CalCom

Russian Hackers Exploit MFA protocols and Print Spooler "PrintNightmare" vulnerability

Mar 20, 2022 By John Gates In CalCom
A joint Cybersecurity Advisory (CSA) was issued by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) recently warning organizations about a Russian state-sponsored cyber-attack. The cyber actors ran arbitrary code using system privileges by exploiting a Windows Print Spooler vulnerability, “PrintNightmare.”
Read Post
tripwire

EPP/EDR: What Is It and How Can It Help to Keep Your Organization Safe?

Mar 20, 2022 By Phil Labas In Tripwire

Endpoint devices played a big part in malware and ransomware attacks in 2021. According to a study covered by Help Net Security, security researchers detected more malware and ransomware endpoint infections in the first nine months of the year than they did for all of 2020. Attack scripts leveraging PowerSploit, Cobalt Strike, and other tools were particularly prevalent in that nine-month period, having grown 10% over the previous year after having already climbed 666% compared to 2019.

Read Post
tripwire

How to Combat Asset Blindness in OT Security

Mar 20, 2022 By Tripwire Guest Authors In Tripwire

One of the main challenges of OT security is the problem of compatibility. OT components often differ significantly from each other in terms of age and sophistication as well as software and communication protocols. This complicates asset discovery and makes it difficult to establish a consistent cybersecurity governance approach. Combating asset blindness in OT security begins with taking account of these differences.

Read Post
upguard

Australia and the Risk of a Russian Cyber Attack: Are You Ready?

Mar 20, 2022 By Edward Kost In UpGuard

Given Russia's reputation for highly-sophisticated cyberattacks, the country's invasion of Ukraine has sparked justified fears of an imminent global cyberwar. While, for the time being, Putin’s cyber efforts against Ukraine are surprisingly restrained, this may not be the case for other countries.

Read Post

How Firewall Security Assessment Services Can Protect Your Data | Cyphere

Mar 19, 2022 By Cyphere In Cyphere
In this video, I will walk you through how a firewall security assessment service can protect your data. A firewall is the first line of defence for any company's cyber-security and is often overlooked by IT departments who are tasked with protecting these companies from hackers. A security assessment is a proactive measure that can help identify potential vulnerabilities before they're exploited in an attack.
View Video

Balancing Security and Agility While Scaling Your Company with Michael Coates

Mar 19, 2022 By Teleport In Teleport
Fast-growth companies are some of the richest targets for hackers because that’s where the user data is. How do you balance the security you need to protect your customers/users with the agility you need to build a business? This talk provides practical tips drawn from Michael Coates' experience as CISO of an iconic brand with hundreds of millions of users. The talk will also explore current threats, data breaches, and the new reality of risk to identify what security controls are actually needed for enterprises that are moving fast, leaning into new technology, and want effective security defenses.
View Video
snyk

node-ipc sabotages JavaScript developers

Mar 18, 2022 By Snyk In Snyk
On March 15, in an apparent act of protest against the Ukraine crisis, a supply chain attack was created which affects users of the popular JavaScript front-end development framework Vue.js and the Unity Hub. The attack creates a file with an antiwar message and introduces security vulnerabilities, with an earlier version corrupting user files on machines with Russian and Belorussian geolocations, replacing characters with heart emoji.
Read Post
teleport

How to Stop Container Escape and Prevent Privilege Escalation

Mar 18, 2022 By Sadequl Hussain In Teleport

Container escape is a security risk in which malicious players can leverage a containerized application’s vulnerabilities to breach its isolation boundary, gaining access to the host system’s resources. Once an attacker accesses the host system, they can escalate their privilege to access other containers running in the machine or run harmful code on the host. Depending on how vulnerable the host is, the actor could also access other hosts in the network.

Read Post
egnyte

6 Reasons Cyber Insurance Prices Are on the Rise

Mar 18, 2022 By Neil Jones In Egnyte

What’s happening today in the cyber insurance market is comparable to what happens to property insurance in a region that experiences a major hurricane or devastating flood. Not only are your company’s premiums increasing; oftentimes, insurers are scrutinizing your overall risk preparedness as part of their renewal process. In the first part of this two-part series, we’ll examine why cybersecurity insurance premiums have skyrocketed.

Read Post
Snyk

dompdf security alert: RCE vulnerability found in popular PHP PDF library

Mar 18, 2022 By DeveloperSteve In Snyk

Recently, researchers from Positive Security published findings identifying a major remote code execution (RCE) vulnerability in dompdf, a popular PDF generation library. In their reporting, they outlined a way that code could be loaded into an application and then remotely executed during a PDF being generated. Dompdf is used quite extensively within the PHP ecosystem, and is used within over 59,000 open sourced platforms and projects.

Read Post
Subscribe to Security

Copyright © 2026 OpsMatters™. All rights reserved.