Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On April 19, 2023, PaperCut confirmed print management servers vulnerable to a critical remote code execution vulnerability (CVE-2023-27350: CVSS 9.8) are being actively exploited by threat actors. CVE-2023-27350 could allow unauthenticated threat actors to bypass authentication and execute arbitrary code in the context of SYSTEM on a PaperCut Application Server. Zero Day Initiative responsibly disclosed the vulnerability to PaperCut on January 10, 2023; PaperCut released a patch on March 8, 2023.

For media agencies and publishers, working with large files such as audio, images, and video is the norm. Individual files can reach several hundred gigabytes in size, each of which are components that will be imported into editing and design applications like Premiere Pro and InDesign to create final campaign assets.

When a major security event like SolarWinds or Log4j happens, how do you assess the impact across your third-party supply chain? Most organizations struggle to effectively react to zero day attacks and other critical vulnerabilities at scale, often following manual and cumbersome workflows. But our latest capability is here to change that.

A recent study found that financially material cyber attacks are increasing in frequency and that the top 5% of such attacks lead to an average $52M in losses. As these types of cyber attacks become more frequent and more severe, it has become increasingly critical for risk managers outside of enterprise security functions —such as compliance and credit officers—to consider cybersecurity risk in their assessment of customers, suppliers and investments.

Today we are announcing updates to the Bitsight ratings algorithm. Bitsight is committed to creating the most meaningful, trustworthy, and actionable security ratings and analytics in the marketplace. As part of this commitment, we periodically make updates to our ratings algorithm based on new data observations and capabilities, internal and external research, and market feedback. For this year’s update, we have made several adjustments, including modifying the weights of several risk vectors.

Dave Krasik, Director of Product Management at ThreatQuotient, recently had a chance to speak with Ed Amoroso, CEO and founder of TAG Cyber, a leading cybersecurity advisory group, about the state of cybersecurity automation. They covered a lot of ground, and you can listen to the full interview here. Following are a few of the highlights.

Firewalls are a key component in cybersecurity to protect corporate networks from external threats. However, these barriers must be accompanied by solutions that complement each other and build a layered security posture to help prevent vulnerabilities from exposing networks to malicious activity, at all and any cost.

I’m excited to announce the launch of Styra Declarative Authorization Service (DAS) and Open Policy Agent (OPA) as a Red Hat Ansible Certified Content Collection. Teams can now automate infrastructure deployments with the right guardrails in place to enable security-enhanced operations and align with regulatory compliance.

We’ve noticed that many of our customers are currently undergoing a significant transformation in their application architecture, transitioning from legacy vertical applications to distributed microservices running on Kubernetes. This shift brings along a range of benefits, such as improved scalability, resilience, and agility. However, it also creates a larger attack surface that needs to be managed effectively.

Read also: Bitrue crypto platform hacked for $23 million, Ryuk crypto broker sentenced to no jail time, and more.