The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses

We've all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses SMBs are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers CISO...

CVE-2024-48569

Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-Site Scripting XSS vulnerabilities in the add/edit form fields, at the urls starting with the subpaths: /ar/config/configuation/ and /ar/config/risk-strategy-control/...

CVE-2024-48569

Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-Site Scripting XSS vulnerabilities in the add/edit form fields, at the urls starting with the subpaths: /ar/config/configuation/ and /ar/config/risk-strategy-control/...

PT-2024-33148 · Unknown · Proactive Risk Manager

Name of the Vulnerable Software and Affected Versions: Proactive Risk Manager version 9.1.1.0 Description: The issue concerns multiple Cross-Site Scripting XSS vulnerabilities. These vulnerabilities are found in the add/edit form fields, specifically at URLs starting with the subpaths:...

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver...

5 Steps to Boost Detection and Response in a Multi-Layered Cloud

The link between detection and response DR practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on "shift-left" practices—securing code, ensuring proper cloud posture, and fixing...

AWS Account Vending

How an AWS account vending strategy differs from a landing zone...

The Main Components of an Attack Surface Management (ASM) Strategy

In part one of this blog series, we looked at some of the core challenges that are driving the demand for a new approach to Attack Surface Management. In this second blog I explore some of the key technology approaches to ASM and also some of the core asset types we need to understand. We can bre...

Cybersecurity Compass: Bridging the Communication Gap

Discover how to use the Cybersecurity Compass to foster effective conversations about cybersecurity strategy between non-technical and technical audiences, focusing on the phases of before, during, and after a breach...

Help, I can’t see! A Primer for Attack Surface Management Blog Series

Part 1: Overview of the Problem ASM Solves and a High-Level Description of ASM and Its Components Welcome to the first installment of our multipart series,"Help! I Can’t See! A Primer for Attack Surface Management Blog Series." In this series, we will explore the critical challenges and solutions...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.37 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

GHSA-QQV8-PH7F-H3F7 OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the "Docker" strategy, executable files inside the privileged build containe...

CVE-2024-7387 Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build containe...

CVE-2024-7387

OpenShift CVE-2024-7387 is a symlink-traversal/path traversal vulnerability in the openshift/builder docker build path. A privileged build container can have its destinationDir override a symlink (e.g., usr_bin -> /usr/bin), enabling overwriting of system binaries like /usr/bin/cp and executio...

CVE-2024-7387 Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build containe...

CVE-2024-7387

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build containe...

‘Terrorgram’ Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along

The federal indictment of two alleged members of the Terrorgram Collective, a far-right cell accused of inspiring “lone wolf” attacks, reveals the US is now using a “forgotten” legal strategy...

Mediatek Tablet Vulnerability - Lenovo Support US

No description provided...

Lenovo XClarity Controller (XCC) Vulnerabilities - Lenovo Support US

No description provided...

Simplifying Azure Cloud Security with Snapshot-Based Scans

As organizations increasingly move to the cloud, securing these dynamic and transient environments has become a critical challenge for security teams. Cloud deployments are inherently more fluid than traditional infrastructure, with resources constantly being spun up, modified, or decommissioned...