CVE-2024-3094 is a critical backdoor vulnerability found in the XZ Utils open-source library. The vulnerability was caused by a malicious code injected into the library by one of the maintainers. The vulnerability allows remote attackers to execute any desired code on systems with exposed SSH packages.

Exposure management tooling can act as an excellent source of truth for cybersecurity leaders as they communicate risk up to the board level. The visibility and data streaming from exposure management solutions makes it easier for CISOs to track security performance over time, quantify improvements in security maturity levels, establish better financial quantification of cyber risk and ensure the organization's exposure levels match up with industry averages.

Time theft happens when employees dishonestly use their paid work hours for personal activities or tasks unrelated to work. Time fraud significantly impacts an organization’s productivity, business strategy, finances, and employee morale. To keep a high-performing work environment, companies must combat time theft.

EO 14028 is bringing a lot of new security documentation requirements with it. Here's how SCA can help with creating that documentation.

In an age where manufacturers have decided that just about every device needs to be “smart,” it’s becoming difficult to avoid the data collection and privacy invasion that are often baked into these devices. We have come to expect that smart phones and speakers with built-in digital assistants are always listening, and data collection practices between companies can vary significantly.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including those based on original research conducted by SafeBreach Labs. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

SaaS applications have fundamentally transformed business operations by enabling on-demand user access to services and data via the internet from anywhere. Yet, despite countless benefits, SaaS in the enterprise is fraught with cybersecurity challenges.

In the ever-evolving landscape of cloud security, staying ahead of threats is paramount. Success requires well-orchestrated cybersecurity solutions that work together from prevention to defense. Today we launched our latest initiative, the Runtime Insights Partner Ecosystem, which brings together leading solutions that strengthen cloud security through integration and collaboration.

Application security is vital for ensuring the resilience of organizations, as it encompasses measures and practices that safeguard applications against potential threats and vulnerabilities. It plays a critical role in safeguarding sensitive data, preventing unauthorized access, and maintaining the integrity and availability of applications.

Read also: Notorious Finnish hacker receives a 6-year prison sentence for Vastaamo breach, and more.