Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

tripwire

Updates and Evolution of the NIST Cybersecurity Framework: What's New?

Aug 14, 2024 By Josh Breaker-Rolfe In Tripwire
The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks and advice on how to respond, prevent, and recover from cybersecurity incidents.
Read Post
nucleus

We Made It! Nucleus Placed 267 on Inc. 5000 Fastest Growing Companies

Aug 14, 2024 By Steve Carter In Nucleus
This week, Nucleus can add another accolade to a growing list, being listed as number 267 on Inc. Magazine’s list of the 5000 fastest-growing companies in America. We are proud of the growth we’ve achieved as a company and the potential for the future at Nucleus. Looking more closely at the results, we are the fourth fastest-growing security company on the list. As many people know, the cybersecurity and technology market has been tumultuous recently.
Read Post

Detecting Out-of-Bounds Memory Access, Which Caused The Crowdstike's Incident

Aug 14, 2024 By Code Intelligence In Code Intelligence
The Crowdstrike incident is a recent example of out-of-bounds memory access in C/C++ causing a crash. CrowdStrike reported that problematic content in Channel File 291 triggered an out-of-bounds memory read, leading to a Windows operating system crash (BSOD). Another critical example with the exact root cause is the Heartbleed vulnerability, which affected the OpenSSL library. Remarkably, fuzz testing could identify this issue in less than 10 seconds. Watch the video to see fuzz testing in action.
View Video
graylog

Enhanced Compliance Monitoring with NIST 800-53 Integration

Aug 14, 2024 By Ethan C. Keaton In Graylog
Illuminate 5.1.0 is now available, bringing substantial improvements to our compliance capabilities. This update represents a significant step forward, with NIST 800-53 as the cornerstone of our compliance framework. Let’s explore the key features and improvements implemented to support your organization’s security and compliance needs. Important Note: To run Illuminate 5.1.0, your environment must run Graylog 6.0 or higher.
Read Post
sysdig

How we created the first conversational AI cloud security analyst

Aug 14, 2024 By Flavio Mutti In Sysdig
In the rapidly evolving landscape of cybersecurity, the need for a robust and intelligent assistant capable of analyzing, summarizing, and reacting to events is paramount. This is why we designed Sysdig SageTM, our large language model (LLM)-based cloud security analyst, to be an expert in cloud detection and response (CDR). Sysdig Sage excels at summarizing complex events and providing clear explanations, which is crucial for identifying and promptly reacting to potential threats.
Read Post
WatchGuard

WatchGuard Wins in the CRN 2024 Annual Report Card (ARC) Awards

Aug 14, 2024 By The Editor In WatchGuard
We’re pleased to announce that WatchGuard Technologies won two award categories in CRN’s 2024 Annual Report Card (ARC) program, from CRN, a brand of The Channel Company! These awards honor technology vendors who are committed to growing the IT channel through technology innovation and partner relationships.
Read Post

Get Visibility Into the Cloud: Craig and Mike Secure the World, One Cloud at a Time

Aug 14, 2024 By Forward Networks In Forward Networks
Mike Lossmann and Craig Johnson discuss enhancing cloud visibility for an upcoming audit, demonstrating how to ensure security in cloud environments. Highlights Craig explains the importance of knowing the cloud’s security posture. Forward Enterprise shows full multi-cloud visibility between cloud zones. Analysis reveals potential security gaps. Querying the entire cloud model identifies misconfigurations. Historical data allows for forensic analysis post-breach. Users can prepare for audits without last-minute scrambling.
View Video
indusface

CVE-2024-38856 -Apache OFBiz Pre-Auth RCE Vulnerability

Aug 14, 2024 By Pavan Bushan Reddy In Indusface
A new zero-day vulnerability, CVE-2024-38856, has been discovered in the Apache OFBiz open-source enterprise resource planning (ERP) platform, presenting a critical threat to businesses worldwide. This pre-authentication remote code execution (RCE) flaw allows unauthenticated attackers to exploit weaknesses in OFBiz’s request handling, leading to unauthorized access and potentially damaging control over affected systems.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.