Phony Invoices

Nov 7, 2024 By Stu Sjouwerman In KnowBe4
Threat actors are abusing DocuSign’s API to send phony invoices that appear “strikingly authentic,” according to researchers at Wallarm. “Unlike traditional phishing scams that rely on deceptively crafted emails and malicious links, these incidents use genuine DocuSign accounts and templates to impersonate reputable companies, catching users and security tools off guard,” Wallarm says.
Read Post
Trustwave

Analyzing Play and LockBit: The Top Ransomware Threats Facing Retailers

Nov 7, 2024 By Trustwave In Trustwave
This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs team on major threat actor groups currently operating globally. Retailer databases are chock-full of information that makes them highly attractive targets for ransomware gangs, as highlighted by Trustwave SpiderLabs in its recent 2024 Trustwave Risk Radar Report: Retail Sector.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.