The recent identification of CVE-2024-23897 in Jenkins versions up to 2.441 has significantly heightened concerns within the cybersecurity community, particularly focusing on the implications for public-facing Jenkins servers. Jenkins servers are important for many organizations as they are used in continuous integration/continuous deployment (CI/CD) pipelines, automating stages of software development and deployment.

On January 16th, 2024, Atlassian released an advisory highlighting a critical vulnerability within certain versions of Confluence Data Center and Confluence Server. This issue, tracked under the identifier CVE-2023-22527, involves a severe Remote Code Execution (RCE) vulnerability stemming from a template injection flaw in out-of-date software versions. The risk is significant, with unauthenticated attackers potentially gaining the ability to execute arbitrary code on affected installations.

If you’re handling sensitive information, dealing with data loss can be more than just a headache. Log management tools such as Graylog can enhance your incident response and management strategies, and help you mitigate the damage when a breach occurs in your database. Minimizing data loss with a fast and scalable logging solution is key if you want to bring your cybersecurity to the next level.

Macro technology trends have always impacted and influenced every aspect of the retail industry. From the days of catalog ordering and cash only transactions to today’s personalized, always-on omnichannel experiences where contactless payment has become the norm - the world of retail is almost unrecognizable.

On January 10th, 2024, Volexity reported that there is active exploitation in the wild against Ivanti Connect Secure (ICS) VPN devices. Ivanti and Volexity worked together to review impacted devices, and Volexity identified two different zero days, which have been assigned the following CVEs IDs.

Audit logs are essential for ensuring the security of an organization’s information systems. They track all events that occur within a system, including log-on attempts, file access, network connection, and other crucial operations. Should But, without proper management, audit logs are mostly a wasted opportunity – nothing more than scraps of data whose importance and potential are never harnessed.

Hypothesis-driven hunting is probably the most well-known type of threat hunting, and it’s one of the three types defined in the PEAK threat hunting framework. In this article, we’ll walk through a sample hypothesis-driven hunt, step-by-step. For our data, we’ll be using the Boss of the SOC Version 3 (BOTSv3) dataset, which you can use to recreate the hunt and work through it on your own. Below is a diagram of the Hypothesis-Driven hunting process.

AutoIt is a scripting language designed for automating the Windows GUI and general scripting. Over the years, it has been utilized for malicious purposes, including AutoIt-compiled malware, which dates back to as early as 2008. Malware creators have exploited the versatility of AutoIT in a variety of ways, such as using obfuscated scripts for payload decryption, utilizing legitimate tools like BaSupportVNC, and even creating worms capable of spreading through removable media and Windows shares.

The security posture of any organization is the result of comprehensive security strategies, processes and practices, which enable organizations to be resilient against evolving security threats. This article describes what we mean by “security posture”, including why it matters, and what comprises it. Importantly, we’ll also understand how to assess and improve the security posture.