The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.

On May 27, 2024, Check Point released hot fixes for an information disclosure vulnerability being leveraged by threat actors to target Check Point VPNs. This vulnerability was labeled as CVE-2024-24919 and is rated as high severity, as a remote threat actor can exploit the vulnerability to access information on Gateways connected to the Internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled.

Real-world malware 100% protection with zero false positives Elastic Security has achieved remarkable results in the recent AV-Comparatives Malware Protection Test, with a protection rate of 100% and no false positives against real-world malware samples. This independent assessment underscores our commitment to providing world-class malware protection, with zero false positives and zero user impact.

Research has revealed that since 2021 there has been a material increase in QR code phishing (or ‘quishing’), as cybercriminals continue to exploit available technology and their widespread familiarity. The once rare payload is nearly fourteen times more common in 2024 than it was three years ago, accounting for only 0.8% of attacks in 2021. This figure jumped to 1.4% in 2022, a staggering 12.4% in 2023, and has plateaued at 10.8% from January to March 2024.

The 2024 Red Hat Summit in Denver was a whirlwind of innovation, collaboration, and networking. The show kicked off with a great turnout for the Community and Red Hat OpenShift Days. The focus here was on Case Studies from and by End Users with production deployments of OpenShift sharing their use cases, insights into their workloads and lessons learned along the way.

On May 9, the North American Electric Reliability Corporation (NERC) officially adopted new Critical Infrastructure Protection (CIP) requirements for Internal Network Security Monitoring (INSM). This is one of the last steps before Federal regulators make it an official standard for utilities and the electrical power grid industry. What does it mean? Compliance for CIP-015-1 is coming to your utility. Utilities will need monitoring tools with deep and wide asset intelligence and network control.

There’s been a lot of excitement around generative AI technology over the past few years, especially in software development. Developers of all levels are turning to AI tools, such as GitHub Copilot, Amazon CodeWhisperer, and OpenAI’s ChatGPT, to support their coding efforts. In fact, GitHub found that 92% of developers use AI coding tools. However, many businesses are realizing that they need to be more cautious when using AI in software development.

The software supply chain is increasingly complex, giving threat actors more opportunities to find ways into your system, either via custom code or third-party code. In this blog we’ll briefly go over five supply chain threats and where to find them. For a deeper look to finding these threats, with more specifics and tool suggestions, check out our threat hunting guide.

Both fraud alerts and credit freezes are free of charge, but there are some differences between the two you should be aware of if you’re deciding on placing one over the other. Both fraud alerts and credit freezes are meant to protect you from identity theft and fraud, however, fraud alerts add an extra layer of verification and only last a year, whereas credit freezes prevent new credit from being opened and don’t expire.

Eleven years ago, the White House issued Executive Order 13636, which tasked the National Institute of Standards and Technology (NIST) with the creation of a cybersecurity framework (CSF) that would help better protect the nation’s critical infrastructure.