Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This blog is part of the ongoing “I&O Perspectives” series, which features insights from industry experts about the impact of current threats, networking, and other cybersecurity trends.

In a recent Fortune article, Amazon’s chief security officer, Steve Schmidt, suggests 6 questions every company's board should ask its CISOs to understand how robust their cybersecurity preparation is. One of the most challenging questions for CISOs was: “Who has access to what data? Why do they need it, and for how long?” This question is critical because cyberattacks often begin with weak, leaked, or stolen passwords.

On June 7, 2024, a new critical PHP vulnerability CVE-2024-4577 was revealed, mainly impacting XAMPP on Windows. It happens when PHP runs in CGI mode with specific language settings, like Chinese or Japanese. The problem comes from how PHP handles certain characters, allowing attackers to inject code through web requests and take control of servers. This vulnerability, if exploited, could lead to the execution of arbitrary code, a scenario with severe consequences for system integrity and data security.

In a startling cybersecurity development, an anonymous threat actor has posted what they claim to be 270GB of source code stolen from the New York Times on a popular imageboard website. This incident, reported on Friday, suggests the leak contains "basically all source code" from the publisher.

On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating of 9.8 (critical). VBEM is a web-based platform that allows administrators to oversee Veeam Backup and Replication installations through a web interface console.

At AWS re:Inforce 2024, CrowdStrike is announcing expanded AWS support to provide breach protection, enhanced visibility and faster response across your cloud environment. Let’s explore three cutting-edge CrowdStrike Falcon Cloud Security and CrowdStrike Falcon Next-Gen SIEM features that are changing the way organizations manage security risks.

CrowdStrike has been named a Leader in The Forrester Wave: Cybersecurity Incident Response Services, Q2 2024. This recognition demonstrates for us our unwavering commitment to providing the technology and services organizations need to detect and eliminate threats. “A product powerhouse in detection and response tech, CrowdStrike’s unwavering mission and vision are to stop breaches,” the report states.

Modern businesses operate in a data-centric world, where every byte of information holds the potential to drive growth, innovation, and competitive advantage. But as our reliance on data deepens, so does our vulnerability. Cyberthreats are evolving at an alarming pace, natural disasters loom as ever-present risks, and the complexities of modern IT environments—from huge cloud infrastructures to containerized applications—demand a new approach to data protection.

It’s no easy feat for a company to maintain security and enforce standardized policies across a fleet of devices.

The two new vulnerabilities that the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added to its list of known exploited vulnerabilities (KEV) are both related to the privilege elevation of the Linux kernel.