Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On July 24, a group of researchers at Midnight Blue announced TETRA:BURST, a set of five new vulnerabilities affecting the TETRA standard for radio communication.

Vulnerability disclosure programs (VDPs) are structured frameworks or processes for organizations to document, submit, and report security vulnerabilities to all other relevant organizations. Being ready and able to address vulnerabilities before they become problems is an essential part of any cybersecurity strategy. While VDPs are not currently required by law, the U.S. government encourages vulnerability disclosure programs as a proactive approach to cybersecurity.

Recently, a team of experts from JumpSEC Labs discovered a vulnerability in Microsoft Teams that allows malicious actors to bypass policy controls and introduce malware through external communication channels. Leaving end-users susceptible to phishing attacks. Microsoft’s advice is to educate end-users to detect phishing attempts. One workaround would be to disable Microsoft Teams collaboration with external organizations.

You're cruising down the highway in your sleek, state-of-the-art electric vehicle (EV). The hum of the electric motor is your soundtrack, the open road your cinema. Your dashboard, a symphony of lights and numbers, is a live feed of your vehicle's vitals – battery levels, tire pressure, energy consumption, and more. Suddenly, your phone buzzes. It's your EV's companion app, alerting you to an unexpected battery drain.

In today’s interconnected world, the reliance on secure file transfer software is paramount for businesses dealing with sensitive data. Among these tools, MOVEit Transfer software has been a popular choice worldwide, especially in the US, to ensure secure file transfers. However, recent events have exposed its vulnerabilities, leading to the active exploitation by the CI0p ransomware group.

GuidePoint Security is a software company that specializes in security services. The organization is located in Herndon, Virginia, employs 722 people, and protects and manages data for thousands of people during its daily operations. This company was compromised in the MOVEit data breaches, putting a large number of people at risk.

Securing your CI/CD pipeline is critical to modern application security. So, we created a cheat sheet to make the process easier. In this post, we’ll cover using Snyk in your CI/CD pipelines to catch security issues quickly and empower your developers to fix them before they get to production.

A potential security risk in the npm ecosystem known as “manifest confusion” has recently been spotlighted in a blog post by Darcy Clarke, a former Staff Engineering Manager at GitHub. Clarke mentioned that JFrog Artifactory seems to replicate this issue, so of course we investigated it right away. In this post, we will explain what the issue is and what it might mean for JFrog Artifactory users.

Microsoft disclosed a zero-day vulnerability impacting Office and Windows on July’s Patch Tuesday. This vulnerability has an “important” severity level, and can allow attackers to perform remote code execution with the same privileges as the target. As of this writing, there is no patch available to mitigate the vulnerability, but Microsoft has provided mitigation steps.

Software vulnerability patching plays a critical role in safeguarding your code base, software, applications, computer systems, and networks against potential threats, and ensuring they’re compliant, and optimized for efficiency. Organizations’ codebases have become increasingly complex, involving sophisticated relationships between components and their dependencies.