Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Rise of the Machines: The 2024 SOC Transformation

Jan 31, 2024 By Torq In Torq
We’ve been taught to fear the rise of the machines. But what if machines taking over is a good thing? Leonid Belkind, our CTO and Co-Founder, sat down with Brittney Zec, our Senior Social Media & Content Manager to share insights on how AI-driven hyperautomation addresses the existential challenges SOC analysts face.
View Video

Introducing Step Builder

Jan 31, 2024 By Torq In Torq
Introducing Step Builder! Here at Torq, we just launched a new feature that takes the manual work out of building steps and eliminates the need for advanced coding expertise. And you can build custom steps in just minutes with a few button clicks - or a wave of a magic wand! Now in GA, Step Builder extends Torq’s already impressive list of no-code capabilities. It gives Torq users the ability to quickly and easily create custom content without the need to code, making your options for integration truly limitless.
View Video
jfrog

Empowering DevSecOps: JFrog's Enterprise-Ready Platform for Federal NIST SP 800-218 Compliance

Jan 31, 2024 By Greg McDermott In JFrog
As an integrator or government agency providing mission-critical software, the question to ask yourself is “Is my software development environment NIST SP 800-218 compliant?”. Compliance with NIST SP 800-218 and the SSDF (Secure Software Development Framework) is mandatory, and it’s time to ensure your software supply chain is compliant.
Read Post
CrowdStrike

Data Protection Day 2024: As Technology and Threats Evolve, Data Protection Is Paramount

Jan 31, 2024 By Drew Bagley In CrowdStrike
Today’s cybersecurity landscape poses one of the most significant risks to data. This holds true for organizations of all sizes, across all industries, tasked with protecting their most essential data amid an increasingly regulated environment and faster, more innovative adversaries. Recent years have introduced a steady drumbeat of new data privacy regulations. There are now 14 U.S. states that have passed privacy laws.
Read Post
knowbe4

FBI Cyber Alert: Tech Support Scams Steal Cash or Precious Metals

Jan 31, 2024 By Stu Sjouwerman In KnowBe4
The US Federal Bureau of Investigation (FBI) has issued an alert warning that scammers are tricking victims into converting their savings into cash or precious metals, then sending couriers to pick up the items for safekeeping. The scammers then steal the goods and cut contact with the victims. The FBI says victims lost more than $55 million to these scams between May and December 2023.
Read Post
knowbe4

Ransomware Payments On The Decline As Cyber Attackers Focus on The Smallest, And Largest, Organizations

Jan 31, 2024 By Stu Sjouwerman In KnowBe4
New data for Q4 of 2023 reveals a sizable shift in the cyber threat landscape, with serious implications regarding ransomware and social engineering attacks targeting both the largest and smallest organizations worldwide. The good news is that ransoms continue to decline – according to the most recent Quarterly Ransomware Report from ransomware response vendor Coveware.
Read Post
Snyk

Buildkit GRPC SecurityMode privilege check: Build-time container breakout (CVE-2024-23653)

Jan 31, 2024 By Rory McNamara In Snyk
Snyk has discovered a vulnerability in all versions of Docker Buildkit <= v0.12.4, as used by the Docker engine. The exploitation of this issue can result in container escape to the underlying host OS when building an image using a malicious Dockerfile or upstream image (i.e, when using FROM). This issue has been assigned CVE-2024-23653.
Read Post
Snyk

Buildkit build-time container teardown arbitrary delete (CVE-2024-23652)

Jan 31, 2024 By Rory McNamara In Snyk
Snyk has discovered a vulnerability in all versions of Docker Buildkit <=v0.12.4, as used by the Docker engine. Exploitation of this issue can result in arbitrary file and directory deletion in the underlying host OS when building an image using a malicious Dockerfile or upstream image (i.e, when using FROM). This issue has been assigned CVE-2024-23652.
Read Post
Snyk

Buildkit mount cache race: Build-time race condition container breakout (CVE-2024-23651)

Jan 31, 2024 By Rory McNamara In Snyk
Snyk has discovered a vulnerability in all versions of Docker Buildkit <=v0.12.4, as used by the Docker engine. The exploitation of this issue can result in container escape to the underlying host OS when building an image using a malicious Dockerfile or upstream image (i.e. when using FROM). This issue has been assigned CVE-2024-23651.
Read Post
Snyk

Vulnerability: runc process.cwd and leaked fds container breakout (CVE-2024-21626)

Jan 31, 2024 By Rory McNamara In Snyk
Snyk has discovered a vulnerability in all versions of runc <=1.1.11, as used by the Docker engine, along with other containerization technologies such as Kubernetes. Exploitation of this issue can result in container escape to the underlying host OS, either through executing a malicious image or building an image using a malicious Dockerfile or upstream image (i.e., when using FROM). This issue has been assigned the CVE-2024-21626.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.