Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Arctic Wolf

CVE-2024-28986 & CVE-2024-28987: Follow-Up: New SolarWinds HotFix Addresses Critical Vulnerabilities in Web Help Desk

Aug 22, 2024 By Andres Ramos In Arctic Wolf
On August 21, 2024, SolarWinds released a second hotfix for SolarWinds Web Help Desk (WHD) version 12.8.3. This hotfix addresses a newly disclosed hardcoded credential vulnerability (CVE-2024-28987) that allows a remote, unauthenticated attacker to access internal functionality and modify data. Additionally, the hotfix resolves the Java deserialization remote code execution (RCE) vulnerability (CVE-2024-28986) disclosed the previous week and fixes functionality issues introduced by the first hotfix.
Read Post
code intelligence

Understanding Out-of-Bounds Memory Access Vulnerabilities and Detecting Them with Fuzz Testing

Aug 22, 2024 By Khaled Yakdan In Code Intelligence
Out-of-bounds memory access, also known as buffer overflow, occurs when a program tries to read from or write to a memory location outside the bounds of the memory buffer that has been allocated for it. This type of vulnerability is particularly dangerous because it can lead to various issues, including crashes, data corruption, sensitive data leaks, and even the execution of malicious code.
Read Post
jumpsec

Red Teaming vs Penetration Testing: Understanding the Differences

Aug 22, 2024 By shiba In JUMPSEC
In today’s rapidly evolving cybersecurity landscape, organisations must stay ahead of emerging threats and vulnerabilities to remain competitive. Two critical approaches to bolster security are Red Teaming and Penetration Testing. While these terms are often used interchangeably, they serve different purposes and employ distinct methodologies. Understanding the differences between Red Teaming and Penetration Testing is essential for implementing an effective cybersecurity strategy.
Read Post

Keeping Financial Services Organizations Secure in an AI World

Aug 22, 2024 By Splunk In Splunk
When we talk about financial services and technology, security and regulatory compliance are always top of mind. And now, Generative AI has entered the chat - one of the most talked-about technologies of recent years. And Financial Services institutions have only begun to scratch the surface of what generative AI can do. The problem is, so have cyber threat actors. In this session from Splunk, and IDC, you’ll hear key insights into how financial services companies are improving their security posture in an AI World, and how those practices can benefit your organizations.
View Video
Rubrik

Secure Databases at the Point of Data: Rubrik Support for Oracle Databases on Windows Is Now Available

Aug 22, 2024 By Justin Ruiz In Rubrik
In today's data-driven world, protecting critical business information is paramount. We're excited to announce that Rubrik support for Oracle Databases on Windows is now available. This added support enables customers to bring Rubrik Security Cloud to even more of their mission-critical Oracle environments, providing a comprehensive, efficient, and reliable data protection solution for enterprises of all sizes.
Read Post
elastic

Addressing security practitioner burnout: A vital step for security leaders

Aug 22, 2024 By Joe DeFever, In Elastic
The “Three Pillars” (people, process, and technology) management framework requires a delicate balance in order to achieve successful operations outcomes. Despite the technology pillar dominating the conversation as of late, cybersecurity practitioners are the backbone of your organization's defense against cyber threats.
Read Post
Spectral

What is Mandatory Access Control (MAC) and 7 Ways To Understand When You Need It

Aug 22, 2024 By Eyal Katz In Spectral
Every day, headlines scream about data breaches and cyberattacks. Could your organization be next? If you’re not using Mandatory Access Control (MAC), you’re leaving your sensitive information vulnerable to unauthorized access. The fear is real – 52% of data breaches expose customer information, wreaking havoc on reputations and bottom lines. But what if you could drastically reduce this risk?
Read Post
splunk

Common Ransomware Attack Types

Aug 22, 2024 By Guest In Splunk
When it comes to cybersecurity, ransomware is probably one of the first threats you think of. It seems like it’s everywhere — and it is. Ransomware is one of the most notorious cyber threats affecting individuals, businesses, and organizations globally. The frequency and impact of these attacks have surged in recent years, making it crucial to understand their nature and how to protect against them.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.