Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2024

Multiple Cross-Site Scripting (XSS) Vulnerabilities in REDCap (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396)

Trustwave SpiderLabs uncovered multiple stored cross-site scripting (XSS) vulnerabilities (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396) in REDCap (Research Electronic Data Capture), a widely used web application for building and managing online surveys and databases in research environments. These vulnerabilities, if exploited, could allow attackers to execute malicious JavaScript code in victims' browsers, potentially compromising sensitive data.

Tines Idea: Simplify Security Alerts with AI in Tines

From transforming data with a prompt and generated code, to directly accessing and using a language model in your workflows, our AI features make automation even more accessible and efficient for anyone in your organization. Learn how you can take multi-source security alert workflows from 25 actions to 3, reducing the potential for error and making it simpler to make updates like adding sources, change rule definitions, and more.

Data Modernization: The Evolution of Data Sharing

Primitive information sharing has greatly evolved, creating a kaleidoscope of various ways we communicate and share information, both publicly and privately. This change in data ecosystems affects you – data owners responsible for how data is distributed, protected, and accessed hold sensitive data in the palms of their hands. As we continue to evolve, data protection should be in the center of any business strategy, and relying on Snowflake or AWS security plans is not enough. Discover how modernizing your data processes and investing in your data protection changes the way you do business.

CVE-2024-41110: Once Again, Docker Addresses API Vulnerability That Can Bypass Auth Plugins

A significant vulnerability (CVE-2024-41110) was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 (critical).

Operationalize EPSS Scoring to Build Mature and Proactive Vulnerability Management

Cybersecurity teams across all disciplines, including vulnerability management, are challenged to move faster than ever before. Whether it’s responding to a security incident, finding a new vulnerability, or stopping an attack, speed is at a premium.

Is Ransomware Malware?

Over the past few years, ransomware attack rates and ransom amounts have climbed so significantly that the cyber attack has broken out of the IT and security community to capture headlines around the world. In early May 2021, a suspected Russian hacking group took Colonial Pipeline — which provides 45% of the East Coast’s supply of gasoline, diesel fuel, and jet fuel — offline for more than three days in an attack that made ransomware a household word.

DORA and NIS2: How to Ensure Compliance and Enhance Cyber Resilience

In this episode of CISO Conversations: EU Data Regulations, Richard Cassidy, EMEA Field CISO at Rubrik is joined by Jack Poller to discuss the key differences between DORA and NIS2, how they can help enhance resilience against cyber threat, and what steps organizations need to take to ensure compliance.

The Hidden Dangers: A Guide to Mobile Security Threats

Mobile technology has changed how government employees work, and hackers have noticed. Mobile-specific threats are on the rise, with hackers often using mobile devices as a backdoor into the agency’s enterprise network. This video, based on a recent mobile threat report by Lookout, highlights four types of mobile threats that agencies need to be aware of, and offers tips for reducing risk.