Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

Cisco Duo Third-Party Compromise

Apr 28, 2024 By Andres Ramos In Arctic Wolf
On April 16, 2024, Cisco Duo informed affected customers of a breach involving their SMS and VOIP multi-factor authentication (MFA) service provider. The breach occurred on April 1st due to a phishing attack, allowing unauthorized access to the provider’s systems, including SMS and VoIP MFA message logs for specific Duo accounts between March 1st and March 31st, 2024. Though the threat actor accessed message logs, they did not obtain message content.
Read Post
Arctic Wolf

Critical Authentication Bypass Vulnerability in Delinea Secret Server Disclosed Along With PoC

Apr 28, 2024 By Andres Ramos In Arctic Wolf
On April 12, 2024, Delinea issued an advisory to address a critical authentication bypass vulnerability identified in the SOAP API component of its Secret Server product, available in both Cloud and On-Premises solutions. A threat actor could exploit this vulnerability to bypass authentication, gain administrative access, and extract sensitive information.
Read Post
Featured Post
ThreatQuotient

How threat intelligence can improve vulnerability management outcomes

Apr 27, 2024 By Chris Jacob, Global Vice President, Threat Intelligence Engineers In ThreatQuotient
It might surprise you to know that more than 70 new vulnerabilities are published every day. And despite their risk-reducing value in helping SOC teams address these, vulnerability management solutions have drawbacks. Often, they only provide a snapshot of an organization's vulnerabilities at a point in time. In fact, owing to their nature, vulnerabilities identified today may not exist tomorrow, or they may appear and disappear intermittently. This leaves security teams scrambling to understand not only what the risk is, but how it affects them and where they should start first with any remediation.
Read Post
Spectral

7 Steps to ensure compliance with the CJIS security policy

Apr 27, 2024 By Eyal Katz In Spectral
A high-profile case hangs in the balance. Suddenly, court systems are paralyzed. Evidence is locked away, replaced by a ransom demand. Every law enforcement agency’s nightmare is alarmingly common – 96% of organizations were hit by ransomware in the past year, according to Cisco’s 2023 report. Exposed API keys, forgotten cloud configurations, outdated systems – these seemingly small vulnerabilities are the entry points relentless cybercriminals exploit.
Read Post
securitysenses

Top HIPAA Compliant Fax Services: Ensuring Secure Healthcare Communication

Apr 26, 2024 By SecuritySenses In SecuritySenses
When it comes to transmitting sensitive patient data, faxing must be secure and compliant under HIPAA regulations. But what does a 'hipaa compliant fax' service entail? Without delay, this article gets to the heart of HIPAA fax compliance, detailing the necessary security measures, the severe risks of non-compliance, and how to identify credible fax services that uphold these regulations. Discover the components and benefits of dependable HIPAA compliant fax solutions that protect patient data and uphold the integrity of healthcare providers.
Read Post
manageengine

How to segment DHCP scopes in DDI Central to achieve effective network segmentation

Apr 26, 2024 By DDI Central In ManageEngine
Data breaches have become alarmingly frequent and expensive. In 2022, the average incident incurred a massive cost of $4.35 million and, further compounding the associated costs and impacts, took an average of 243 days to identify and an additional 84 days to contain. This figure is expected to climb even higher as regulatory bodies across the globe tighten data protection laws, escalating the financial and reputational stakes of failing to safeguard sensitive information.
Read Post
redscan

Healthcare cyber security insights revealed in new Kroll report

Apr 26, 2024 By Mark Nicholls In Redscan
While the top concern for healthcare cybersecurity professionals is credential access, the Kroll Threat Intelligence team finds that the healthcare industry is consistently targeted by ransomware groups using a combination of valid credential theft and the exploitation of vulnerabilities. These and other insights are discussed in the new Kroll report, The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare.
Read Post
sysdig

Meet the Research behind our Threat Research Team

Apr 26, 2024 By Miguel Hernández In Sysdig
The Sysdig Threat Research Team (TRT) is on a mission to help secure innovation at cloud speeds. A group of some of the industry’s most elite threat researchers, the Sysdig TRT discovers and educates on the latest cloud-native security threats, vulnerabilities, and attack patterns. We are fiercely passionate about security and committed to the cause. Stay up to date here on the latest insights, trends to monitor, and crucial best practices for securing your cloud-native environments.
Read Post
netwrix

Navigating Security Concerns: Microsoft Copilot's Integration with Microsoft 365

Apr 26, 2024 By Farrah Gamboa In Netwrix
There are so many exciting things happening in the AI space currently. One of them is the integration of Microsoft Copilot, a generative AI, with Microsoft 365 applications. This fusion brings Copilot’s capabilities into the suite’s comprehensive office productivity tools to transform daily workloads and enhance productivity efficiency through the automation of mundane tasks, alongside offering insights and analyzing data. Key features include.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.