Tyler Wall, MSc., CISSP, CCSK’s Post

Security Bulletin: Cleo File Transfer Products - CVE-2024-50623 Bypass is a critical vulnerability in Cleo's file transfer products—Harmony, VLTrader, and LexiCom—prior to version 5.8.0.24. The vulnerability has been actively exploited, with attackers establishing persistence, conducting reconnaissance, and executing arbitrary code on compromised systems. #ThreatIntel #CTI #RedLeggSecure https://hubs.ly/Q02_t1C80

Day 73 of #100daysofhackthebox: Took a step back today to focus on the crucial process of triaging security alerts. Learned how to assess and prioritize alerts from various detection systems to gauge threats and potential impacts on organizational systems and data. Explored escalation procedures, understanding the importance of notifying relevant stakeholders for coordinated response efforts. In my ongoing journey of analyzing evil with Sysmon and event logs, I delved into detecting DLL hijacking, replicating examples and identifying relevant Sysmon event log IDs from documentation. Emphasized the significance of thorough research and gained insights into recognizing abnormal processes outside of system32. Every detail adds to the learning experience! #HackTheBox #CybersecurityLearning #Sysmon

LLM-based features in various software present a growing security challenge: prompt injection attacks. Don't miss Invicti's webinar with CTO Frank Catucci and Chief Architect Dan Murphy for insights on prompt injection risks: https://okt.to/ToRAUM #AppSec #PromptInjection

Though a few years old, hands down still the most impactful video I’ve seen that truly resonates with the C-suite—Realistically showing how easily #threatactors exploit overlooked #vulnerabilities within organizations. Spend the time to watch this - It’ll help you formulate which questions you should be asking your IT & Security teams HP #cyberinsurance #commercialinsurance

A shift-left strategy is important to address vulnerabilities early in the software development lifecycle.

What happens when two security experts like Francis Odum and Chris Hughes come together? You get an insightful and informative report that illuminates a hot space in security. This time they have shed light on one of the hottest segments in security, ASPM - Application Security Posture Management. From relative obscurity 4 years ago when we started ArmorCode Inc. to bursting out on to the main stage this year, Application Security Posture Management (ASPM) has come a long way! There were just 3 companies then and now many more have entered this space. Different companies have taken different and some very creative approaches to solving this very important problem on behalf of our collective customers. This report show cases those different approaches including the one we have taken and in my biased opinion, made a huge impact in helping companies ship secure code. Check out the report here: https://lnkd.in/gXKpBfws #ASPM #SecureSoftware #VulnerabilityManagement

https://lnkd.in/eWuh4GEF Unlike human accounts, which are more likely to trigger alerts when compromised, non-human accounts often go undetected for extended periods, providing malicious actors with prolonged access to critical systems and data.  Join us online on September 24th at 2pm ET for three, 20-minute comprehensive sessions featuring Ryan Frillman, Bezawit Sumner and Roey Rozi, as they share insights to equip you with the knowledge and solutions required to ensure your organization is protecting it's non-human identities. #nhim #IAM #PAM #CISO #infosec #cybersecurity Oasis Security

Delighted to complete the Diamond Model on TryHackMe! #Cybersecurity #TryHackMe #DiamondModel

Malicious actors close your eyes! RL's combination of static + dynamic analysis allows security groups to assess more files in less time, effectively ID'ing malicious behaviors regardless of file size or complexity.

Security is boring... until it isn't, right? Priscila Iwakawa, MS, MPH is joined by Torgin from ChainSecurity, Adrian from Immunefi and Erik from Euler to talk everything security in #DeFi. It's always a big topic in the industry given the exploits and hacks over the years, so make sure to tune into this to learn a thing or two from the experts. 👇 PART ONE OUT NOW! https://lnkd.in/eDXHZgBV