Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On July 10, 2024, GitLab issued an advisory regarding a critical vulnerability (CVE-2024-6385) in GitLab CE/EE that had been reported to them through a bug bounty program. This vulnerability allows a threat actor to trigger a GitLab pipeline as another user under certain circumstances. A GitLab pipeline is a collection of automated processes that run in stages to build, test, and deploy code.

Blockchain technology is making a significant impact in the payments sector. Some of the largest names in the industry are utilizing blockchain, including the likes of: As top-tier organizations like these continue to launch blockchain initiatives, it’s become clear that blockchain can facilitate the movement of value in the same way SWIFT, SEPA, and FedNow can, and can even be more efficient than traditional rails at times.

Sygnum, a global digital asset banking group founded in Switzerland, is launching Sygnum Connect – their new, 24/7 instant settlement network for fiat, digital assets, and stablecoin transactions. Aimed at institutional investors, liquidity providers, stablecoin issuers, brokers, exchanges, and more, Sygnum Connect launches with connectivity to 200+ Sygnum institutional clients. Sygnum has tapped Fireblocks to provide the fiat settlement infrastructure for Connect.

As more reports of massive data breaches surface, implementing a robust data protection strategy is not an option but a must. Sensitive data must be secure whether it’s in use, in transit, or at rest. No matter where the data is stored or viewed, it must be protected to accomplish National Institute of Standards and Technology requirements and many other regulations. Protecting data, your most sensitive assets is critical.

A new Cross-Site Request Forgery (CSRF) vulnerability has been discovered in PowerAdmin. This vulnerability poses a significant risk, potentially compromising user data and disrupting the designated functionality across roles.

Top tips is a weekly column where we highlight what’s trending in the tech world today and list out ways to explore these trends. This week, we’re showing you how to spot a fraud call and avoid getting scammed. Microsoft, AT&T, the FBI, and the IRS—what do these four entities have in common? Most likely, you or someone you know has received a call from somebody impersonating these entities.

New data illuminates how healthcare leaders can prioritize resilience. Organizations find themselves at the intersection of progress and peril in the rapidly evolving digital healthcare landscape. The latest data underscores that the trade-offs are significant and pose substantial risks to healthcare institutions. One of the foremost obstacles is the disconnect between senior executives and cybersecurity priorities.

Employee fraud is not just a rare occurrence, but a prevalent issue in the American workplace. Shockingly, three out of four employees have confessed to stealing from their workplace at least once for personal gain. The types of fraud are diverse, ranging from petty theft to complex schemes involving benefits, accounts receivable fraud, or intellectual property. The risk of employee fraud affects both small and large businesses.

The business world continues to move to a knowledge-worker-based economy. Companies derive less and less value from widgets and more from the processes, ideas, and innovations they create — their intellectual property (IP). But IP needs to be protected. IP theft is the appropriation of unique ideas, inventions, or theft of trade secrets, usually by malicious insiders.