Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On October 11 a new version of curl (8.4.0) was released, where a couple of new vulnerabilities were fixed (CVE-2023-38545 with severity HIGH and CVE-2023-38546 with severity LOW). These issues were previously announced in the project’s discussion. At the time of this blog, there have been several proof of concepts released for CVE-2023-38545 which result in crashes, but not exploitation.

Staying ahead of potential threats and breaches is a constant battle. One innovative solution is the use of “canaries” to detect attempted intrusions. Canary assets are one clever way to detect intruders in your network.

The cloud has introduced entirely new environments, roles and circumstances that require us to reimagine the definition of privileged access management (PAM) and how to apply those principles to secure identities. PAM was built on the notion that identities must be secured, not just managed, to protect an organization’s most valuable assets. The well-recognized values of PAM remain highly desirable – least privilege, role-based access control and auditability of high-risk sessions.

As we are in the midst of Cybersecurity Awareness Month, and in the lead-up to our own Secure Connected Future Summit which we are hosting in November, I feel that a lot of the focus when it comes to cybersecurity still tends to be on prevention tactics. However, I would argue that it is not just about having the right defensive cybersecurity tools in place, but it is also about understanding how the organisation will recover from an incident – how quickly and at what cost to the business.

Read also: Spanish police cuff 3 in a phishing gang bust, $3M in Bitcoin stolen by Palestinian scammers recovered, and more.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. I wish they hadn’t suggested that using more machines might have brought the Internet down properly…

Researchers successfully extracted valid hard-coded secrets from Copilot and CodeWhisperer, shedding light on a novel security risk associated with the proliferation of secrets.

Effectively detecting, investigating and responding to security threats is not easy. SIEM can help — a lot. SIEM is cybersecurity technology that provides a single, streamlined view of your data, insight into security activities, and operational capabilities so you can stay ahead of cyber threats.

A practical guide to phishing and best practices to avoid falling victim.

Threat actors launched 156,000 business email compromise (BEC) attempts per day between April 2022 and April 2023, according to Microsoft’s latest Digital Defense Report. While most of these attempts go unanswered, criminals can receive massive payouts when they succeed.