Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new critical vulnerability impacting Microsoft Outlook (CVE-2023-23397) was recently published by Microsoft. The CVE is particularly concerning as no user involvement is required by the exploit. Once a user receives a malicious calendar invite, the attacker can gain a user’s Active Directory credentials. Microsoft has released a security update that can be found here. Cato Research strongly encourages updating all relevant systems as proof-of-concept exploits have already appeared online.

I’m thrilled to unveil our new identity: Cyberpion is now IONIX, a name that represents our radically different approach to protecting the modern attack surface and its digital supply chain. With IONIX, you’ll discover your organization’s real attack surface, including its sprawling network of asset dependencies – while separating the signal from the noise so your security team gains laser focus on your exploitable risks.

Terraform is the de facto tool if you work with infrastructure as code (IaC). Regardless of the resource provider, it allows your organization to work with all of them simultaneously. One unquestionable aspect is Terraform security, since any configuration error can affect the entire infrastructure. In this article we want to explain the benefits of using Terraform, and provide guidance for using Terraform in a secure way by reference to some security best practices. Let’s get started!

The business impact of critical open source vulnerabilities such as Spring4Shell and Log4j illustrate the crucial importance of detecting remediating such vulnerabilities as fast as possible, This is particularly important for the financial technology, which handles vast volumes of sensitive financial data for investors. That was certainly the case for MSCI, who deployed Mend to speedily thwart any potential threats posed by Spring4Shell.