Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

The 7 Most Common Types of Cyber Attacks During the Holiday Season

No matter your industry, the end-of-year holiday season is typically a busy time. Unfortunately, it’s also a busy time for cyber criminals. Enterprise organizations are particularly vulnerable to modern data breaches and other attacks during the holidays, which means you must be especially vigilant about guarding against them.

CVE-2024-6197 Curl and Libcurl: Use-after-Free on the Stack

On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability – CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will show why we believe that it is almost impossible to exploit this vulnerability to achieve remote code execution in any real-world setup.

Integrating GitGuardian Incidents With ServiceNow Issues

If you are using ServiceNow for centralized incident management and SecOps, We have some good news. You can now configure ServiceNow issues to synchronize with GitGuardian incidents. Once configured, you will be able to send incident data from GitGuardian and map it to ServiceNow issues triggering your preferred workflows. And, if properly configured, you can update GitGuardian incidents directly from ServiceNow Issues.

Rapid Bulk SCM Onboarding Made Easy with Polaris | Black Duck

It is a constant challenge for modern app and DevOps team to onboard and scale AppSec test in today's highly complex and distributed software environment. Ability to automate bulk upload and scanning of an organizations' hundreds of repositories is the first step. This video shows how the Polaris integrated application security testing SaaS platform helps.

PowerShell vs CMD: The Ultimate Guide for Windows Professionals

Windows PowerShell and command prompt (CMD) are both essential command-line interface tools for Windows administrators, allowing them to execute commands, manage system processes and automate administrative tasks. While CMD has been a foundational component of Windows since the MS-DOS era, PowerShell has emerged as a more advanced and powerful scripting language, enhancing system management and automation capabilities.

Identities Do Not Exist in a Vacuum: A View on Understanding Non-Human Identities Governance

The future of eliminating secrets sprawl means getting a handle on the lifecycles and interdependencies of the non-human identities that rely on secrets. Learn how to implement these NHI security measures at scale.

CVE-2024-53677: Exploitation Attempts of Critical Apache Struts RCE Vulnerability Following PoC Release

On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after the publication of a Proof-of-Concept (PoC) exploit. Apache Struts is a widely used open-source web application framework for developing Java-based applications.

AI-Powered Investment Scams Surge: How 'Nomani' Steals Money and Data

Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and personal data. Known as Nomani — a play on "no money" — this scam grew by over 335% in H2 2024, with more than 100 new URLs detected daily between May and November, according to ESET's H2 2024 Threat Report.

Phishing Campaign Targets YouTube Creators

An email phishing campaign is targeting popular YouTube creators with phony collaboration offers, according to researchers at CloudSEK. The emails contain OneDrive links designed to trick users into installing malware. “The malware is hidden within attachments such as Word documents, PDFs, or Excel files, often masquerading as promotional materials, contracts, or business proposals,” the researchers explain.