Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2024

Arctic Wolf

CDK Global Cyber Incident Affects Automotive Dealers Across the US

Jun 24, 2024 By Stefan Hostetler In Arctic Wolf
On June 19, 2024, CDK Global notified customers that a cyber incident had led to a shutdown of its systems, significantly impacting car dealerships across the United States. CDK Global serves nearly 15,000 dealership locations, and the incident caused substantial disruption, forcing car dealerships to halt operations and revert to manual processes. Dealerships were initially notified about the incident around 2AM Eastern time on June 19, 2024, with an update at 8AM confirming the incident.
Read Post
Arctic Wolf

CVE-2024-37079 & CVE-2024-37080: Critical Heap-overflow Remote Code Execution Vulnerabilities in VMware vCenter Server and Cloud Foundation

Jun 24, 2024 By Andres Ramos In Arctic Wolf
On June 17, 2024, VMware disclosed two critical vulnerabilities (CVE-2024-37079 & CVE-2024-37080) affecting vCenter Server and Cloud Foundation. These vulnerabilities stem from a heap-overflow issue in the implementation of the DCERPC protocol which can be exploited by remote threat actors. By sending specially crafted network packets, threat actors could exploit CVE-2024-37079 and CVE-2024-37080 to achieve Remote Code Execution (RCE) on both vCenter Server and Cloud Foundation systems.
Read Post
lookout

What's New With Lookout: Simplifying SSE

Jun 24, 2024 By Charity Spiri In Lookout
Organizations continue to endure the challenges that come along with the rapid migration to the cloud, like securing and managing data that is now spread across multiple networks, clouds, and apps. Outdated technologies have led to disjointed, hard-to-manage solutions that struggle to keep up with evolving security threats. But fear not! Lookout is here to help.
Read Post

The 443 Podcast - Episode 295 - Snowflake Breach Campaign

Jun 24, 2024 By WatchGuard In WatchGuard
This week on the podcast we doscuss two issues from this month's Microsoft patch tuesday that deserve your attention. After that we discuss the recent data theft campain targeting Snowflake customers that has impacted over 100 organizations. We end the episode with an update on the hackers behind the MGM and Caesar's Entertainment breaches last year. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
View Video
tripwire

7 Challenges in Scaling SOC Operations and How to Overcome Them

Jun 24, 2024 By Josh Breaker-Rolfe In Tripwire
In the past four years, cyberattacks have more than doubled. Cybercriminals are leveraging emerging technologies like artificial intelligence (AI) to facilitate more sophisticated attacks. Geopolitical tumult has increased cyber risk. Couple these factors with a near-ubiquitous desire for businesses to expand their operations, and it’s easy to understand the need for scaling Security Operations Center (SOC) operations.
Read Post
tripwire

Gaining Network Transparency with Asset Discovery and Compliance for IT/OT

Jun 24, 2024 By Faisal Parkar In Tripwire
I recently came across the "Johari Window Model" and thought this would be a good way to gain inspiration to explain the conundrum faced by many cybersecurity customers. The table below shows us the breakdown of the stages that are applicable not just to IT and OT environments but also to other facets of our daily lives. This model can be applied to asset discovery and Fortra's Security Configuration Management (SCM) system.
Read Post
tripwire

IoT Security Regulations: A Compliance Checklist - Part 1

Jun 24, 2024 By Gilad David Maayan In Tripwire
The Internet of Things (IoT) refers to the global network of physical devices connected to the internet, capable of collecting and sharing data. IoT devices range from everyday household items to sophisticated industrial tools. By integrating sensors and communication hardware, IoT bridges the gap between the physical and digital worlds, enabling environments where smart devices operate interconnectedly and autonomously.
Read Post
ionix

Understanding Vulnerability Prioritization, Management & Remediation

Jun 24, 2024 By Fara Hain In IONIX
What are your most important corporate assets? Like most companies, you probably have mission-critical assets and those that play a smaller role in your revenue and continuity. You are also likely to be using Vulnerability Management or Assessment tools to lock down where those assets can potentially be compromised. Vulnerability Prioritization combines asset importance and potential for risk.
Read Post
foresiet

Comprehensive Digital Risk Defense: Dark Web Monitoring | Cyber Threat Intelligence | Digital Risk Protection

Jun 24, 2024 By Foresiet In Foresiet
Many people mistakenly believe that the dark web is an obscure corner of the internet that doesn't affect them, but the reality is far more concerning. Dark web monitoring is crucial for identifying potential threats that can jeopardize personal and organizational security. From stolen data and illegal goods to sophisticated cyber threats like ransomware and phishing attacks, the dark web is a breeding ground for malicious activities.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.