Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

PCI DSS Compliance Check List & Best Practices You Should Be Knowing

Jan 12, 2022 By VISTA InfoSec In VISTA InfoSec
PCI DSS can be very challenging for businesses to achieve, especially when they have limited resources to get things in place. Moreover, understanding the requirements and implementing measures to meet the 12 PCI DSS requirement is altogether a different challenge. Businesses need to consider many aspects when undergoing an Audit and ensuring it is a success. Achieving PCI DSS Compliance requires establishing, updating, and constantly reviewing policies, procedures, and processes. This in turn ensures securing of sensitive data and IT Infrastructure.
View Video

7 Best Security Practices to Protect Against the Main Types of Attacks on Web Applications

Jan 12, 2022 By Indusface In Indusface
As the world becomes more digital and interconnected, futuristic technologies such as IoT, 5G technology, quantum computing, and AI are bringing in limitless opportunities along with a whole range of threats and risks. The result – web application attacks are commonplace today with businesses being affected every day. About Indusface: Indusface is a SaaS company that secures critical Web applications of 2000+ global customers using its award-winning platform that integrates Web application scanner, Web application firewall, CDN, and threat information engine.
View Video
CrowdStrike

noPac Exploit: Latest Microsoft AD Flaw May Lead to Total Domain Compromise in Seconds

Jan 11, 2022 By Alex Talyanski In CrowdStrike

Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as “noPac”) was released.

Read Post
alienvault

Introducing next-generation firewall from Palo Alto Networks to support 5G-enabled IoT, OT and IT use cases

Jan 11, 2022 By Lisa Ashjian In AT&T Cybersecurity

Enterprises know they need defenses integrated into each aspect of their network while not being an inhibitor to innovation. Digital transformation realized through new 5G-enabled IoT, Operational Technologies (OT) and IT use cases are no exception. Therefore, security teams need to take a closer look at the best technology to support this innovation.

Read Post
CrowdStrike

CrowdStrike Services Offers Incident Response Tracker for the DFIR Community

Jan 11, 2022 By Paul Pratley, Mark Goudie In CrowdStrike

During a recent client engagement for a tabletop exercise (TTX), it became apparent that the client did not have a methodology for tracking indicators and building an incident timeline. The CrowdStrike Services team wanted to provide more information to our client on how incidents can and should be tracked, but nothing was available in the public domain.

Read Post
appknox

Understanding Insecure Direct Object References (IDOR)

Jan 11, 2022 By Rahul Kadavil In Appknox

IDOR is a broken access control vulnerability where invalidated user input can be used to perform unauthorized access to application functions. IDOR can result in sensitive information disclosure, information tampering etc. This issue was previously part of OWASP top 10 2007, later it was merged with OWASP top 10 A5 Broken Access control vulnerability.

Read Post

Random but Memorable - Episode 8.6: Games Revival Outtake Special

Jan 11, 2022 By 1Password In 1Password
Is there a better way to ring in the New Year than with the revival of all Random but Memorable's iconic games? What the Phrase, Real or Not Real, Play Your Passwords Right, Three Word Password, Ridiculous Requirements – whichever's your favourite, the gang's all here! Not only that, we've also included some bonus, long-requested outtakes (with the help of a trusty soundboard!) Listen to the chaos unfold as we uncover some lost gems from the show. (Some of which probably should have stayed lost...)
View Video
ThreatQuotient

Power the SOC of the Future with the DataLinq Engine - Part 2

Jan 11, 2022 By Leon Ward In ThreatQuotient

In my first blog in this series, we discussed the importance of data to the modern SOC, and the unique approach of ThreatQ DataLinq Engine to connect the dots across all data sources, tools and teams to accelerate detection, investigation and response. We developed the DataLinq Engine with the specific goal of optimizing the process of making sense out of data in order to reduce the unnecessary volume and resulting burden.

Read Post
Arctic Wolf

What Oil and Gas Companies Must Do to Counter Cyber Threats

Jan 11, 2022 By Arctic Wolf In Arctic Wolf
The oil and gas industry’s global supply chain uses a vast array of information technology (IT) and operational technology (OT) systems. These systems require constant cybersecurity protection to ensure energy flows efficiently and productively around the world to meet global needs. Hackers know that IT and OT systems are often interdependent and closely linked. In fact, the recent Colonial Pipeline attack resulted from the successful breach of Colonial’s IT network.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.