DEF CON 32: What We Learned About Secrets Security at AppSec Village
At DEF CON 32's AppSec Village, we explored secrets security challenges, answered common questions, and shared how to detect and handle hidden credentials effectively.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
%term
CVE-2024-28986 & CVE-2024-28987: Follow-Up: New SolarWinds HotFix Addresses Critical Vulnerabilities in Web Help Desk
On August 21, 2024, SolarWinds released a second hotfix for SolarWinds Web Help Desk (WHD) version 12.8.3. This hotfix addresses a newly disclosed hardcoded credential vulnerability (CVE-2024-28987) that allows a remote, unauthenticated attacker to access internal functionality and modify data. Additionally, the hotfix resolves the Java deserialization remote code execution (RCE) vulnerability (CVE-2024-28986) disclosed the previous week and fixes functionality issues introduced by the first hotfix.
Understanding Out-of-Bounds Memory Access Vulnerabilities and Detecting Them with Fuzz Testing
Out-of-bounds memory access, also known as buffer overflow, occurs when a program tries to read from or write to a memory location outside the bounds of the memory buffer that has been allocated for it. This type of vulnerability is particularly dangerous because it can lead to various issues, including crashes, data corruption, sensitive data leaks, and even the execution of malicious code.
Red Teaming vs Penetration Testing: Understanding the Differences
In today’s rapidly evolving cybersecurity landscape, organisations must stay ahead of emerging threats and vulnerabilities to remain competitive. Two critical approaches to bolster security are Red Teaming and Penetration Testing. While these terms are often used interchangeably, they serve different purposes and employ distinct methodologies. Understanding the differences between Red Teaming and Penetration Testing is essential for implementing an effective cybersecurity strategy.
The key challenges of intrusion detection and how to overcome them
However, to achieve the full potential of this approach, they must first overcome a variety of challenges. Read on to discover what intrusion detection is and how it has evolved, plus the four key challenges associated with it and how to address them.
Keeping Financial Services Organizations Secure in an AI World
When we talk about financial services and technology, security and regulatory compliance are always top of mind. And now, Generative AI has entered the chat - one of the most talked-about technologies of recent years. And Financial Services institutions have only begun to scratch the surface of what generative AI can do. The problem is, so have cyber threat actors. In this session from Splunk, and IDC, you’ll hear key insights into how financial services companies are improving their security posture in an AI World, and how those practices can benefit your organizations.
Splunk Asset and Risk Intelligence
Gain continuous asset discovery and compliance monitoring to accelerate investigations and minimize risk exposure.
Secure Databases at the Point of Data: Rubrik Support for Oracle Databases on Windows Is Now Available
In today's data-driven world, protecting critical business information is paramount. We're excited to announce that Rubrik support for Oracle Databases on Windows is now available. This added support enables customers to bring Rubrik Security Cloud to even more of their mission-critical Oracle environments, providing a comprehensive, efficient, and reliable data protection solution for enterprises of all sizes.
Addressing security practitioner burnout: A vital step for security leaders
The “Three Pillars” (people, process, and technology) management framework requires a delicate balance in order to achieve successful operations outcomes. Despite the technology pillar dominating the conversation as of late, cybersecurity practitioners are the backbone of your organization's defense against cyber threats.
What is Mandatory Access Control (MAC) and 7 Ways To Understand When You Need It
Every day, headlines scream about data breaches and cyberattacks. Could your organization be next? If you’re not using Mandatory Access Control (MAC), you’re leaving your sensitive information vulnerable to unauthorized access. The fear is real – 52% of data breaches expose customer information, wreaking havoc on reputations and bottom lines. But what if you could drastically reduce this risk?