Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Emerging Security Issue: Fortinet FortiOS CVE-2024-23113

CVE-2024-23113 is a critical (9.8) Fortinet FortiOS vulnerability allowing remote, unauthenticated attackers to execute arbitrary code or commands using specially crafted requests. The flaw uses an externally-controlled format string vulnerability in the FortiOS fgfmd daemon.

Emerging Security Issue: Multiple CUPS Vulnerabilities

On September 26, 2024, four critical vulnerabilities, CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177, were disclosed in the open-source printing system Common Unix Printing System (CUPS) and its components. Attackers can leverage the remote code execution (RCE) and input validation vulnerabilities as part of an attack chain.

Emerging Security Issue: Multiple Palo Alto Networks Expedition PAN-OS Firewalls Vulnerabilities

On October 9th, 2024, five vulnerabilities were disclosed by Palo Alto Networks: These vulnerabilities affect Palo Alto Networks Expedition, a tool that manages configuration migration from supported vendors to Palo Alto Networks systems.

Complete Third-Party Risk Management Guide for 2025

Third-party risk management (TPRM) is the structured process of identifying, assessing, and mitigating risks posed by external vendors, suppliers, and service providers. These risks can include cyber threats, data breaches, regulatory violations, and financial instability, all of which can severely impact your organization’s security and compliance posture.

A Step-by-Step Guide to Performing a Secure Code Review

We’ve all been there—staring at code, hoping no hidden traps are waiting to cause chaos down the line. That’s where secure code reviews come in. Think of them as your last chance to catch those pesky bugs and vulnerabilities before they wreak havoc. And here’s a little reality check—those cutting-edge LLMs? They suggest insecure code 30% of the time. So, even with AI on our side, we still need to stay sharp.

How to Optimise Your GRC Tools: Improving Value, Efficiency & True Risk Management

In this episode of Razorwire, we're joined by Jack Jones, creator of the FAIR risk model, to explore the complexities of Governance, Risk and Compliance (GRC) tools. We cut through the noise to deliver actionable insights on how to truly manage risk and improve the value and efficiency of your GRC solutions.

Cisco's CI/CD Pipeline Weaknesses:Hard-Coded Credentials & Misconfigurations Revealed

In recent weeks, reports have surfaced regarding a significant breach involving Cisco, exposing sensitive data from various organizations. This blog post delves into the details of the breach, the compromised data, the implicated companies, and the methods used by attackers to gain access to such critical information.

Protect Your Business from Interlock Ransomware: Prevention and Detection Tips

At Foresiet, our mission is to help businesses stay informed about emerging cybersecurity risks. One of the latest and most dangerous threats is Interlock ransomware, a variant that has made waves on the dark web. This ransomware group claims to be more than just extortionists, positioning themselves as enforcers of accountability for companies that fail to adequately protect customer data and intellectual property.

Security Awareness Isn't Enough - It's Time to Adapt

October 1st marks the start of Security Awareness Month. A global campaign launched two decades ago to improve cyber security awareness and equip people with the knowledge and resources they need to be secure online. But what impact has this campaign truly had in the workplace? Yes, it spotlights the issue and boosts high-level awareness of threats like phishing.