Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Snyk

Vulnerabilities in NodeJS C/C++ add-on extensions

Aug 14, 2024 By Sam Sanoop In Snyk
One of the main goals of this research was to explore C/C++ vulnerabilities in the context of NodeJS npm packages. The focus will be on exploring and identifying classic vulnerabilities like Buffer Overflow, Denial of Service (process crash, unchecked types), and Memory Leakages in the context of NodeJS C/C++ addons and modeling relevant sources, sinks, and sanitizers using Snyk Code (see Snyk brings developer-first AppSec approach to C/C++).
Read Post
tripwire

Ransomware Kingpin Who Called Himself "J P Morgan" Extradited to the United States

Aug 14, 2024 By Graham Cluley In Tripwire
An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world's most prolific Russian-speaking cybercriminal gangs. The UK's National Crime Agency (NCA) says it has been investigating a cybercriminal using the online handle "J P Morgan" since 2015, alongside parallel investigations run by the United States FBI and Secret Service.
Read Post
tripwire

Updates and Evolution of the NIST Cybersecurity Framework: What's New?

Aug 14, 2024 By Josh Breaker-Rolfe In Tripwire
The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks and advice on how to respond, prevent, and recover from cybersecurity incidents.
Read Post
nucleus

We Made It! Nucleus Placed 267 on Inc. 5000 Fastest Growing Companies

Aug 14, 2024 By Steve Carter In Nucleus
This week, Nucleus can add another accolade to a growing list, being listed as number 267 on Inc. Magazine’s list of the 5000 fastest-growing companies in America. We are proud of the growth we’ve achieved as a company and the potential for the future at Nucleus. Looking more closely at the results, we are the fourth fastest-growing security company on the list. As many people know, the cybersecurity and technology market has been tumultuous recently.
Read Post

Detecting Out-of-Bounds Memory Access, Which Caused The Crowdstike's Incident

Aug 14, 2024 By Code Intelligence In Code Intelligence
The Crowdstrike incident is a recent example of out-of-bounds memory access in C/C++ causing a crash. CrowdStrike reported that problematic content in Channel File 291 triggered an out-of-bounds memory read, leading to a Windows operating system crash (BSOD). Another critical example with the exact root cause is the Heartbleed vulnerability, which affected the OpenSSL library. Remarkably, fuzz testing could identify this issue in less than 10 seconds. Watch the video to see fuzz testing in action.
View Video
graylog

Enhanced Compliance Monitoring with NIST 800-53 Integration

Aug 14, 2024 By Ethan C. Keaton In Graylog
Illuminate 5.1.0 is now available, bringing substantial improvements to our compliance capabilities. This update represents a significant step forward, with NIST 800-53 as the cornerstone of our compliance framework. Let’s explore the key features and improvements implemented to support your organization’s security and compliance needs. Important Note: To run Illuminate 5.1.0, your environment must run Graylog 6.0 or higher.
Read Post
sysdig

How we created the first conversational AI cloud security analyst

Aug 14, 2024 By Flavio Mutti In Sysdig
In the rapidly evolving landscape of cybersecurity, the need for a robust and intelligent assistant capable of analyzing, summarizing, and reacting to events is paramount. This is why we designed Sysdig SageTM, our large language model (LLM)-based cloud security analyst, to be an expert in cloud detection and response (CDR). Sysdig Sage excels at summarizing complex events and providing clear explanations, which is crucial for identifying and promptly reacting to potential threats.
Read Post
WatchGuard

WatchGuard Wins in the CRN 2024 Annual Report Card (ARC) Awards

Aug 14, 2024 By The Editor In WatchGuard
We’re pleased to announce that WatchGuard Technologies won two award categories in CRN’s 2024 Annual Report Card (ARC) program, from CRN, a brand of The Channel Company! These awards honor technology vendors who are committed to growing the IT channel through technology innovation and partner relationships.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.