Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

detectify

How our new engine framework helped address a critical vulnerability within the day

Nov 18, 2024 By Dan Eidmark & André Schaffer In Detectify
When a critical vulnerability in the printing system CUPS started raising alarms among security teams, Detectify had already entered war-room mode to address the situation. Within the day, customers could test whether they were vulnerable thanks to the rollout of a new scanning engine framework that reinvents how Detectify operates under the hood, allowing for a faster and more efficient response to security threats.
Read Post
memcyco

The Dark Side of Loyalty: Combating $1 Billion Frequent Flyer Mile Scams in the Airline Industry

Nov 18, 2024 By Julian Agudelo In Memcyco
Frequent flyer programs have long been a symbol of loyalty and reward in the airline industry. These programs are intended to reward travelers with benefits and encourage ongoing customer relationships. However, a growing and pervasive threat is lurking beneath the allure of free miles and exclusive perks: Frequent Flyer Miles fraud. At the last credible count in 2018, there were over 30 trillion unspent miles in circulation, according to McKinsey.
Read Post
kroll

CARBANAK (aka ANUNAK) Distributed via IDATLOADER (aka HIJACKLOADER)

Nov 18, 2024 By Kroll In Kroll
IDATLOADER (aka HIJACKLOADER, GHOSTPULSE) has become prevalent in 2024, using advanced and new techniques such as BPL Sideloading, which Kroll reported on in June. Kroll observes IDATLOADER distributing malware such as ASYNCRAT, PURESTEALER, REMCOS, STEALC and what some might describe as a recent epidemic in LUMMASTEALER infections.
Read Post
Arctic Wolf

Follow-Up: Critical Authentication Bypass Vulnerability in Palo Alto Networks Firewalls Actively Exploited (CVE-2024-0012)

Nov 18, 2024 By Andres Ramos In Arctic Wolf
On November 18, 2024, Palo Alto Networks (PAN) released updated information on an actively exploited vulnerability impacting PAN-OS, the operating system that powers PAN firewalls. Originally disclosed last week as a remote command execution vulnerability, this flaw has now been reclassified as an authentication bypass flaw and assigned CVE-2024-0012.
Read Post
Arctic Wolf

The Role of Pretexting in Cyber Attacks

Nov 18, 2024 By Arctic Wolf In Arctic Wolf
A threat actor sends an email to a user at an organization claiming to be from the IT department. They need a password to a critical application, and the email is convincing – it mentions aspects of the application that would only be known to the user, it brings up a recent update email that was sent out company wide, and it even closes with a friendly, “Hope to see at next week’s happy hour!” in the sign-off.
Read Post
veracode

Software Liability Comes to the EU: Navigating New Compliance Challenges

Nov 18, 2024 By Chris Wysopal In Veracode
The European Union has taken a significant step by introducing a directive to update the EU’s civil liability law that extends the definition of "defective products" to include software. These pivotal liability rules hold manufacturers accountable for harm caused by software vulnerabilities, urging them to prioritize cybersecurity and compliance. Here’s how manufactures should think about navigating these new compliance challenges.
Read Post
wallarm

Taming API Sprawl: Best Practices for API Discovery and Management

Nov 18, 2024 By Wallarm In Wallarm
APIs are the backbone of interconnected applications, enabling organizations to innovate, integrate, and scale rapidly. However, as enterprises continue to expand their digital ecosystems, they often encounter a common and complex challenge: API sprawl. Unchecked, API sprawl can lead to increased security risks, inefficient resource utilization, and the frustrating experience of redundant or hard-to-locate services across teams. Postman details the explosive growth in APIs in their State of API report.
Read Post

Why SASE vs SSE misses the point for IT leaders

Nov 18, 2024 By Xalient In Xalient
As high-profile breaches dominate headlines and decimate share prices, demonstrating your ability to protect client data has become the latest IT imperative getting boardroom attention, along with a host of new analyst and vendor-created labels for the ‘perfect’ solution. We want to help those who are short on time and resources cut through the bewildering landscape of buzzwords and gold standards by offering some practical, vendor-agnostic advice on where best to start and how to get the biggest wins in reducing their firms' exposure to risk.
View Video
jfrog

CVE-2024-10524 Wget Zero Day Vulnerability

Nov 18, 2024 By Goni Golan In JFrog
While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks – including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it to the Wget maintainers. A patch was released on November 11 and is included in Wget 1.25.0.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.