rxdirs has provided a convenient default when setting permissions recursively. When enabled (the default prior to version 3.20.0) a promise to grant read access on a directory is extended to also include execution since quite commonly if you want to read a directory you also want to be able to list the files in the directory. However, the convenience comes with the cost of complicating security reviews since the state requested on the surface is more strict than what is actually granted.

It’s mid-morning. You’re scanning the daily news while enjoying a coffee break. You come across yet another headline broadcasting a supply chain data breach. Your heart skips a quick, almost undetectable, beat. You have the technology in the headline in your stack. You set aside your coffee and begin furiously scanning through the overwhelming number of alerts triggered across all your technologies.

A new vulnerability, CVE-2021-342 has been discovered in the Splunk indexer component, which is a commonly utilized part of the Splunk Enterprise suite. We’re going to explain the affected components, the severity of the vulnerability, mitigations you can put in place, and long-term considerations you may wish to make when using Splunk.

In recent weeks, international headlines have been dominated by the Russia-Ukraine war and its potential to escalate into cyberspace due to punishing economic sanctions by the west. On March 21st, 2022, the Biden administration released a statement calling for the public and private sector to “accelerate efforts to lock their digital doors” in light of the Russian cyber threat.

2021 marked the fifth consecutive year of record-breaking security attacks. Zero-Day attacks skyrocketed, with 66 exploits found to be in use, more than any other year on record and almost double 2020’s figure. Meanwhile, a staggering 66% of organizations have suffered at least one ransomware attack in the last year, with the average ransom payment soaring by 63% to $1.79 million (USD).

With remote and hybrid working now commonplace for organizations, many IT departments are weighing up the pros and cons of moving to a Zero Trust Network Access (ZTNA) model to replace traditional VPN, or other remote access approaches. While the benefits of moving to ZTNA are compelling: improving user experience, providing enhanced security, reducing management overhead, and increasing visibility and control, it can often be a challenge to select the best approach for your business.

Your senior leadership started stressing out about data breaches. It’s not that they haven’t worried before, but they’ve also started looking at the rising tide of data breach awareness. Specifically, they’re starting to see more new security and privacy laws passed at the state and federal levels. Now, you’ve been tasked with the very unenviable job of choosing a compliance framework, and you’re looking at the Center for Internet Security (CIS) Controls.

Huntington Beach, Calif. – March 23, 2022 – Netreo, the award-winning provider of IT infrastructure monitoring and observability solutions and one of Inc. 5000’s fastest growing companies, today announced the company has achieved Veracode Verified Team status for Netreo’s full-stack monitoring and observability suite.

As the modern world moves almost entirely online, so do the issues we used only to face in the physical world. In years gone by, security may have taken the form of a CCTV camera or a person hired to ensure customers don't steal from your premises. Well, as you can probably tell, neither of these solutions works when it comes to cybersecurity and keeping a business safe online.