Vendor News

ZeroFox's Social Engineering Series breaks down aspects of the threat into digestible reports and outlines defensive actions that can be taken to combat it.  Part three of this series takes a deep dive into the bypassing of multi-factor authentication (MFA) security protocols, why...

It seems as though responders cannot catch a break when it comes to 0-day vulnerabilities and supply chain compromise avenues. On March 29th, 2024, the Cybersecurity & Infrastructure Security Agency published an alert regarding a supply chain compromise of the XZ Utils package. At ...

Understanding the EU Cyber Resilience Act and the US Cyber Trust Mark program Organizations that produce software – or products that include software – are under increasing pressure to ensure that software is secure. Whether that pressure is from concern about the “software supply chain” or regu...

In today’s digital landscape, the stakes for software security have never been higher. As cyber threats grow more sophisticated, the need for embedding security into the very fabric of software development processes becomes paramount. Security by Design is not merely a best practice; it...

Sicherer Zugang zur Telematikinfrastruktur (TI) ohne Konnektor: Das ist ab Q3 2024 möglich. Denn secunet, Deutschlands führendes Cybersecurity-Unternehmen und Marktführer unter den Konnektor-Herstellern, entwickelt gemeinsam mit Worldline ein TI-Gateway (TIG). Dieses ermöglicht den Anschluss beli...

The cloud has significantly changed how we approach data storage, web application design, deployment, and management. With services from platforms like AWS, Azure, and Google Cloud, both businesses and individual developers can benefit from the cloud’s adaptability and scale to enhance their digi...

Organizations are increasingly leveraging Generative AI and Large Language Models (LLMs) to optimize business processes and improve products and services. A recent Gartner report predicts that global spending on AI software will grow to $298 billion by 2027, with a compound annual growt...

During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation of CVE-2023-46747 affecting F5 BIG-IP Traffic Management User Interface. Additionally, in February 2024, we observed exploitation of Connectwise ScreenConnect CVE-2024-1709 b...

Executive Summary In late February, APT29 used a new backdoor variant publicly tracked as WINELOADER to target German political parties with a CDU-themed lure.   This is the first time we have seen this APT29 cluster target political parties, indicating a possible area of emerging o...

LogRhythm Axon was built from the ground-up so that security teams can focus on the actual job of cybersecurity. With LogRhythm Axon, security teams can immediately realize the value of the platform as they do not have to focus on managing the infrastructure, ingesting disparate data into th...