Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Phishing attacks, which involve fraudulent attempts to trick individuals into divulging sensitive personal information, remain a significant threat. Despite advances in cybersecurity, hackers continue to adapt and evolve their tactics to exploit vulnerabilities.

On October 25, 2023 VMware published a security advisory regarding a critical out-of-bounds write vulnerability (CVE-2023-34048) that has been fixed in the latest updates by VMware. The vulnerability has received a critical severity rating by VMware as it could potentially allow a remote, unauthenticated threat actor to achieve remote code execution if successfully exploited.

“What’s New in Sysdig” is back with the October 2023 edition! My name is Zain Ghani, based in Austin, Texas, joined by my colleague, Matt Baran, based in Los Angeles, California, to share our latest updates with you. The last few weeks have been really exciting at Sysdig.

Picture yourself immersed in your favorite mystery novel, eagerly flipping through the pages as the suspense thickens. You’re enthralled, engrossed in the story of a hotel burglar with an uncanny ability to sneak into guest rooms without leaving telltale signs of break-ins or lock-picking. As you read on, you’re captivated – and stumped – by how this elusive bad actor can deftly close the doors behind them, leaving no clues.

Server configuration hardening is a basic requirement for compliance with Payment Card Industry Data Security Standard (PCI DSS) v4.0 that was updated in April 2022 from PCI DSS Version 3.2.1. Server hardening is a fundamental process that ensures the security of servers in the network by reducing the servers attack surface through implementation of secure configurations.

Zeek® is the world’s most widely used network security monitoring platform and is the foundation for Corelight network evidence. In this blog I share how to write a Zeek package in TypeScript with a new capability called ZeekJS that was released as part of Zeek 6.0.

Headquartered in Orange City, Iowa, Revival Animal Health delivers business solutions for pet-oriented care and service providers; they offer pet healthcare products and animal supplies to pet professionals and individual pet owners. One way they provide services is via the e-commerce host CommerceV3. Revival Animal Health recently announced that CommerceV3 suffered a vulnerability, exposing 66,574 customer records.

Cloud platforms offer unparalleled scalability, flexibility, and cost-efficiency. However, the convenience and advantages of the cloud are accompanied by significant security challenges. Hackers are constantly trying to exploit weak cloud configuration settings, which is why it’s important to have visibility into the security of your organization’s cloud infrastructure.

A post-data breach questionnaire is essential for evaluating the impact of a third-party breach on your organization. This due diligence also ensures complaints with expanding data breach protection standards sweeping across government regulations. This post outlines a template to inspire the design of your security questionnaire for vendors that have suffered a data breach or similar security incident. Learn how UpGuard streamlines Vendor Risk Management >

In a significant move to empower organizations in bolstering their security infrastructure, UTMstack has announced the commercialization of its Correlation Engine and Software Development Kit (SDK) under a commercial license. This strategic initiative paves the way for organizations aiming to develop their own Security Information and Event Management (SIEM) or Extended Detection and Response (XDR) solutions by leveraging the state-of-the-art features embedded in the UTMstack’s platform.