Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new zero-day vulnerability, CVE-2024-38856, has been discovered in the Apache OFBiz open-source enterprise resource planning (ERP) platform, presenting a critical threat to businesses worldwide. This pre-authentication remote code execution (RCE) flaw allows unauthenticated attackers to exploit weaknesses in OFBiz’s request handling, leading to unauthorized access and potentially damaging control over affected systems.

With 1Password Extended Access Management, customers can now require users to secure unencrypted SSH keys on their devices by importing them into 1Password before they can access sensitive company data.

In the rapidly evolving landscape of cybersecurity, the need for a robust and intelligent assistant capable of analyzing, summarizing, and reacting to events is paramount. This is why we designed Sysdig SageTM, our large language model (LLM)-based cloud security analyst, to be an expert in cloud detection and response (CDR). Sysdig Sage excels at summarizing complex events and providing clear explanations, which is crucial for identifying and promptly reacting to potential threats.

Illuminate 5.1.0 is now available, bringing substantial improvements to our compliance capabilities. This update represents a significant step forward, with NIST 800-53 as the cornerstone of our compliance framework. Let’s explore the key features and improvements implemented to support your organization’s security and compliance needs. Important Note: To run Illuminate 5.1.0, your environment must run Graylog 6.0 or higher.

The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks and advice on how to respond, prevent, and recover from cybersecurity incidents.

An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world's most prolific Russian-speaking cybercriminal gangs. The UK's National Crime Agency (NCA) says it has been investigating a cybercriminal using the online handle "J P Morgan" since 2015, alongside parallel investigations run by the United States FBI and Secret Service.

One of the main goals of this research was to explore C/C++ vulnerabilities in the context of NodeJS npm packages. The focus will be on exploring and identifying classic vulnerabilities like Buffer Overflow, Denial of Service (process crash, unchecked types), and Memory Leakages in the context of NodeJS C/C++ addons and modeling relevant sources, sinks, and sanitizers using Snyk Code (see Snyk brings developer-first AppSec approach to C/C++).

As your organization considers how to shift security left and facilitate shared responsibility for fixing issues, it can be tricky to know where to start. Which tooling will work best with your existing processes? What are the best ways to spread the word about the importance of application security? And once you’ve chosen tools, how do you actually get developers to use them?

In 2024, the Australian government introduced PSPF Direction 001-2024 in recognition of the potential threats posed by Foreign Ownership, Control, or Influence (FOCI) on technology assets and GovTech (government technology operations). As part of the Protective Security Policy Framework (PSPF), PSPF 001-2024 is a crucial step in evaluating and mitigating cyber risks associated with foreign interference in the procurement and maintenance of technology assets.

As you’re browsing the internet on your phone, you encounter a pop-up message saying, “Your iPhone has been hacked!” The message claims your device has been infected with malware. Is this message even real? No, pop-ups claiming that your iPhone has been hacked are not real. These kinds of pop-ups are scams that cybercriminals create intending to scare you into clicking them. After you click on these pop-ups, malware can start downloading on your device.