Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Attention: a new Kubernetes vulnerability was uncovered by André Storfjord Kristiansen (@dev-bio on GitHub) and it demands immediate attention from security professionals and DevOps teams. CVE-2024-7646, affecting the popular ingress-nginx controller, allows malicious actors to bypass annotation validation and potentially gain unauthorized access to sensitive cluster resources. This vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High).

A review of AI-generated malware, and how a SOC might deal with the ever-increasing threat… Theofanis Dimakis, SOC Officer, and Nikolaos Tsompanidis, Threat Detection & Response Expert at Obrela, speaking during the recent CRESTCon Europe event, shared insights from their perspective into detecting malware, including the rising tide of AI variants.

Being a bad guy on the Internet is a really good business. In more than 90% of cybersecurity incidents, phishing is the root cause of the attack, and during this third week of August phishing attacks were reported against the U.S. elections, in the geopolitical conflict between the U.S., Israel, and Iran, and to cause $60M in corporate losses.

On August 13, 2024, SolarWinds released a hotfix for CVE-2024-28986, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an IT service management software widely used across various industries for tracking and managing support tickets. This vulnerability arises from a Java deserialization flaw, which could enable a remote attacker to execute arbitrary code on vulnerable hosts.

In the dynamic world of cyber threats, the X-FILES stealer has emerged as a particularly dangerous and sophisticated piece of malware. First discovered in March 2021, this malware gained significant attention after a second variant surfaced later that year. Known for its efficiency in targeting vulnerable systems globally, X-FILES has become a top priority for cybersecurity professionals.

Educators create many passwords for accounts in both their personal and professional lives. Password management is crucial for educators, not only to keep track of their professional passwords but also to separate those from their personal passwords. Teachers need a reliable place to store passwords for many online accounts, applications and programs, no matter which grades or subjects they teach. Read more to learn why password management is essential for teachers.

When you consider national and global cybersecurity, a handful of names stand out. Two of the largest are NIST and ISO/IEC. Both of these organizations have issued plenty of rulings and frameworks for securing digital systems, and in a sense, they can be viewed as competitors. So, what’s the difference, where is the overlap, and which option is right for your business?

High stakes, long hours, and a rapidly evolving threat landscape present unique barriers to happiness for security and IT teams. It’s not surprising that 63% of security practitioners report some level of burnout, and 58% of IT professionals feel overwhelmed by the amount of tasks they have to do in a day. Organizations simply can’t afford to ignore these statistics.

HIPAA stands for Health Insurance Portability and Accountability Act. HIPAA is a U.S. law that was enacted in 1996 to protect sensitive patient health information from being disclosed without the patient's consent or knowledge and is enforced by the Department of Health and Human Services (HHS). The purpose of HIPAA is to protect the privacy of patients’ medical information and secure the handling of health information in the age of electronic health records.