Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

securitysenses

Online Tutoring - A Key Tool for Building Your Future in IT Asset Management

Apr 25, 2024 By SecuritySenses In SecuritySenses
In the swiftly evolving realm of information technology, IT Asset Management (ITAM) stands out as a critical discipline, ensuring that an organization's assets are accounted for, deployed, maintained, upgraded, and disposed of responsibly. As businesses increasingly rely on technology, the demand for skilled IT asset managers skyrockets. However, acquiring the specialized skills necessary for ITAM can be challenging through traditional education paths. This is where online tutoring bridges the gap, offering targeted, flexible, and comprehensive learning opportunities not readily available elsewhere.
Read Post
bluevoyant

Identify, Respond, & Protect - Defending yourself from the newly disclosed Palo Alto PAN-OS CVE

Apr 25, 2024 By Joel Molinoff In BlueVoyant
On April 12th, Palo Alto disclosed a vulnerability with a maximum severity rating for the PAN-OS Global Protect Gateway. There was clear evidence that the vulnerability was being actively exploited as early as March 26th. When exploited, this vulnerability enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Palo Alto expected patches to be released for tested mitigations to block known attacks on April 14th.
Read Post
tigera

Enhancing Kubernetes network security with microsegmentation: A strategic approach

Apr 25, 2024 By Dhiraj Sehgal In Tigera
Microsegmentation represents a transformative approach to enhancing network security within Kubernetes environments. This technique divides networks into smaller, isolated segments, allowing for granular control over traffic flow and significantly bolstering security posture. At its core, microsegmentation leverages Kubernetes network policies to isolate workloads, applications, namespaces, and entire clusters, tailoring security measures to specific organizational needs and compliance requirements.
Read Post
coralogix

Palo Alto Global Protect Command Injection Vulnerability

Apr 25, 2024 By Hetram Yadav and Aseem Rastogi In Coralogix
On April 12, 2024, Palo Alto disclosed a critical vulnerability identified as CVE-2024-3400 in its PAN OS operating system, which carries the highest severity rating of 10.0 on the CVSS scale. This vulnerability, present in certain versions of Palo Alto Networks’ PAN-OS within the GlobalProtect feature, allows unauthenticated attackers to execute any code with root privileges on the firewall through command injection.
Read Post
mend

Quick Guide to the OWASP OSS Risk Top 10

Apr 25, 2024 By AJ Starita In Mend
CVEs, or known and cataloged software vulnerabilities, dominate the discussion about open source software (OSS) risk. In 2016, 6,457 CVEs were reported. That number has grown every year since, reaching 28,961 CVEs reported in 2023—an increase of nearly 4.5 times in just seven years. 2024 is already on track to beat 2023, and we will likely see even faster growth once AI is earnestly set to the task of finding vulnerabilities (not to mention creating them).
Read Post
salt security

Salt Security Addresses Critical OAuth Vulnerabilities Enhancing API Security with OAuth Protection Package

Apr 25, 2024 By Eric Schwake In Salt Security
OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.