On September 24, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing three critical command injection vulnerabilities affecting Aruba Networking Access Points. These vulnerabilities, identified as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, could allow remote unauthenticated attackers to execute code with privileged access.

One of the more common forms of fileless malware that’s making the rounds across organizations cloud environments, is something called PyLoose. In rotation since 2014, this specific strain of malware targets the cloud workloads and enters environments through an open-source Python code execution application.

By James Rees, MD, Razorthorn Security In the rapidly evolving world of cybersecurity, artificial intelligence (AI) and large language models (LLMs), have become buzzwords that seem to promise revolutionary solutions. However, as with any emerging technology, it’s crucial to separate hype from reality.

A cyber incident response retainer can help businesses to better manage both the financial and security risks posed by constantly evolving threats. This article outlines the benefits of the retainer model and also covers what organisations should look for in a potential provider.

UpGuard is excited to announce the latest addition to our Vendor Risk Questionnaire Library: the DORA (Digital Operational Resilience Act) questionnaire! The addition of DORA to the Questionnaire Library reflects UpGuard’s ongoing commitment to providing our customers with the necessary tools to navigate today’s evolving regulatory standards.

In many standard enterprise applications, consistent logging serves a multitude of purposes. It helps businesses identify and rectify errors, provides valuable analytical insights, and lets you test new solutions. However, this also makes log injections one of the most common ways hackers can hijack or even gain access to sensitive user information.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS) recently issued a joint advisory on the RansomHub ransomware. RansomHub is a ransomware-as-a-service variant, previously known as Cyclops and Knight. Since February 2024, it has encrypted and exfiltrated data from over 210 victims spanning multiple industries.

Securing database access has become a critical concern for organizations globally. Your organization’s data is its most valuable asset, encompassing everything about your business, partners, customers and employees. A data breach could jeopardize your entire operation.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! How much?! Wow…

What you need to know about cyber resiliency and protecting your organization from threats and other business disruptions by ensuring continuity.