Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability (CVE-2024-6387). Dubbed by its celebrity name regreSSHion, it is a Remote Code Execution vulnerability in some versions of OpenSSH discovered by the Qualys Threat Research Unit on July 1, 2024. Specifically, versions of OpenSSH compiled against the glibc library, which is to say “probably most of them”, were impacted.

In the realm of secure software development, managing security debt is crucial. The following data highlights a concerning trend in the accumulation of critical security debt, particularly in the popular programming languages of Java, JavaScript, and.NET. Let’s dive into this new research and explore options for managing the prioritization dilemma we’re seeing.

Trustwave SpiderLabs uncovered multiple stored cross-site scripting (XSS) vulnerabilities (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396) in REDCap (Research Electronic Data Capture), a widely used web application for building and managing online surveys and databases in research environments. These vulnerabilities, if exploited, could allow attackers to execute malicious JavaScript code in victims' browsers, potentially compromising sensitive data.

In today's world, electronic mails (e-mails) serve as a medium of both official and personal correspondence. With sensitive information being shared online, it's essential to secure your emails. Pretty Good Privacy (PGP), a robust encryption program, offers a reliable solution for securing the contents of your emails. Developed by Phil Zimmermann in 1991, PGP utilizes public-key cryptography to ensure both confidentiality and authenticity in email exchanges.

The first rule of sharing your passwords online club is, you must not share your passwords online. Unfortunately, this is not always possible, as teams and departments need ways to access different platforms, websites, or accounts to run smoothly. If you or your team find yourselves in a situation where sharing passwords online can’t be avoided, there are security measures you can take to prevent your password from falling into the wrong hands.

In this episode of Trust Issues, we dig into the recent the global IT outage caused by a CrowdStrike software update, which impacted millions of Microsoft Windows endpoints and disrupted many sectors. This “black swan” event highlights, among other things, the importance of preparedness, adaptability and robust crisis management.

A significant vulnerability (CVE-2024-41110) was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 (critical).

Effective data governance has become a cornerstone of success in today's rapidly evolving life sciences landscape. From ensuring regulatory compliance to enabling secure collaboration, a robust data governance strategy is essential. ‍

Real-time feedback on risky behavior stops sensitive data exfiltration and educates employees on security best practices, based on research from Cyberhaven Labs analyzing data on warning and blocking policy implementations.

Cybersecurity teams across all disciplines, including vulnerability management, are challenged to move faster than ever before. Whether it’s responding to a security incident, finding a new vulnerability, or stopping an attack, speed is at a premium.