Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Arctic Wolf

Cisco Duo Third-Party Compromise

Apr 28, 2024 By Andres Ramos In Arctic Wolf
On April 16, 2024, Cisco Duo informed affected customers of a breach involving their SMS and VOIP multi-factor authentication (MFA) service provider. The breach occurred on April 1st due to a phishing attack, allowing unauthorized access to the provider’s systems, including SMS and VoIP MFA message logs for specific Duo accounts between March 1st and March 31st, 2024. Though the threat actor accessed message logs, they did not obtain message content.
Read Post
Featured Post
ThreatQuotient

How threat intelligence can improve vulnerability management outcomes

Apr 27, 2024 By Chris Jacob, Global Vice President, Threat Intelligence Engineers In ThreatQuotient
It might surprise you to know that more than 70 new vulnerabilities are published every day. And despite their risk-reducing value in helping SOC teams address these, vulnerability management solutions have drawbacks. Often, they only provide a snapshot of an organization's vulnerabilities at a point in time. In fact, owing to their nature, vulnerabilities identified today may not exist tomorrow, or they may appear and disappear intermittently. This leaves security teams scrambling to understand not only what the risk is, but how it affects them and where they should start first with any remediation.
Read Post
Spectral

7 Steps to ensure compliance with the CJIS security policy

Apr 27, 2024 By Eyal Katz In Spectral
A high-profile case hangs in the balance. Suddenly, court systems are paralyzed. Evidence is locked away, replaced by a ransom demand. Every law enforcement agency’s nightmare is alarmingly common – 96% of organizations were hit by ransomware in the past year, according to Cisco’s 2023 report. Exposed API keys, forgotten cloud configurations, outdated systems – these seemingly small vulnerabilities are the entry points relentless cybercriminals exploit.
Read Post
manageengine

How to segment DHCP scopes in DDI Central to achieve effective network segmentation

Apr 26, 2024 By DDI Central In ManageEngine
Data breaches have become alarmingly frequent and expensive. In 2022, the average incident incurred a massive cost of $4.35 million and, further compounding the associated costs and impacts, took an average of 243 days to identify and an additional 84 days to contain. This figure is expected to climb even higher as regulatory bodies across the globe tighten data protection laws, escalating the financial and reputational stakes of failing to safeguard sensitive information.
Read Post
securitysenses

Top HIPAA Compliant Fax Services: Ensuring Secure Healthcare Communication

Apr 26, 2024 By SecuritySenses In SecuritySenses
When it comes to transmitting sensitive patient data, faxing must be secure and compliant under HIPAA regulations. But what does a 'hipaa compliant fax' service entail? Without delay, this article gets to the heart of HIPAA fax compliance, detailing the necessary security measures, the severe risks of non-compliance, and how to identify credible fax services that uphold these regulations. Discover the components and benefits of dependable HIPAA compliant fax solutions that protect patient data and uphold the integrity of healthcare providers.
Read Post
Trustwave

7-Step Guide to Properly Scoping an Offensive Security Program

Apr 26, 2024 By Trustwave In Trustwave
Offensive security has become a cornerstone strategy for organizations aiming to fortify their defenses against cyber threats. However, before one creates a suitably developed offensive security program, an organization must ensure it is properly scoped. This will ensure the final product is effective, efficient, and aligned with the organization's overall security objectives. Here's a guide to help organizations understand and implement a well-scoped offensive security program.
Read Post
teramind

Insider Threat Mitigation Strategies To Improve Security

Apr 26, 2024 By Taran Soodan In Teramind
When company leaders and managers consider their cybersecurity risks, they too often focus on their vulnerability to external threats only. While state-sponsored attacks, phishing attacks, ransomware, and third-party software infiltration are becoming more prevalent in the current threat landscape, it’s important that those potentialities don’t distract attention from the dangers posed by insider threats.
Read Post
SecurityScorecard

Insights from the Experts: Legal, Compliance, and Security Perspectives on SEC Regulations

Apr 26, 2024 By SecurityScorecard In SecurityScorecard
In July 2023, the U.S. Securities and Exchange Commission (SEC) announced new cybersecurity rules that require publicly traded companies in the U.S. to disclose material cybersecurity incidents within four business days of determining whether the incident is material to the company’s financial performance. SecurityScorecard recently hosted a webinar discussing the implications of the new rules and how compliance, security, and legal experts can elevate their game to meet these new regulations.
Read Post
upguard

The EU's Strategy for a Cybersecure Digital Single Market

Apr 26, 2024 By Leah Sadoian In UpGuard
The EU Digital Single Market Strategy (DSM Strategy) is a comprehensive initiative launched by the European Union to enhance Europe’s digital economy and maximise its growth potential across member states. The strategy includes evolving policies and specific initiatives aimed at the digitalisation of the European Union and adapting it to the rapidly changing digital ecosystem.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.