Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Trustwave

What We Know So Far About Zero-Day CUPS Vulnerabilities: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177

Sep 30, 2024 By Trustwave In Trustwave
On September 26, 2024, security researcher Simone Margaritellidisclosed the details of four OpenPrinting Common UNIX Printing System (CUPS) vulnerabilities, that, when chained together, can allow malicious actors to launch remote code execution (RCE) attacks on vulnerable systems. CUPS is a widely used, open-source printing system that supports Linux and other Unix-like operating systems. It also supports ChromeOS and macOS.
Read Post

The CUPS Vulnerability- The 443 Podcast - Episode 308

Sep 30, 2024 By WatchGuard In WatchGuard
This week on the podcast, we cover the "9.9/10 severity vulnerability affecting most Linux systems" that a researcher disclosed last week and what it means for Linux systems administrators. We then discuss a research post into Kia's remote control systems that allowed one researcher to compromise any Kia in the last decade by just knowing their license plate number. We end with a new act that was just introduced into the US Senate with a goal to secure the healthcare industry.
View Video
splunk

Automatic Deprovisioning of users for Okta IdP

Sep 30, 2024 By Rishita Rai In Splunk
Splunk has implemented SCIM (System for Cross-domain Identity Management), a standardized protocol designed for efficient and secure management of user identities across various systems. With the release of this feature, Splunk customers can automatically deprovision users within Splunk when a user(s) are removed from the customer’s Okta Identity Provider (IdP) with following benefits for the customers.
Read Post
SecurityScorecard

How the U.S. Department of Justice Can Improve Its Approach to Combat Ransomware Attacks

Sep 30, 2024 By SecurityScorecard In SecurityScorecard
Earlier this month, the U.S. Department of Justice’s Office of the Inspector General released a report on how the Department could improve its approach to combat ransomware attacks. The report included an audit and evaluated the Department’s strategy to respond and counter ransomware attacks during a two-and-a-half-year period from April 2021 through September 2023.
Read Post
SecurityScorecard

The Road Taken: Pathways to Better Compliance

Sep 30, 2024 By SecurityScorecard In SecurityScorecard
Ralph Waldo Emerson, the renowned American writer, lecturer and philosopher, is often credited with the phrase “It’s not the destination, it’s the journey.” Legal, Compliance, Risk and Security professionals would be wise to consider Emerson’s wise words and philosophy. The path to optimal compliance outcomes and practices is long and full of twists and turns – with new and increasingly complex rules, regulations and legal regimes.
Read Post
Trustwave

Trustwave Adds a Twist to Cybersecurity Awareness Month: More Security!

Sep 30, 2024 By Trustwave In Trustwave
October 1 marks the start of Cybersecurity Awareness Month and traditionally Trustwave has discussed the general security concepts highlighted by the Cybersecurity and Infrastructure Security Agency (CISA), and National Cybersecurity Alliance (NCSA). However, this year Trustwave will take a slightly different approach. In the same vein that one can never have too much cowbell, Trustwave believes there is no such thing as too many security tips.
Read Post
veracode

Breaking Down the OWASP Top 10 API Security Risks 2023 (& What Changed From 2019)

Sep 30, 2024 By Dustin Silveri In Veracode
The OWASP Top Ten lists have been the cornerstone for application security best practices for over two decades. The 2019 list was the first edition of the OWASP API Security Top 10. The latest, OWASP API Security Top 10 2023, gives our security and engineering teams a glimpse of attack vectors that are becoming more common. With that in mind, it also helps our security teams to ensure that they have adequate coverage for security testing.
Read Post
11:11 systems

Why the disaster recovery strategy my company has always used may not be enough.

Sep 30, 2024 By Brandon Leiker In 11:11 Systems
Is my organization’s disaster recovery strategy ready for today’s uncertain cyber landscape? Your company has determined the recovery point objectives (RPOs) and recovery time objectives (RTOs) for all systems. You have also implemented solutions to achieve these goals. Your organization routinely performs successful Disaster Recovery (DR) tests meeting your established expectations and objectives.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.