Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

jit

Top 9 Software Supply Chain Security Tools

May 28, 2024 By Avichay Attlan In Jit
Imagine this: an attacker sneaks a tiny backdoor into software that hundreds of companies use. It sounds like a plot from a spy movie, but it’s a real threat that recently impacted major Linux distributions through a compromised utility tool, XZ Utils. So far, in 2024, over 35 billion known records have been breached. The Linux attack, potentially in action and undetected since 2021, is just one of the many that highlight the alarming proliferation of supply chain attacks.
Read Post
Snyk

Fastify plugins as building blocks for a backend Node.js API

May 28, 2024 By Liran Tal In Snyk
In the world of building backend Node.js APIs, Fastify stands out with its plugin ecosystem and architecture approach, offering a compelling option beyond the conventional Express framework. This highly efficient, low-overhead web framework distinguishes itself through its remarkable speed and streamlined simplicity.
Read Post
foresiet

Trojan Warning: Malware Identified in VAHAN PARIVAHAN.apk

May 28, 2024 By Foresiet In Foresiet
The Foresiet Threat Intelligence Team has recently conducted an in-depth analysis of an Android malware Trojan masquerading as the "VAHAN PARIVAHAN.apk" application. This trojan poses a significant threat to users by leveraging a backdoor, utilizing the Telegram API bot, and exploiting the services of GoDaddy.com LLC and Mark Monitor Inc. In this blog, we delve into the specifics of this malware, including its technical details, behavior, and potential impact on users.
Read Post
foresiet

Significant Surge in Cyber Activity Targeting Upcoming Indian General Election

May 28, 2024 By Foresiet In Foresiet
Foresiet, your trusted cybersecurity partner, brings to light a dramatic increase in cyber activity aimed at disrupting the upcoming Indian general election. This uptick, primarily driven by various hacktivist groups, has led to the exposure of personal identifiable information (PII) of Indian citizens on the dark web. The election, which will be held in seven phases from April 19 to June 1, 2024, will elect all 543 members of the Lok Sabha, with results announced on June 4, 2024.
Read Post
foresiet

ShrinkLocker: Turning BitLocker into Ransomware

May 28, 2024 By Foresiet In Foresiet
Attackers are continually developing sophisticated techniques to bypass defensive measures and achieve their goals. One highly effective approach involves exploiting the operating system's native features to evade detection and ensure compatibility. In the realm of ransomware threats, this can be seen in the use of the cryptographic functions within ADVAPI32.dll, such as CryptAcquireContextA, CryptEncrypt, and CryptDecrypt.
Read Post
tigera

Container Security: Protect your data with Calico Egress Access Controls

May 28, 2024 By Utpal Bhatt In Tigera
23andMe is a popular genetics testing company, which was valued at $6B in 2021. Unfortunately, there was a massive data breach in December 2023, which caused a steep decline in the company’s value and trust, plummeting the company to a penny stock. While this breach was not directly related to Kubernetes, the same risks apply to containers running in your Kubernetes environments.
Read Post
jfrog

The basics of securing GenAI and LLM development

May 28, 2024 By Sean Pratt In JFrog
With the rapid adoption of AI-enabled services into production applications, it’s important that organizations are able to secure the AI/ML components coming into their software supply chain. The good news is that even if you don’t have a tool specifically for scanning models themselves, you can still apply the same DevSecOps best practices to securing model development.
Read Post
CrowdStrike

CrowdStrike Brings Industry-Leading ITDR to All Major Cloud-Based Identity Providers

May 28, 2024 By Venu Shastri In CrowdStrike
Today, we’re announcing new capabilities of CrowdStrike Falcon Identity Protection to further strengthen our industry-leading identity threat detection and response (ITDR) technology and help customers secure their cloud-based identity environments from cyberattacks.
Read Post
WatchGuard

Navigating the NIS 2 Landscape - Part 1

May 28, 2024 By Kirk Jensen In WatchGuard
The European Union (EU) is taking a significant step forward in the fight against cybercrime by introducing the Network and Information Systems Directive 2, or NIS 2. This directive represents a major overhaul of cybersecurity regulations across the continent, aiming to bolster defenses against the ever-evolving threats of the digital age. In this first of four blog posts, we will introduce the basics of NIS 2.
Read Post
veracode

Understanding PCI DSS 4.0: What You Need to Know

May 28, 2024 By Jenny Buckingham In Veracode
If you're in a business that handles credit cards, you already know how crucial it is to keep that data secure. PCI DSS is a set of compliance requirements that ensure all companies handling cardholder data keep it secure. And that it's not just a good idea—it's a must. As cyber threats become more sophisticated, it's challenging to keep pace with complex security and compliance landscapes.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.