Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

sumologic

Responding to CVE-2024-3094 - Supply chain compromise of XZ Utils

Apr 1, 2024 By Anton Ovrutsky In Sumo Logic
It seems as though responders cannot catch a break when it comes to 0-day vulnerabilities and supply chain compromise avenues. On March 29th, 2024, the Cybersecurity & Infrastructure Security Agency published an alert regarding a supply chain compromise of the XZ Utils package. At time of writing, there is no information regarding exploitation of the vulnerability and follow-on post-compromise activity.
Read Post
centripetal

XZ Utils Vulnerability: CVE-2024-3094

Apr 1, 2024 By Lauren Farrell In Centripetal
On March 28th, Red Hat released an advisory for CVE-2024-3094 which is a critical vulnerability identified in XZ Utils – a widely used data compression software included in many Linux distributions. This vulnerability stems from a backdoor inserted in versions 5.6.0 and 5.6.1 of XZ Utils and has been given a CVSS score of 10 out of 10, indicating its severity as critical.
Read Post

Enhancing Security Visibility for a Leading Asset Management Firm

Apr 1, 2024 By Kroll In Kroll
In the fast-paced world of asset management, security visibility and quick response to incidents are paramount, but building these capabilities in-house can be a challenge. Discover how our Kroll Responder MDR service helped a leading asset management firm identify and respond to security incidents faster and more effectively. Through an outcome-driven approach, Kroll offered the expertise and network and endpoint detection technologies to manage threats around-the-clock.
View Video
upguard

What is the Health Records and Information Privacy Act 2002 (HRIPA)?

Apr 1, 2024 By Kyle Chin In UpGuard
The Health Records and Information Privacy Act 2002 (HRIPA) is a comprehensive legislation established to protect the privacy and security of health information in New South Wales (NSW), Australia. This legislative framework shares many similarities with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in the United States in their goals to ensure data privacy, security, and handling of health information in the healthcare sector.
Read Post

The 443 Podcast - Episode 284 - A Bad Month for Software Supply Chains

Apr 1, 2024 By WatchGuard In WatchGuard
This week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook's Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
View Video
kondukto

Securing CI/CD Runners through eBPF

Apr 1, 2024 By Cenk Kalpakoğlu In Kondukto
During the Open Security Summit 2024, Yahoo! Principal Security Engineer Mert Coskuner and Kondukto CEO & Co-Founder Cenk Kalpakoglu delved into the intriguing topic of securing CI Runners through eBPF agents. Although the title might seem unconventional, it reflects their creative approach to solving security challenges in continuous integration environments. With the rapid digital transformation of businesses, there has been an increasing focus on supply chain attacks and their impact on security.
Read Post
Trustwave

Trustwave Embarks on an Extended Partnership with Microsoft Copilot for Security

Apr 1, 2024 By Trustwave In Trustwave
Trustwave today announced it will offer clients expert guidance on implementing and fully leveraging the just-released Microsoft Copilot for Security, a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes.
Read Post
WatchGuard

(Re)Discover the Hidden Value of Single Sign-On

Apr 1, 2024 By The Editor In WatchGuard
Modern zero trust is an information security model that denies users and devices access to applications, data, networks, and workloads by default. One of the optimal ways to help reduce credential-based attacks with applications is to leverage single sign-on (SSO) as part of your access management strategy. SSO combines simplicity with security by removing friction for users to access applications and reducing the administrative overhead and risks for IT associated with password management.
Read Post
jit

Enhance MongoDB Security for Atlas With Scalable Tenant Isolation

Apr 1, 2024 By Ariel Beck In Jit
As a company building a SaaS security product, our inherent culture is not only focused on building best of breed security products for our users, but also ensuring that our systems, practices and workflows are engineered to support a continuously evolving threat landscape, and to protect our users’ data. We’ve written about our design for tenant isolation for our serverless based architecture in the past, and practical methods to avoid data leakage between clients.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.