Operations | Monitoring | ITSM | DevOps | Cloud

Vulnerability

Microsoft Releases Out-of-band Updates to Address Critical Windows Server Domain Controller Issue

In a recent development that has sent ripples across the IT landscape, Microsoft has identified a critical issue plaguing Windows Server Domain Controllers (DCs). This issue, originating from a memory leak within the Local Security Authority Subsystem Service (LSASS), has emerged as a significant concern for organizations relying on both on-premises and cloud-based Active Directory domain controllers to process Kerberos authentication requests.

Safeguarding Smart Home Devices: A Comprehensive Guide to Cybersecurity for Ensuring Safety and Security

Smart home devices have revolutionized our lives, but with convenience comes risk. Have you ever wondered if your smart speakers, cameras, or thermostats could be vulnerable to cyber-attacks? Imagine the havoc a hacker could wreak by gaining unauthorized access. That's where this comprehensive cybersecurity guide comes in.

Securing your digital fort: Why firmware vulnerability management is essential

Think of your network device firmware as a fortress that can withstand attacks and protect you from potential threats in the digital world. It acts as a guardian, keeping hackers and malicious software at bay so you can be confident that your data is safe. However, any imposing medieval fortress standing tall and proud with seemingly impenetrable walls, no matter how strong it seems, can't keep up with a relentless barrage from the latest weaponry.

Patching Go's leaky HTTP clients

In November 2023 we discovered an issue in the Go standard library’s net/http.Client that allowed an attacker who controls redirect targets on a server to exfiltrate authentication secrets. Soon after, we discovered a similar issue in net/http/cookiejar.Jar. The issues, collectively designated CVE-2023-45289, have now been fixed in Go 1.22.1 and Go 1.21.8, released on March 5, 2024. This blog post dives into the technical details behind those two bugs and the patch that addresses them.

Practical Workflows for Managing Vulnerabilities using Cloudsmith

Worried about supply chain attacks and hidden vulnerabilities compromising your organization's software integrity? Join Alison Sickelka, VP Product, and Ciara Carey, Developer Relations, as they lead our webinar, 'Practical Workflows for Managing Vulnerabilities using Cloudsmith.' Discover how Cloudsmith serves as your organization's central source of truth for builds, mitigating risks, optimizing workflows, and ensuring global distribution.

Common Vulnerabilities and Exposures: What They Are, and Notable CVEs to Be Aware Of

As organizations and individuals rely more and more on technology for many aspects of their lives, the security of digital assets is of increasing concern. From personal data to critical infrastructure, the digital landscape is rife with potential vulnerabilities that can be exploited by malicious actors. Cybersecurity has become a mainstream imperative as breaches and cyber threats continue to escalate.

Addressing Cybersecurity Challenges in Cloud Computing

Cloud computing offers notable perks to businesses of all sizes. As reported by the CIO Agenda Survey by Gartner, adapting to cloud-based technology is one of the top business priorities. Cloud services assist companies in expanding their abilities. It also helps to reduce the cost of labor and capital expenditures for adapting to new technological solutions like managed third-party risk.

2023's Top Vulnerabilities and the Power of Patch Management

The cybersecurity landscape in 2023 was increasingly complex, marked by sophisticated cyber threats such as ransomware and cyber espionage. Over half of the high-risk vulnerabilities were exploited by threat actors, with ransomware payouts averaging a significant $1,542,333, up from $812,380 in 2022. Phishing attacks dominated, accounting for over 80% of incidents, and 57% of organizations experienced frequent phishing attempts. Additionally, 4,000 ransomware attacks occurred daily since 2016.

Invisible Armor: Cycle's Behind-the-Scenes Update Guards Against Recent "Leaky Vessels" Container Exploit

At Cycle, we understand the paramount importance of security and the challenges that come with maintaining it. That's why we're proud to share how our proactive approach has not only addressed the recent “Leaky Vessels” container exploit, but has done so in a manner entirely transparent to our customers, and in under 4 hours of the vulnerability being made public.