,The rapid software development process that exists today requires an expanding and complex infrastructure and application components, and the job of operations and development teams is ever growing and multifaceted. Observability, which helps manage and analyze telemetry data, is the key to ensuring the performance and reliability of your applications and infrastructure. In … [Read more...] about The power of effective log management in software development and operations
software
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
Apr 18, 2023Ravie LakshmananCyber Threat / Malware The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary's … [Read more...] about Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability
Feb 03, 2023Ravie LakshmananCloud Security / Vulnerability Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been … [Read more...] about Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability
ISC Releases Security Patches for New BIND DNS Software Vulnerabilities
Jan 28, 2023Ravie LakshmananServer Security / DNS The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. "A remote attacker could exploit these vulnerabilities to potentially cause … [Read more...] about ISC Releases Security Patches for New BIND DNS Software Vulnerabilities
Elastic joins AWS Marketplace Vendor Insights to streamline risk assessment and software procurement
Vendor Insights can help you reduce assessment lead time by allowing you to access a vendor’s validated security profile. It can lower the effort of questionnaire population via back-and-forth with vendors from months to hours.Use the Vendor Insights dashboard to reduce assessment timeVendor Insights can ease your procurement process by reducing your assessment time via a … [Read more...] about Elastic joins AWS Marketplace Vendor Insights to streamline risk assessment and software procurement
Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities
Jan 05, 2023Ravie LakshmananApplication Security / SQLi Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. "An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web … [Read more...] about Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities
New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software
Dec 29, 2022Ravie LakshmananOnline Security / Malvertising Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced on top of Google … [Read more...] about New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software
VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software
VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring … [Read more...] about VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software
Google Launches GUAC Open Source Project to Secure Software Supply Chain
Google on Thursday announced that it's seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain. "GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata," … [Read more...] about Google Launches GUAC Open Source Project to Secure Software Supply Chain
NullMixer simulates pirated software and delivers malware
Downloading pirated software is always a lottery: some get lucky, other less so: the user might end up losing even more money than they’d pay for a license. We’ve already talked a lot about various types of malware that hide under the guise of pirated games and spread through torrents. Recently, our researchers published a new study of the NullMixer dropper — another widespread … [Read more...] about NullMixer simulates pirated software and delivers malware