When it comes to implementing security controls throughout an organization, there are a lot of cases where the work may be doubled, tripled, quadrupled or more by having to “reinvent the wheel” multiple times. It’s a common problem, but fortunately, it also has a common solution: common controls. What does all of this mean? Let’s dig in.

By Vadim Freger, Dolev Moshe Attiya On December 7th, 2023, the Apache Struts project disclosed a critical vulnerability (CVSS score 9.8) in its Struts 2 open-source web framework. The vulnerability resides in the flawed file upload logic and allows attackers to manipulate upload parameters, resulting in arbitrary file upload and code execution under certain conditions. There is no known workaround, and the only solution is to upgrade to the latest versions, the affected versions being.

In today’s complicated, highly interdependent business environment, assuring business security is not just a regulatory requirement. It’s also a vital component of a successful business strategy. Automation becomes crucial in such a world, offering innovative solutions that streamline operations, mitigate risks, enhance overall safety, and provide peace of mind.

It’s well known by now that cyber attacks and successful breaches have exploded in recent years. Accenture’s latest report on the state of cybersecurity notes that companies experience an average of 270 attacks per year. And Gartner warns that nearly half of organizations worldwide will experience an attack on their digital supply chains.

Fireblocks’ second annual user conference, SPARK ‘23, saw nearly 600 attendees representing over 300 companies in the digital asset and crypto space. Kicking off the conference was the welcome reception, which featured a spectacular drone show. The display set the tone for what SPARK is about – innovation and community. The conference empowers customers to maximize the full potential of the Fireblocks platform while forging new alliances with fellow leaders.

Microsoft implements enhanced connection and encryption and removes outdated SMB1 firewall rules to improve Windows 11 security. Microsoft’s most recent Windows 11 Insider Preview Build includes a significant change to handling firewall rules, especially the outdated SMB1 protocol. By mimicking the actions of the Windows Server “File Server” role, the new method seeks to give customers a better level of network security.

Supply chain management has become a top priority for businesses due to the increasing use of digital technologies and geopolitical uncertainties, making global supply chains more vulnerable than ever to disruptions. This reality highlights two critical aspects of supply chain management: Supply Chain Risk Management (SCRM) and Supply Chain Security Management (SCSM).

Public sector organizations are responsible for maintaining trust and storing sensitive data. Unfortunately, they have become a popular target for cyber threats, ranging from data breaches to advanced nation-state attacks. To address this evolving cyber risk landscape, it is essential to take a proactive approach to cybersecurity. This will help safeguard critical infrastructure and protect the privacy of citizen data.

In the fast-paced environment of cloud-native apps, security and seamless connections are a priority. Many DevOps and SecOps professionals use Kubernetes native features to handle their container security, keeping a tight grip on access and secrets to improve security posture. The integration between AWS AssumeRole and JFrog Access in Amazon Elastic Kubernetes Services (EKS), enhances enterprise security by automating secrets management.

Apache has released an advisory for a critical vulnerability discovered in Struts versions 2.0.0-2.3.37(EOL), 6.0.0-6.3.0.1 and 2.0.0-2.5.32. This vulnerability is being tracked as CVE-2023-50164 with a CVSS score of 9.8 (Critical) and is reportedly being actively exploited. Impacted versions are affected by a file upload and directory traversal vulnerability that can lead to remote code execution.