Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2023

cloudflare

How Cloudflare is staying ahead of the AMD vulnerability known as "Zenbleed"

Jul 25, 2023 By Derek Chamorro In Cloudflare

A new flaw in AMD's Zen 2 processors is detailed in this blog post (archive.org snapshot) today, July 24, 2023. The 'Zenbleed' flaw affects the entire Zen 2 product stack, from AMD's EPYC data center processors to the Ryzen 3000 CPUs, and can be exploited to steal sensitive data stored in the CPU, including encryption keys and login credentials.

Read Post
Featured Post
lookout

The Zero-Trust Journey Every Organisation Must Make

Jul 24, 2023 By Sundaram Lakshmanan, CTO In Lookout
Over the past decade, the working world has undergone a dramatic transformation. Spending each day of the week in an office is no more for most, while many have the flexibility to work from any location using a device and network that the organisation often has no control over. Productivity levels have certainly increased because of the flexible working environment, but it has opened the door to new challenges, mainly protecting the organisation's critical assets.
Read Post
Featured Post
senseon

Challenges in Securing Cloud Workloads

Jul 24, 2023 By Brad Freeman, Director of Technology In SenseOn
Cloud computing is nothing new in 2023, but is certainly still a growth piece of technology infrastructure, and one upon which many organisations work to build their IT infrastructure, whether across one cloud provider such as the market leaders AWS, or, increasingly, around a multi-cloud strategy across several providers, and some public cloud offerings.
Read Post
komodo consulting

Electrifying Exploit: A Case Study on SSRF Vulnerability in an EV Manufacturer's System

Jul 24, 2023 By Komodo Research In Komodo Consulting
You're cruising down the highway in your sleek, state-of-the-art electric vehicle (EV). The hum of the electric motor is your soundtrack, the open road your cinema. Your dashboard, a symphony of lights and numbers, is a live feed of your vehicle's vitals – battery levels, tire pressure, energy consumption, and more. Suddenly, your phone buzzes. It's your EV's companion app, alerting you to an unexpected battery drain.
Read Post
cultureai

Cyber Security Behaviours: Bridging the Gap Between Awareness and Action

Jul 24, 2023 By Max Kurton In CultureAI
Awareness of potential threats is merely the first step; true change is brought about when secure practices become habitual through consistent reinforcement. The focus on cyber security behaviours is pivotal, as it converts theoretical knowledge into routine action. This ensures that employees not only understand the nuances of the threat landscape but also possess the capability to respond effectively during a genuine cyber attack.
Read Post
opti9

Immutable vs. Mutable Backups: Does it Really Matter?

Jul 24, 2023 By Opti9 In Opti9

As the fight against ransomware continues, the value of data cannot be understated. Considering what a breach could cost and how long it would take to rectify, it’s no wonder risk mitigation and response is at the forefront of every IT leader’s mind. When discussing data storage, data permanence is often discussed as a way to retain information indefinitely. But when it comes to the threat of ransomware, does the immutability of your backups play such an important role?

Read Post
entitle

AWS Identity Center (SSO) vs. AWS Identity Federation vs. AWS IAM

Jul 24, 2023 By Avi Zetser In Entitle

Selecting an identity management solution is a critically important decision for any software organization. Identity management is a foundational component of good cloud security and can either be an enabler for scalability or a huge technical debt sink. Many organizations start with AWS by quickly throwing together their IAM infrastructure: some users, a few roles, and some policies.

Read Post

Webinar: Top Security Threats Worldwide Q1 2023

Jul 24, 2023 By WatchGuard In WatchGuard
Join WatchGuard CSO Corey Nachreiner and Director of Security Operations Marc Laliberte as they discuss key findings from the WatchGuard Threat Lab’s Q1 2023 Internet Security Report. They’ll cover the latest malware and network attack trends targeting small and midsized enterprises and defensive tips you can take back to your organization to stay ahead of modern threat actor tactics.
View Video

The 443 Podcast - Episode 251 - Red Teaming AI Systems

Jul 24, 2023 By WatchGuard In WatchGuard
This week on the podcast, we give an update on last week's discussion around a China-based APT targeting government organizations. After that, we cover the latest uses of generative AI like ChatGPT by malicious hackers. Finally, we end with a report from Google on their efforts around Red Teaming Artificial Intelligence systems.
View Video
gitguardian

CodeSecDays brings security leaders together to build a world without software security issues

Jul 24, 2023 By Mackenzie Jackson In GitGuardian

In GitGuardian's first digital conference, CodeSecDays, security leaders from multiple leading companies like Snyk, Chainguard, Doppler, RedMonk, and more came together to share the latest in code and application security.

Read Post
SecurityScorecard

5 Insights to Planning for a More Cybersecure World

Jul 24, 2023 By SecurityScorecard In SecurityScorecard

SecurityScorecard recently joined the World Economic Forum’s Centre for Cybersecurity and UC Berkeley’s Center for Long-Term Cybersecurity (CLTC) for a private, invite-only workshop in Washington, DC alongside global leaders, CEOs, and CISOs to identify trends and insights that will most likely impact cybersecurity in the next decade of 2030 via future-focused scenarios with emerging cybersecurity challenges.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.