New infosec products of the week: October 4, 2024 - Help Net Security

It also makes it possible to create effective security controls that keep a business’ most sensitive data safe from becoming a data security risk (e.g. revoking public access to files marked ‘confidential’). The Legit Posture Score sets a new, universal, and fully transparent application security scoring standard for security teams to measure, operationalize, and accelerate AppSec maturity throughout the SDLC. Using AI, Balbix D3 enables security and IT teams to take immediate (and automated) action based on insights surfaced by Balbix’s risk assessment engine. Now with the new Legit Posture Score, no longer are AppSec teams stuck piecing together slices of visibility from disparate security scanners and veiled, proprietary scores. Here’s a look at the most interesting products from the past week, featuring releases from Balbix, Halcyon, Metomic, Red Sift, SAFE Security, Veeam Software, and Legit Security. SAFE X delivers CISOs real-time business impact insights into their cybersecurity posture, enabling better decision-making and risk prioritization. Halcyon Linux monitors and detects ransomware-specific behaviors such as unauthorized access, lateral movement, or modification of critical files in real-time, providing instant alerts with critical context. With Metomic’s Data Classification solution, organizations can automate complex data workflows and implement “data rules” that ensure files are labeled appropriately within Google. Powered by AI, it delivers instant answers on an organization’s cyber risk posture and offers personalized risk mitigation recommendations. By regular scans, the Recon Scanner recognizes suspicious activity and adversary tactics, techniques, and procedures (TTPs), enabling organizations to take defensive and mitigation actions in advance. By translating investigations into clear, natural language conversations, Radar empowers both technical and non-technical users to troubleshoot effectively, allowing teams to upskill quickly without extensive training. As part of Veeam Data Platform Premium, Recon Scanner offers customers the ability to identify threats before they can cause damage. This allows teams to resolve critical risks before they can be exploited, shifting from traditional, reactive vulnerability management to continuous and proactive exposure management.

This Cyber News was published on www.helpnetsecurity.com. Publication date: Fri, 04 Oct 2024 03:13:06 +0000


Cyber News related to New infosec products of the week: October 4, 2024 - Help Net Security

CVE-2024-26633 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2024-26857 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2024-35893 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2024-47685 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use ...
2 months ago Tenable.com
CVE-2024-50083 - In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending ...
1 month ago Tenable.com
CVE-2024-26781 - In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected ...
8 months ago Tenable.com
CVE-2023-52784 - In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today. ...
6 months ago Tenable.com
Week in review: Terrapin SSH attack, Mr. Cooper breach - Creating a formula for effective vulnerability prioritizationIn this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. EMBA: Open-source ...
11 months ago Helpnetsecurity.com
CVE-2024-50035 - In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is ...
1 month ago Tenable.com
Week in review: 15 million Trello users' scraped data on sale, attackers can steal NTLM hashes - The reality of hacking threats in connected car systemsIn this Help Net Security interview, Ivan Reedman, Director of Secure Engineering at IOActive, discusses how manufacturers, government regulations, and consumers are adapting to these new ...
10 months ago Helpnetsecurity.com
CVE-2022-48956 - In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot ...
1 month ago Tenable.com
Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days - Social engineer reveals effective tricks for real-world intrusionsIn this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for ...
11 months ago Helpnetsecurity.com
Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens - Vulnerability disclosure: Legal risks and ethical considerations for researchersIn this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in ...
1 year ago Helpnetsecurity.com
CVE-2024-50033 - In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the ...
1 month ago Tenable.com
Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days - Strategies for secure identity management in hybrid environmentsIn this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments. Leveraging AI for ...
8 months ago Helpnetsecurity.com
CVE-2024-26852 - In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ...
8 months ago Tenable.com
CVE-2024-26863 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2024-26641 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2024-26882 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast - Veeam fixes RCE flaw in backup management platformVeeam has patched a high-severity vulnerability in Veeam Service Provider Console and is urging customers to implement the patch. May 2024 Patch Tuesday forecast: A reminder of recent threats and ...
7 months ago Helpnetsecurity.com
CVE-2024-35973 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2023-52845 - In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== ...
6 months ago Tenable.com
Week in review: MOVEit auth bypass flaws quitely fixed, open-source Rafel RAT targets Androids - Progress quietly fixes MOVEit auth bypass flawsProgress Software has patched one critical and one high-risk vulnerability in MOVEit, its widely used managed file transfer software product. Open-source Rafel RAT steals info, locks Android devices, ...
5 months ago Helpnetsecurity.com
CVE-2024-26624 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)