Infosec products of the month: September 2024 - Help Net Security

Tenable AI Aware leverages agents, passive network monitoring, dynamic application security testing and distributed scan engines to detect approved and unapproved AI software, libraries and browser plugins, along with associated vulnerabilities, thereby mitigating risks of exploitation, data leakage and unauthorized resource consumption. Here’s a look at the most interesting products from the past month, featuring releases from: Absolute, anecdotes, ArmorCode, Binarly, Bitdefender, Druva, F5 Networks, Gcore, Guardsquare, Huntress, Ketch, LOKKER, Malwarebytes, NETGEAR, Nudge Security, Prompt Security, Rapid7, Revenera, Skyhigh Security, Strivacity, Tenable, Trellix, Vanta, Veritas Technologies, and Wing Security. Powered by encryption protocols and advanced threat detection mechanisms, NETGEAR routers stand as the first line of defense against evolving cyber threats by including security features such as automatic firmware updates, VPN support, cutting-edge WPA3 security, access control, and guest WiFi network options. Huntress’ SIEM will combine proprietary Smart Filtering of security data, streamlined log storage, hands-off management, and continuous monitoring by Huntress’ elite team of experts to stay ahead of threats—with a transparent, predictable cost model. Wing Security has released SaaS Pulse, a free tool for SaaS security management, offering organizations actionable insights and continuous oversight into their SaaS security posture. The Revenera OSS Inspector plugin enables developers using IntelliJ IDEA, an integrated development environment (IDE), to examine, within the IDE itself, the licenses and security vulnerabilities associated with the OSS components used in the application code. With the NGINX One Console, teams can broadly and easily enforce security policies across the application ecosystem, receive and implement configuration guidance, and automate version and patch updates—all helping to ensure compliance. Vanta’s new Report Center, enhancements to VRM and milestone achievements for pre-built integrations and frameworks give GRC and security teams always-on visibility with actionable insights so they can establish and promote trust internally and externally. With the AI Threat Insights module activated, customers using Absolute to continuously monitor all network traffic across PC fleets can detect and act against zero-day threats, ransomware, other malware, and suspicious user, device and application behaviors. By integrating DLP capabilities into email security, organizations can now address both inbound malicious threats and outbound loss of sensitive information in one solution. Anecdotes Trust Center continuously pulls data directly from a company’s Anecdotes Compliance OS, ensuring all documentation is up-to-date and accurate and reducing the risk of errors that can occur when multiple teams are involved in the documentation process. Instead of relying on data from accounting systems, Nudge Security’s discovery method uses machine learning to scan Google Workspace or Microsoft 365 environments to uncover SaaS identities, activities, and risks. Malwarebytes Personal Data Remover scans a network of data broker databases and people search sites, assisting users in removing their personal details, and offering ongoing monitoring to maintain their online privacy, automating up to 318 hours of work a consumer would have to undertake themselves. NGINX One improves app security and delivery for development, operations, and platform teams by making it easier to own, optimize, and govern NGINX components in any context. Vector Command delivers a continuous discovery, assessment, and validation service that goes beyond vulnerabilities to confirm that the overall state of an organization’s IT security posture and controls are sufficient in thwarting would-be adversaries. Available for both iOS and Android apps, Guardsquare’s latest innovation allows all developers – regardless of their security expertise – to implement the highest level of protection for their mobile apps, preventing reverse engineering and tampering. The solution addresses use cases such as internal and external data privacy, content moderation, observability, user activity analytics, and facilitating auditing and compliance with multiple regulatory standards. Skyhigh AI uses AI and ML within its SSE platform to improve security operations by increasing efficiency and productivity while reducing complexity, risk and costs. The new Binarly Transparency Platform 2.5 empowers organizations with the tools to proactively mitigate firmware and software security issues. Trellix Email Security Cloud stops advanced threats through multi-layered detection powered by Trellix Wise AI.

This Cyber News was published on www.helpnetsecurity.com. Publication date: Tue, 01 Oct 2024 03:43:05 +0000


Cyber News related to Infosec products of the month: September 2024 - Help Net Security

CVE-2024-26633 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2024-26857 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2024-35893 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
CVE-2024-47685 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use ...
2 months ago Tenable.com
CVE-2024-50083 - In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending ...
1 month ago Tenable.com
CVE-2024-26781 - In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected ...
8 months ago Tenable.com
CVE-2023-52784 - In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today. ...
7 months ago Tenable.com
CVE-2024-50035 - In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is ...
2 months ago Tenable.com
CVE-2022-48956 - In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot ...
2 months ago Tenable.com
CVE-2024-50033 - In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the ...
2 months ago Tenable.com
CVE-2024-26852 - In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ...
8 months ago Tenable.com
Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens - Vulnerability disclosure: Legal risks and ethical considerations for researchersIn this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in ...
1 year ago Helpnetsecurity.com
CVE-2024-26863 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2024-26641 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2024-26882 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
CVE-2024-35973 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days - Strategies for secure identity management in hybrid environmentsIn this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments. Leveraging AI for ...
8 months ago Helpnetsecurity.com
CVE-2023-52845 - In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== ...
7 months ago Tenable.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CVE-2024-26624 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2024-35934 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
CVE-2024-50085 - In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow Syzkaller reported this splat: ================================================================== BUG: KASAN: ...
1 month ago Tenable.com
Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days - Social engineer reveals effective tricks for real-world intrusionsIn this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for ...
11 months ago Helpnetsecurity.com
CVE-2024-26614 - In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has ...
9 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)