We are thrilled to announce that we have completed the acquisition of Venafi, a recognized leader in machine identity management. This strategic move aligns with our commitment to not just protecting human identities but expanding our capabilities for securing the rapidly growing world of machine identities.

The latest draft of the National Institute of Standards and Technology (NIST) password guidelines aims to simplify password management by eliminating outdated practices and providing clearer guidance on best practices.

The rise of cloud-based software applications has changed the way many companies operate. Leveraging SaaS platforms allows organizations to streamline their workflows and better accommodate remote and hybrid workforces. However, spreading your data throughout the cloud can leave it vulnerable — unless you have strong SaaS security practices in place.

CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine. The National Institute of Standards and Technology (NIST) has not yet evaluated this vulnerability’s CVSS score but HashiCorp assigned it a base score of 7.5 (high). An outside security researcher, Jörn Heissler, discovered an issue with the valid_principals field in Vault’s SSH secrets engine.

We are thrilled to announce that, thanks to your support and trust, Veracode has been recognized as a Customers' Choice in the 2024 Gartner Peer Insights Voice of the Customer for Application Security Testing for the fifth consecutive year! We believe this distinction is not just a testament to our solutions and services but, more importantly, a reflection of the strong partnerships we have formed with each of you.

Elastic Security Labs discovers that threat actors are taking advantage of readily available abused security tools and misconfigured environments. Elastic Security Labs has released the 2024 Elastic Global Threat Report, surfacing the most pressing threats, trends, and recommendations to help keep organizations safe for the upcoming year. Threat actors are finding success from the use of offensive security tools (OSTs), a misconfiguration of cloud environments, and a growing emphasis on Credential Access.

We are thrilled to introduce two exciting new features to SecurePortal: Live Vulnerabilities and Chat. With Live Vulnerabilities, you can now access real-time vulnerability information as consultants identify them, significantly reducing the risk window. This enhancement enables your IT teams to begin triaging vulnerabilities within minutes, rather than waiting for the full assessment to be published. You can mark vulnerabilities as resolved as soon as they are fixed, even during an ongoing engagement.

APIs are crucial in our digital world, but they also introduce new vulnerabilities. Attackers often exploit these vulnerabilities by concealing malicious payloads within encrypted traffic, rendering them undetectable to traditional security tools. As we observe Cybersecurity Awareness Month, it's important to emphasize the significance of advanced solutions that can detect hidden threats.

Starting on Oct. 15, 2024, Microsoft Entra ID, Microsoft Intune, and other Microsoft Azure applications will require users to sign in with Microsoft Entra MFA. With increasing threats of account takeovers and large-scale phishing attacks targeting Entra ID users, this looks to be a step in the right direction.

On September 26, 2024, security researcher Simone Margaritellidisclosed the details of four OpenPrinting Common UNIX Printing System (CUPS) vulnerabilities, that, when chained together, can allow malicious actors to launch remote code execution (RCE) attacks on vulnerable systems. CUPS is a widely used, open-source printing system that supports Linux and other Unix-like operating systems. It also supports ChromeOS and macOS.