Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

CVE-2024-8190 - OS Command Injection in Ivanti CSA

A high severity OS command injection vulnerability, CVE-2024-8190, has been found in Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 and earlier. This flaw allows attackers with admin access to remotely execute malicious commands, potentially taking full control of the system. Ivanti has already released updates, but this command injection vulnerability is actively exploited in the wild, making immediate action critical.

The Truth About Why Server-Side Bot Management Beats Client-Side

As a security professional considering a robust bot defense strategy, it’s important to understand the ever-evolving nature of bot threats and the critical need for a scalable, robust solution. Traditionally, businesses rely on agent-based bot management solutions, also known as client-side or front-end detection, by deploying small pieces of software (agents) on customer devices to detect malicious activity. However, these approaches carry significant risks.

Nightfall Named A Leader in Data Loss Prevention by G2

Data security leaders, take note: Nightfall has emerged as a frontrunner in G2's Fall 2024 reports, securing top positions in Data Loss Prevention Software, Data Security Software and Sensitive Data Discovery Software categories. This achievement reflects our unwavering commitment to excellence, as well as your trust in our AI-powered solutions. We extend our deepest gratitude to our valued customers and supporters, as your feedback helps us to drive innovation.

McAfee Discovers New Phishing Campaign Targeting GitHub Users

A phishing campaign is targeting GitHub users with phony CAPTCHA pages, according to researchers at McAfee. The phishing emails ask users to address a security vulnerability in a GitHub repository that they recently contributed to, and contain a link to find more information about the alleged vulnerability. This link leads to a fake CAPTCHA page that attempts to trick them into installing malware.

The Relation Between Breaches and Stock Price Drops

When discussing the consequences of a data breach for organizations, we usually consider three types of damage: financial, legal, and, somewhat more tenuously, reputational. But what about stock prices? One would assume that stock price—an indicator of a business’s overall health and investor confidence—would plummet after a breach, but is this really the case?

Better Together: The Benefits of Combining MXDR and TPRM

Security operations teams face escalating demands to promptly detect and respond to third-party cyber threats, largely due to the increasing number of data breaches occurring within an organization’s supply chain. An effective program to manage this type of cyber risk is essential for safeguarding sensitive data and maintaining business continuity.

Stay Focused on Relevant Threat Intel Through Scoring and Expiration

John Lennon popularized the phrase, “Life is what happens when you’re making other plans.” And that’s an apt characterization for how we think about threat intelligence. We tend to focus on it to block or alert-on an attack. Meanwhile life is what’s happening to our threat intel while we’re making these plans. When we don’t pay attention to the threat intelligence lifecycle, we can run into trouble.

How Security Debt Compounds Vulnerability Risk

Organizations often find themselves caught in a perpetual cycle of identifying, prioritizing, and mitigating vulnerabilities that pose the most risk. Amid this ongoing battle, a significant challenge is often overlooked: security debt. Much like technical debt, security debt refers to the accumulation of unresolved vulnerabilities within an organization’s systems and software.