CrowdStrike

Malicious Inauthentic Falcon Crash Reporter Installer Delivers LLVM-Based Mythic C2 Agent Named Ciro

Jul 30, 2024 By Counter Adversary Operations In CrowdStrike
On July 24, 2024, an unattributed threat actor distributed a password-protected installer masquerading as an inauthentic Falcon Crash Reporter Installer to a German entity in an unattributed spear-phishing attempt. Subsequent analysis revealed that executing the installer with the threat actor-provided password leads to a novel execution chain in which an agent written to the Mythic command-and-control (C2)1 framework is executed as LLVM Intermediate Representation (IR) bitcode.
Read Post
wallarm

CVE-2024-41110: Once Again, Docker Addresses API Vulnerability That Can Bypass Auth Plugins

Jul 30, 2024 By Wallarm In Wallarm
A significant vulnerability (CVE-2024-41110) was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 (critical).
Read Post
Internxt

The 7 Best Tools for Sharing Passwords Online 2024

Jul 30, 2024 By Mia Naumoska In Internxt
The first rule of sharing your passwords online club is, you must not share your passwords online. Unfortunately, this is not always possible, as teams and departments need ways to access different platforms, websites, or accounts to run smoothly. If you or your team find yourselves in a situation where sharing passwords online can’t be avoided, there are security measures you can take to prevent your password from falling into the wrong hands.
Read Post
ThreatQuotient

The Power of Security Orchestration and Automation

Jul 30, 2024 By Audrey Hoppenot In ThreatQuotient
In today’s digital landscape, cyber threats are constantly evolving and becoming more sophisticated. Attackers are finding new ways to breach security defenses and exploit vulnerabilities. As technology advances, so do the tactics and techniques used by cybercriminals. Gone are the days when simple antivirus software and firewalls were enough to protect against cyber threats.
Read Post

Data Modernization: The Evolution of Data Sharing

Jul 30, 2024 By Protegrity In Protegrity
Primitive information sharing has greatly evolved, creating a kaleidoscope of various ways we communicate and share information, both publicly and privately. This change in data ecosystems affects you – data owners responsible for how data is distributed, protected, and accessed hold sensitive data in the palms of their hands. As we continue to evolve, data protection should be in the center of any business strategy, and relying on Snowflake or AWS security plans is not enough. Discover how modernizing your data processes and investing in your data protection changes the way you do business.
View Video
Trustwave

Multiple Cross-Site Scripting (XSS) Vulnerabilities in REDCap (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396)

Jul 30, 2024 By Hamza Hussain In Trustwave
Trustwave SpiderLabs uncovered multiple stored cross-site scripting (XSS) vulnerabilities (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396) in REDCap (Research Electronic Data Capture), a widely used web application for building and managing online surveys and databases in research environments. These vulnerabilities, if exploited, could allow attackers to execute malicious JavaScript code in victims' browsers, potentially compromising sensitive data.
Read Post
tanium

How To Identify, Contain, and Remediate Zero-Day Risks and Get back to Your Day Job in 30 Minutes

Jul 30, 2024 By Tanium In Tanium
WannaCry, Log4j, Follina, Spring4Shell — these incidents send shivers down the spines of anybody who works in IT or security. Zero-day vulnerabilities are unknown or unaddressed exploitable software or hardware security flaws that are typically unknown to the vendor and for which no patch or other fix is yet available.
Read Post
Subscribe to Security

Copyright © 2026 OpsMatters™. All rights reserved.