Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

comp ai

Bubba AI, Inc. is launching Comp AI to help 100,000 startups get SOC 2 compliant by 2032.

Mar 3, 2025 By Comp AI
With the growing importance of security compliance for startups, more companies are seeking to achieve and maintain compliance with frameworks like SOC 2, ISO 27001 & GDPR. Bubba AI, Inc. is building a comprehensive solution for these organizations to easily integrate compliance workflows and build their own customized processes through an open-source alternative to existing GRC (Governance, Risk, and Compliance) automation platforms.
Read Post

API Risks & Threats: What Wallarm's Reports Reveal #APIThreats #CyberResearch #APIExploitation

Mar 3, 2025 By Wallarm In Wallarm
Wallarm conducts quarterly and annual API threat reports to provide data-driven insights on API vulnerabilities, risks, and attacks. This research helps the industry understand emerging threats and improve API security strategies. Stay informed with the latest findings!
View Video
graylog

FERC and NERC: Cyber Security Monitoring for The Energy Sector

Mar 3, 2025 By Jeff Darrington In Graylog
As cyber threats targeting critical infrastructure continue to evolve, the energy sector remains a prime target for malicious actors. Protecting the electric grid requires a strong regulatory framework and robust cybersecurity monitoring practices. In the United States, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) play key roles in safeguarding the power system against cyber risks.
Read Post
datadog

Securing Datadog's cloud infrastructure: Our playbook and methodology

Mar 3, 2025 By Tim Gonda In Datadog
At Datadog, we build and operate a complex, self-managed infrastructure that spans multiple cloud providers and serves many customers in regulated environments. We need to secure this large, distributed infrastructure while maintaining strict uptime requirements and scaling our finite people resources. In this post, I’ll detail the playbook that we use on Datadog’s Cloud Security team for securing our infrastructure, including.
Read Post
cycognito

Dynamic IPs Are Breaking Security - Here's How to Fix It

Mar 3, 2025 By Shahar Agmon In CyCognito
Organizations rely on stable systems to run their operations. Unfortunately, the IP addresses representing these systems can change frequently. This is especially challenging for cybersecurity, where identifying and tracking assets by IP address is crucial. Dynamic IP management is the practice of identifying, tracking, and contextualizing systems that use dynamic IPs to ensure accurate visibility, reduce noise, and maintain a continuous security posture.
Read Post

Never Let a Good Crisis Go to Waste - CISO's Powerful Take on Security Improvement

Mar 3, 2025 By Rubrik In Rubrik
Amy Bogac, CISO at Elevate Textiles, shares her candid approach to cybersecurity program management. She emphasizes the importance of distinguishing between immediate fixes and long-term improvements after security incidents. Key insights: Set clear boundaries between incident resolution and continuous improvement Use security incidents as leverage for necessary program investments Learn from every crisis to strengthen your security posture Distinguish between short-term fixes and long-term strategic improvements.
View Video
vanta

How Claude + MCP + Vanta could help auditors

Mar 3, 2025 By Vanta In Vanta
At Vanta, we’re always looking to experiment, learn, and stay at the forefront of AI. Recently, we built a proof of concept to explore how auditors could interact more effectively with audits and the data within them. Our experiment used Anthropic’s Claude, the open source MCP (Model Context Protocol), and Vanta’s API to enable users to ask deeper questions of Vanta’s compliance data. ‍ ‍
Read Post
memcyco

The Rise of Perfect Clones: The Darcula Phishkit and How to Stop It

Mar 3, 2025 By Arthur Zavalkovsky In Memcyco
It’s no secret that phishing has always relied on deception. Scam-targeted enterprises the world over warn their customers of the social engineering tactics and brand impersonation designed to trick them into handing over credentials. Besides email-based phishing, social media has become a hotbed for phishing attacks, with scammers using fake ads, impersonated accounts, and fraudulent messages to lure users.
Read Post
Arctic Wolf

Healthcare Sector Targeted by Fake CAPTCHA Attack on HEP2go to Deliver Infostealer Malware

Mar 3, 2025 By Andres Ramos In Arctic Wolf
Arctic Wolf has recently observed a campaign targeting the healthcare sector, where victims visiting the widely used physical therapy video site HEP2go are redirected to a fake CAPTCHA webpage when they attempt to visit multiple parts of the website. This CAPTCHA provides instructions that trigger PowerShell code execution and the eventual loading of infostealer malware.
Read Post
WatchGuard

Webinar: Secure Your Remote Workforce with a Secure Access Service Strategy

Mar 3, 2025 By The Editor In WatchGuard
In today’s rapidly evolving digital landscape, traditional security models fail to protect remote workers and cloud-based applications. Shifting to a secure access service edge (SSE) strategy is an effective and affordable solution that will protect remote workers. SSE solutions deliver firewall-as-a-service (FWaaS) and secure web gateway (SWG) capabilities, ensuring safe, high-performance connectivity to Cloud applications.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.