Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Effective data governance has become a cornerstone of success in today's rapidly evolving life sciences landscape. From ensuring regulatory compliance to enabling secure collaboration, a robust data governance strategy is essential. ‍

Trustwave SpiderLabs uncovered multiple stored cross-site scripting (XSS) vulnerabilities (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396) in REDCap (Research Electronic Data Capture), a widely used web application for building and managing online surveys and databases in research environments. These vulnerabilities, if exploited, could allow attackers to execute malicious JavaScript code in victims' browsers, potentially compromising sensitive data.

In today's world, electronic mails (e-mails) serve as a medium of both official and personal correspondence. With sensitive information being shared online, it's essential to secure your emails. Pretty Good Privacy (PGP), a robust encryption program, offers a reliable solution for securing the contents of your emails. Developed by Phil Zimmermann in 1991, PGP utilizes public-key cryptography to ensure both confidentiality and authenticity in email exchanges.

In the realm of secure software development, managing security debt is crucial. The following data highlights a concerning trend in the accumulation of critical security debt, particularly in the popular programming languages of Java, JavaScript, and.NET. Let’s dive into this new research and explore options for managing the prioritization dilemma we’re seeing.

On July 24, 2024, an unattributed threat actor distributed a password-protected installer masquerading as an inauthentic Falcon Crash Reporter Installer to a German entity in an unattributed spear-phishing attempt. Subsequent analysis revealed that executing the installer with the threat actor-provided password leads to a novel execution chain in which an agent written to the Mythic command-and-control (C2)1 framework is executed as LLVM Intermediate Representation (IR) bitcode.

Large language models are fascinating tools for cybersecurity. They can analyze large quantities of text and are excellent for data extraction. One application is researching and analyzing vulnerability data, specifically Common Vulnerabilities and Exposures (CVE) information. As an application security company with roots in open source software vulnerability detection and remediation, the research team at Mend.io found this a particularly relevant area of exploration.