Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today's security conscious climate, countries and organizations worldwide waste little time debating whether a risky mobile application should be banned — regardless of its popularity. With security and data privacy at the center of public and private sector conversations, these issues typically come about when an app is found to have concerning data collection and handling practices.

On December 13th, 2022, Citrix disclosed a critical remote code execution vulnerability (CVE-2022-27518) affecting several versions of Citrix ADC and Citrix Gateway. Citrix strongly advises affected customers to update to a supported version as soon as possible. While no public proof-of-concept exploit code is available for this vulnerability, Citrix has observed several instances of targeted exploitation.

As part of Microsoft’s September 2022 Security Update, Microsoft released security updates to remediate CVE-2022-37958–an information disclosure vulnerability in SPNEGO NEGOEX that impacted all Windows versions 7 or newer. On December 13, Microsoft reclassified the vulnerability as Critical severity after security researchers discovered that the vulnerability could allow threat actors to remotely execute code pre-authentication.

SIEMs have come a long way since they first debuted in the security operations center (SOC) well over a decade and a half ago. Today, next-gen SIEMs are far more advanced than early systems, which merely gathered and logged data from different sources. Now, SIEM software can deliver comprehensive insight into network security and data protection by looking for anomalous activity that could indicate compliance, performance and security issues.

Elastic Security for SIEM continues to be recognized by leading industry analyst firms It’s that time of the year… and we’re not talking about the holidays. That’s right, it’s analyst report season. Elastic continues to be recognized by leading industry analyst firms. Today, Forrester Research recognized Elastic as a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022. Elastic had the highest score in the Wave in the strategy category.

With cyberattacks growing in scale and complexity, it has never been more difficult to figure out where to invest your time and defensive resources. This remains the core challenge of optimizing an effective security organization. A good prioritization approach should be data-driven, and informed by real attacker activity.

Over the years, there have been countless cases of HIPAA (Health Insurance Portability and Accountability Act) violations, which can result in significant financial penalties. Most are directly linked not to accidental employee misconduct or malicious intent but to a lack of understanding of HIPAA standards by healthcare organizations. Most cases involve poor implementation of security controls or lack of risk assessment auditing, to save money and avoid costly auditing.

Red Hat OpenShift is an enterprise Kubernetes container platform. It lets you build Docker images and use them to deploy your applications on a cloud-like environment (even if it’s not really on the cloud, rather a simulated cloud environment). Images built in OpenShift can be easily pushed into JFrog Artifactory – JFrog’s leading universal repository manager.