Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

The CUPS Vulnerability - The 443 Podcast - Episode 308

This week on, Corey Nachreiner and Marc Laliberte cover the "9.9/10 severity vulnerability affecting most Linux systems" that a researcher disclosed last week and what it means for Linux systems administrators. They also discuss a research post into Kia's remote control systems and then end with a new act that was just introduced into the US Senate to secure the healthcare industry.

Strengthening Email Security: DOJ Disrupts Russian Spear-Phishing Campaign

The need for an iron-clad email security solution is once again making headlines. On October 3,the US Department of Justice (DoJ) reported that, working with Trustwave partner Microsoft, it had disrupted a Russian government-based scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials.

Unlocking SOC as a Service with Elastic Security for public sector

In today’s increasingly complex and evolving threat landscape, Security Operations Centers (SOCs) have become the nerve center for protecting critical national and local government assets. Building and maintaining an in-house SOC is often beyond the reach of many government agencies due to budget constraints, the need for skilled personnel, and the rapid growth of cyber threats.

Ruby affected by CVE-2024-45409

CVE-2024-45409 is a critical vulnerability in the Ruby-SAML (affecting versions up to 12.2 and from 1.13.0 to 1.16.0) and OmniAuth SAML libraries. It hence effectively poses a security risk for unpatched versions of GitLab (read more on the GitLab blog). This vulnerability arises from improper verification of the SAML Response signature. An attacker with access to any signed SAML document can forge a SAML Response or Assertion with arbitrary contents.