Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Coffee Talk with SURGe! 2022-MAY-03 CISA Top Vulnerabilities, Mandiant Zero-Days, State of Security

May 4, 2022 By Splunk In Splunk
Grab a cup of coffee and join Ryan Kovar, Audra Streetman, and Mick Baccio for another episode of Coffee Talk with SURGe. This week the team from Splunk discussed CISA's list of the top exploited vulnerabilities for 2021, Mandiant's analysis of 80 zero-days exploited in the wild last year, and signs the ransomware group REvil may be back in operation. Mick and Ryan competed in a 60 second charity countdown on how to solve the talent crisis in cybersecurity before taking a deep dive into the topic of zero-days and vulnerability mining.
View Video
netwrix

CIS Control 7: Continuous Vulnerability Management

May 4, 2022 By Dirk Schrader In Netwrix

The Center for Internet Security (CIS) provides Critical Security Controls to help organizations improve cybersecurity. Control 7 addresses continuous vulnerability management (this topic was previously covered under CIS Control 3). Continuous vulnerability management is the process of identifying, prioritizing, documenting and remediating weak points in an IT environment.

Read Post
netwrix

CIS Control 4: Secure Configuration of Enterprise Assets & Software

May 4, 2022 By Dirk Schrader In Netwrix
Maintaining secure configurations on all your IT assets is critical for cybersecurity, compliance and business continuity. Indeed, even a single configuration error can lead to security incidents and business disruptions. Control 4 of CIS Critical Security Controls version 8 details cyber defense best practices that can help you establish and maintain proper configurations for both software and hardware assets.
Read Post
netwrix

CIS Control 1: Inventory and Control of Enterprise Assets

May 4, 2022 By Dirk Schrader In Netwrix

Unless you know what IT assets you have and how important each of them is to your organization, it’s almost impossible to make strategic decisions about IT security and incident response. Indeed, inventory and control of enterprise assets is so important that it is the first in the set of Critical Security Control (CSCs) published by the Center for Internet Security (CIS).

Read Post
detectify

Phishing, OWASP, EASM, and hacking WordPress - top themes from Hack Yourself London

May 4, 2022 By Detectify In Detectify

When Algolia’s security program manager Regina Bluman ran a Twitter poll to see how many people within the security industry understood the concept of EASM, she didn’t expect that the term is far from being on an IT security team’s radar. Moreover, most were not even aware of it.

Read Post
Snyk

Snyk brings infrastructure as code security to HashiCorp Terraform Cloud

May 4, 2022 By Marco Morales, Sarah Conway In Snyk

In our mission to make Terraform Cloud workflows more streamlined and secure, we’re excited to announce our new native integration into HashiCorp Terraform Cloud. This integration embeds the security expertise and developer-friendly fixes of Snyk Infrastructure as Code (Snyk IaC) directly into Terraform Cloud, making the Terraform Cloud workflow one of the safest ways to provision and manage public cloud infrastructure.

Read Post
Snyk

These aren't the npm packages you're looking for

May 4, 2022 By DeveloperSteve In Snyk

Over the years, as a developer, I’ve built and deployed many applications through digital agencies, side projects, startups, and freelance work. With time-sensitive deadlines, client expectations, and delivery dates to consider, security wasn’t usually top of mind when npm installing an open source package. This often led to reworking and cleanup on deployments that had let in known vulnerabilities, adding to compounding timelines and client disappointment.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.