Lacework

FEBRUARY 7, 2024

Securing the cloud is a race against time. Developers are building systems and applications faster than ever, but this creates more risks and vulnerabilities for hackers to exploit. As security researchers, we’re constantly analyzing and anticipating cyber threats. The truth is that both are crucial.

Weak Development Team 109

Weak Development Team Malware Cloud Internet 109

Tenable

APRIL 20, 2022

Oracle addresses 221 CVEs in its second quarterly update of 2022 with 520 patches, including 27 critical updates. On April 19, Oracle released its Critical Patch Update (CPU) for April 2022 , the second quarterly update of the year. This CPU contains fixes for 221 CVEs in 520 security updates across 31 Oracle product families.

Database Administration 57

Database Administration Backup PHP Blockchain 57

Modus Create

SEPTEMBER 11, 2023

Centralizing user management helps enterprises from a security/compliance perspective, as it prevents users from creating public repositories or using their own GitHub accounts. Shifting left on security Cybersecurity is now engrained in every part of product development and digital initiatives, even the user experience.

Enterprise 110

Enterprise Cloud Open Source Azure 110

Tenable

SEPTEMBER 7, 2023

AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors. The vulnerability is caused by the use of an outdated version of Apache Santuario, an XML security software library.

Firewall 64

Firewall Software Review Technical Review Systems Review 64

Tenable

JANUARY 31, 2022

Cybersecurity and Infrastructure Security Agency (CISA) states , “Public-private partnerships are the foundation for effective critical infrastructure security and resilience strategies, and timely, trusted information sharing among stakeholders is essential to the security of the nation’s critical infrastructure.” In the U.S.,

Infrastructure 52

Infrastructure Telecommunications Strategic Planning Government 52

Tenable

NOVEMBER 18, 2022

Get the latest on an APT’s Log4Shell exploit; tips to prevent memory attacks; cloud security trends; metaverse security; and more! . In a high-profile public exploit of Log4Shell, an advanced persistent threat (APT) group from Iran leveraged the dreaded Log4j vulnerability to breach a U.S. government agency.

Cloud 52

Cloud Software Review Malware Report 52

Tenable

APRIL 17, 2019

Oracle fixes nearly 300 vulnerabilities in second Critical Patch Update for 2019, including bugs in WebLogic, Java SE and several product components. On April 16, Oracle released its Critical Patch Update for April 2019 as part of its quarterly release of fixes for vulnerabilities. CVE-2017-5645 (Apache Log4j).

Construction 76

Construction Authentication Retail Research 76

Tenable

NOVEMBER 17, 2023

1 - CISA, NSA push SBOM adoption to beef up supply chain security As the Log4Shell bug and SolarWinds hack made clear, cybersecurity teams must continuously assess and mitigate risks in their organizations’ software supply chain. It can also be used by software buyers to assess their supply chain security practices. And much more!

Artificial Intelligence 61

Artificial Intelligence Artificial Inteligence Government Storage 61

Ivanti

JUNE 14, 2023

This includes promoting a culture of individual cybersecurity awareness and deploying the right security tools, which are both critical to the program’s success. Patching failures and patching fatigue are stifling security teams Unfortunately, updates breaking systems because patches haven't been rigorously tested occur frequently.

Weak Development Team 40

Weak Development Team Malware Authentication ChatGPT 40

Palo Alto Networks

DECEMBER 13, 2021

The recent Apache Log4j vulnerability is a particularly pernicious problem for two reasons. Log4j is a back-end logging library that is incorporated into many widely-used, open sourced and internally developed applications used by enterprises around the world. This vulnerability affects almost everyone.

Network 98

Network Firewall Cloud Linux 98

TechCrunch

JUNE 2, 2022

Chainguard , a startup that focuses on securing software supply chains, announced today that it has raised a $50 million Series A funding round led by Sequoia Capital. With this they can, for example, enforce which code can run where and ensure that developers and security teams know what’s being used to build software inside a company.

Open Source 217

Open Source Software Authentication Hardware 217

Ivanti

APRIL 20, 2022

Product updates and releases covered in this newsletter: Security. In August 2021, Ivanti acquired RiskSense , a pioneer in risk-based vulnerability management and prioritization. Those offerings are now known as the following: Ivanti Neurons for Risk-Based Vulnerability Management (RBVM). Ivanti Neurons.

Software Review 66

Software Review Disaster Recovery Systems Review Video 66

Lacework

NOVEMBER 9, 2022

They lurk within these complex spaces, waiting for just the right moment to exploit disparate risks: vulnerabilities, exposed secrets, misconfigurations, excessive privileges, internet exposure, and more. Exposure Polygraphs are also used to prioritize vulnerabilities. Attackers rarely use a single loophole to breach a system.

Analysis 52

Analysis AWS Cloud Internet 52

Lacework

AUGUST 8, 2022

As more organizations move to a cloud-native model, developer security has never been more relevant. We partnered with ESG on a new study to understand the top developer security challenges and priorities for 350 cybersecurity, IT, and application development professionals. Let’s dig into some of the top themes uncovered in the report.

Study 52

Study Development Survey Open Source 52

TechCrunch

AUGUST 11, 2023

government email systems provided by Microsoft, whose handling of the incident drew ire and scrutiny from federal lawmakers and the wider security community. “Actionable recommendations from the CSRB will help all organizations better secure their data and further cyber resilience,” said Mayorkas. organizations.

Government 215

Government Technical Review Systems Review Authentication 215