Welcome to the November edition of the MergeBase newsletter, your gateway to the latest developments and insights in the realm of cybersecurity.
From critical updates in popular software to groundbreaking executive orders on AI, the digital landscape continues to evolve at a breathtaking pace. Join us as we explore key insights from industry experts, unravel the complexities of cybersecurity, and look ahead to the future of AI governance:
Cut The Clutter: How accurate scanning tools save you time and effort
Don’t miss our lastes video, “Cut The Clutter”, where Oscar, Kelly, and Delan as they dissect the balance between security and productivity in software development. Their insights are crucial for anyone navigating the complexities of modern cybersecurity.
CISA, FBI, and MS-ISAC Release Advisory on Rhysida Ransomware
The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint advisory on the Rhysida ransomware.
Rhysida actors exploit vulnerabilities such as external-facing remote services, Zerologon (CVE-2020-1472), and phishing campaigns for network access and persistence, targeting sectors like education, manufacturing, IT, and government. The advisory provides crucial indicators of compromise, detection methods, and tactics to combat Rhysida.
Cyber Expert’s Opinion about President Biden’s Executive Order on AI Security
With AI’s integration into various sectors, its deployment raises significant privacy, security, and ethical concerns. The President Biden’s Executive Order on AI Security mandates federal agencies to prioritize safety, security, privacy, and transparency throughout the AI system’s lifecycle. Dive into what this means for the future of AI and the cyber expert opinions about it.
CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development
CISA and the UK National Cyber Security Centre (NCSC) have unveiled joint guidelines for secure AI system development. This collaboration, endorsed by 23 cybersecurity organizations, is a significant stride in merging AI, cybersecurity, and critical infrastructure.
The guidelines emphasize ‘Secure by Design’ principles, advocating for security ownership, transparency, and prioritizing secure design in organizational structures. Also represents a unified approach to AI safety, underscoring the global commitment to secure, responsible AI development.
Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
Google Chrome discovery a zero-day vulnerability, CVE-2023-6345. This high-severity issue, raise concerns due to its potential for remote attacks and sandbox escapes.
Users are urged to update to Chrome version 119.0.6045.199/.200 for Windows, and 119.0.6045.199 for macOS and Linux. This update includes 7 security fixes, such as CVE-2023-6348, CVE-2023-6347,CVE-2023-6346, and more.
Oracle Fusion Middleware Flaw Flagged by CISA
CISA flagged a major vulnerability in Oracle’s Fusion Middleware Access Manager. Identified as CVE-2021-35587, this flaw poses a significant threat, allowing unauthorized actors to potentially compromise and take control of the Oracle Access Manager.
Tips & Guides
The Enterprise Guide to AppSec Tech Stack Consolidation
You’re trying to make your AppSec environment less complex and more efficient. Should you move to a single vendor or use a few best-in-breed solutions? Access our new guide and find more about how to make your appsec stack more efficient.
SEC Sues SolarWinds: What Does This Mean for Cybersecurity Leaders?
The U.S. Government has begun holding software vendors liable for cybersecurity negligence. Here’s what that means for you.
Ready for amazing customer service?
Our CTO, Kelly West, and Customer Success Manager, Cody Bludorn, are here to answer any software supply chain security questions you may have and find the right solution for you. How can we help you today?