April 2024 Update: GitHub App, Storage Cleaner, and more!
Welcome to our post-release article where we share the latest GitProtect enhancements and new features launched with version 1.7.5. We start with big changes first!
Security
Palo Alto Global Protect Command Injection Vulnerability
On April 12, 2024, Palo Alto disclosed a critical vulnerability identified as CVE-2024-3400 in its PAN OS operating system, which carries the highest severity rating of 10.0 on the CVSS scale. This vulnerability, present in certain versions of Palo Alto Networks’ PAN-OS within the GlobalProtect feature, allows unauthenticated attackers to execute any code with root privileges on the firewall through command injection.
Introducing GitGuardian's Advanced Jira Cloud integration
Speed up your remediation workflow with GitGuardian's new Advanced Jira Cloud integration: Users have already been able to manually open Jira tickets from the incident view in the dashboard. Now, you can configure GitGuardian to create a new Jira ticket to track any needed development efforts. You can also configure the Jira tickets to resolve an incident in GitGuardian when a specific status is reached. It will mark the associated incident as Resolved so you can stay focused on other work.
Four Iranian Hackers Charged With Cyberattacks On American Firms
Read also: Samourai Wallet founders charged with money laundering, German police shut down a DDoS-for-hire service, and more.
Detecting Unknown & Insider Threats + UEBA - Sumo Logic Customer Brown Bag - April 25th, 2024
In this session, Anton and Paul cover how to detect unknown and insider threats along with a discussion of User-Entity Behavior Analytics (UEBA) using Sumo Logic's Cloud SIEM.
Navigating Network Security: A Structured Approach to Security Testing
Companies must prioritise a comprehensive and proactive approach to network security. Among the most effective strategies to ensure robust defence mechanisms is rigorous penetration testing. By adopting an “assumed breach” mentality, organisations can better prepare for potential attacks, ensuring they are not merely reacting to threats but actively preventing them.
New Drill Down Feature Illuminates a Deeper View of Cyber Risk Drivers
The power of an on-demand cyber risk quantification (CRQ) platform lies in its ability to harness an extensive amount of data, filter it, and consequently produce an objective assessment that offers key stakeholders an understanding of how likely their organization is to experience certain cyber events, along with the respective financial losses.
Scaling Privileged Access for Modern Infrastructure Real World Insights
Implementing and scaling privileged access in modern computing environments generates new challenges for security and engineering productivity. Modern computing architectures are ephemeral, elastic, on-demand, and complex. This webinar delves into the challenges faced by platform engineering and infrastructure teams when enabling secure access in these environments.
"Junk gun" ransomware: the cheap new threat to small businesses
A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit, Rhysida, and BlackSuit, it still presents a serious threat to organizations.
Insights from HackSpaceCon 2024: Navigating Cybersecurity Challenges Ahead
Dive into our highlights from HackSpaceCon 2024, covering red teaming, AI, and securing critical infrastructure to prepare for ever-evolving cyber threats.