Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

CVE-2024-28988: Critical Java Deserialization RCE Vulnerability Impacts SolarWinds Web Help Desk

On October 15, 2024, SolarWinds released a hotfix for CVE-2024-28988, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an IT service management software widely used across various industries for tracking and managing support tickets. This vulnerability arises from a Java deserialization flaw, which could enable a remote unauthenticated attacker to execute arbitrary code on vulnerable hosts.

FBI Warns Scammers Are Targeting Law Firms For Phony Debt Collections

The U.S. FBI warns that scammers are attempting to trick law firms into transferring money as part of a phony debt collection scheme. The scam “may focus on any type of representation where a lawyer is hired to assist in the transfer or collection of money, e.g. real estate, collection matters, collaborative law agreements in family matters, etc.” The schemes typically take the following steps: The FBI outlines some recommendations to help organizations avoid falling for these scams.

Phishing Attacks Are Abusing Legitimate Services to Avoid Detection

Microsoft warns that threat actors are abusing legitimate file-hosting services to launch phishing attacks. These attacks are more likely to bypass security filters and appear more convincing to employees who frequently use these services. “Legitimate hosting services, such as SharePoint, OneDrive, and Dropbox, are widely used by organizations for storing, sharing, and collaborating on files,” Microsoft says.

DORA Compliance: Key Insights for Financial Institutions on New EU Regulations

As the January 2025 deadline approaches, financial institutions across the European Union prepare to increase their financial data security by meeting regulatory compliance standards with the Digital Operational Resilience Act (DORA). But what exactly is DORA, and why does it matter for your organisation? Let’s take a closer look.

How to Safely Integrate LLMs Into Enterprise Applications and Achieve ISO 42001 Compliance

Enterprise applications, whether on-premise or in the cloud, access LLMs via APIs hosted in public clouds. These applications might be used for content generation, summarization, data analysis, or a plethora of other tasks. Riscosity’s data flow posture management platform protects sensitive data that would otherwise be accessible to LLM integrations.

8 Compliance Challenges Enterprises Face in 2024

Compliance is a critical concern for businesses today, but navigating the rules can be overwhelming. With regulations constantly evolving, many organizations struggle to keep up. I had the opportunity to participate in a recent virtual panel with Ashish Tandon, Founder & CEO of Indusface. Over the years, I have consulted with multiple large enterprises across geographies and industries. Below are the top challenges that they face as far as compliance is concerned.