Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Powering the future of GRC: New capabilities bring continuous visibility and automation to GRC teams

Security is a top buying requirement for businesses today. In fact, two-thirds of respondents to our State of Trust survey say that customers, investors, and suppliers are increasingly looking for proof of security and compliance. As concerns around in-house security practices, third-party tools, and access to customer data grow, customer expectations for trust continue to rise. ‍

Cryptominers in the Cloud

Over the past decade, Bitcoin’s value has increased more than 200-fold. Similarly, other cryptocurrencies have also seen significant growth, prompting many individuals to engage in mining for profit. This rise in cryptocurrency mining has led to a substantial increase in the use of cryptominers. As organizations increasingly migrate their computing workloads to the cloud for various benefits, attackers have shifted their focus to these cloud resources for cryptocurrency mining.

Dynamic Application Security Testing (DAST): An Overview

Dynamic Application Security Testing (DAST) is an advanced testing method that tests the production environment and analyzes application security at runtime. This type of black box testing identifies real-world vulnerabilities externally without much need for insights into the product provenance of any single component. By simulating real-world attacks in your system, DAST identifies critical security gaps that other vulnerability assessments and static methods might miss.

New 1Password SIEM integrations with Rapid7, Blumira, and Stellar Cyber

Spend less time collating security reports and investigating security issues by creating integrated, customizable dashboards with data from 1Password. The new Rapid7, Blumira, and Stellar Cyber integrations for 1Password allow you to monitor potential risks around company data or credentials stored within 1Password.

CVE-2024-20439 & CVE-2024-20440: Critical Cisco Smart Licensing Utility Vulnerabilities

On September 4, 2024, Cisco released fixes for two critical vulnerabilities in Cisco Smart Licensing Utility (CSLU), a tool used to manage licenses across Cisco products in a network. Cisco has stated that these vulnerabilities are only exploitable if the Smart Licensing Utility is actively running and has been started by a user. Note: These vulnerabilities do not impact Cisco’s Smart Software Manager On-Prem or Satellite.

CVE-2024-7261: Critical OS Command Injection Vulnerability in Zyxel APs and Security Routers

On September 3, 2024, Zyxel released patches for a critical OS command injection vulnerability, identified as CVE-2024-7261, affecting Access Points (APs) and security routers. This vulnerability stems from improper handling of special elements in the “host” parameter within the CGI program of certain AP and router versions, potentially allowing an unauthenticated attacker to execute OS commands by sending a specially crafted cookie to the vulnerable device.

Key considerations for digital asset startups: Custody and beyond

Blockchain technology continues to grow in prominence, and as it expands, a wide range of businesses are looking to develop digital asset products. At the same time, many startups are launching with digital assets at the center of their businesses. If you are running a digital asset business or building a blockchain product, it’s important to consider what type of custody management solution will best support your business.