Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

CVE-2024-28988: Critical Java Deserialization RCE Vulnerability Impacts SolarWinds Web Help Desk

On October 15, 2024, SolarWinds released a hotfix for CVE-2024-28988, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an IT service management software widely used across various industries for tracking and managing support tickets. This vulnerability arises from a Java deserialization flaw, which could enable a remote unauthenticated attacker to execute arbitrary code on vulnerable hosts.

FBI Warns Scammers Are Targeting Law Firms For Phony Debt Collections

The U.S. FBI warns that scammers are attempting to trick law firms into transferring money as part of a phony debt collection scheme. The scam “may focus on any type of representation where a lawyer is hired to assist in the transfer or collection of money, e.g. real estate, collection matters, collaborative law agreements in family matters, etc.” The schemes typically take the following steps: The FBI outlines some recommendations to help organizations avoid falling for these scams.

Phishing Attacks Are Abusing Legitimate Services to Avoid Detection

Microsoft warns that threat actors are abusing legitimate file-hosting services to launch phishing attacks. These attacks are more likely to bypass security filters and appear more convincing to employees who frequently use these services. “Legitimate hosting services, such as SharePoint, OneDrive, and Dropbox, are widely used by organizations for storing, sharing, and collaborating on files,” Microsoft says.

DORA Compliance: Key Insights for Financial Institutions on New EU Regulations

As the January 2025 deadline approaches, financial institutions across the European Union prepare to increase their financial data security by meeting regulatory compliance standards with the Digital Operational Resilience Act (DORA). But what exactly is DORA, and why does it matter for your organisation? Let’s take a closer look.

Converge 2024 Labs - Revolutionizing Patch Operations with ServiceNow & Tanium - Tech Talks #108-3

Revolutionizing Patch Operations with ServiceNow and Tanium Many IT Operations teams spend countless hours submitting change requests for their patching activities. Imagine a world where IT Ops staff can save time by opening changes for their patch activities in ServiceNow and have them be scheduled automatically after they are approved. The future is now! In this hands-on lab, participants will have access to their own Tanium and ServiceNow environments to perform an automated monthly patching cycle orchestrated by ServiceNow.

How to Safely Integrate LLMs Into Enterprise Applications and Achieve ISO 42001 Compliance

Enterprise applications, whether on-premise or in the cloud, access LLMs via APIs hosted in public clouds. These applications might be used for content generation, summarization, data analysis, or a plethora of other tasks. Riscosity’s data flow posture management platform protects sensitive data that would otherwise be accessible to LLM integrations.