Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) and a validation issue vulnerability (CVE-2023-41061) among macOS, iOS, iPadOS, and watchOS products. These vulnerabilities can be exploited with a maliciously crafted attachment or image which leads to arbitrary code execution.

On August 31, 2023, Arctic Wolf sent out a bulletin alerting customers to an ongoing brute force campaign targeting Cisco Adaptive Security Appliance (ASA). Subsequently, on September 6, 2023, Cisco published a security advisory warning of a zero-day vulnerability (CVE-2023-20269) in the remote access VPN feature of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.

With organizations becoming increasingly digitally connected, a lack of visibility into their vendors’ security diligence has made exploiting these relationships a go-to tactic for cybercriminals. Fifty-four percent of publicly reported breaches in the last two years have been due to third parties, vendors, or suppliers, representing one of the greatest cybersecurity risks. Additionally, 98% of organizations have at least one vendor that’s had a breach in the last two years.

Nightfall has been named as a Leader in Data Loss Prevention (DLP), Sensitive Data Discovery, and Data Security in G2’s Fall ‘23 rankings. We’d like to extend a huge thank you to all the customers and supporters who made this possible. This past season, the Nightfall team has been working tirelessly to innovate new ways to keep customers safe in the cloud.

Johnson and Johnson is a large-scale manufacturing company that provides pharmaceuticals and medical products to companies throughout the world. The organization also makes a variety of consumer products. The massive company has over 130,000 employees and generates over $94 Billion in annual revenue. The huge company suffered a recent data breach that exposed some of its employees via its healthcare services.

Cloudflare’s web application firewall (WAF) serves as the central pillar of its advanced application security suite, ensuring the safety and efficiency of applications. Cloudflare’s free plan presents notable benefits for SMEs managing limited traffic and smaller-scale applications.

With expertise in data management, search algorithms, and AI, Google has created a cloud platform that excels in both performance and efficiency. The advanced machine learning, global infrastructure, and comprehensive suite of services available in Google Cloud demonstrates Google’s commitment to innovation. Many companies are leveraging these capabilities to explore new possibilities and achieve remarkable outcomes in the cloud.

There’s a growing array of risks lurking within the supply chain of the digital solutions we increasingly depend upon. Leaving gaps in your software supply chain security (SSCS) could spell disaster for your organization. Let’s explore how new analysis defines an end-to-end solution and why Veracode was ranked as an Overall Leader, Product Leader, Innovation Leader, and Market Leader in the Software Supply Chain Security Leadership Compass 2023 by KuppingerCole Analysts AG.

CrowdStrike is expanding access to its market-leading managed detection and response (MDR) service, CrowdStrike Falcon® Complete. With the announcement of Falcon Complete for Service Providers, CrowdStrike partners can now license and build upon Falcon Complete to provide 24/7 expertise to customers, empowering them to augment their cybersecurity teams and stop breaches.

Last week at the annual Billington CyberSecurity Summit in Washington, DC, officials from government agencies gathered with industry leaders to discuss cyber threats, as well as geopolitics and issues of national security. One of the highlights was a fireside chat on Friday with Anne Neuberger, deputy national security adviser for cyber and emerging technology.