Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
opsdemon
Latest posts
How Can MSSPs Respond to Vendor Competition?
Managed security service providers (MSSPs) must confront a worrying trend: More and more cybersecurity solutions vendors are developing—or acquiring—managed services offerings of their own. This places MSSPs in direct competition with the vendors on whose tools they depend. Large EDR/XDR providers like CrowdStrike, Palo Alto, and Check Point already have managed detection and response (MDR) services. And more large security firms are moving in this direction.
Weekly Cyber Security News 12/12/2024
Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! To add to the continued pile of e-waste…
Why security questionnaires are a familiar-but ineffective-norm for assessing risk
Security questionnaires are a standard part of almost every due diligence process before companies sign on to work with a new third party. By asking detailed questions via questionnaires, organizations learn about a seller’s security controls and compliance with relevant standards. With that information, they determine how and if a partnership with that third party will expand their attack surface and increase risk—and ultimately decide if the increased risk is acceptable.
What is Bonus Abuse, and How to Prevent It
Bonus offers, free trials, gifts, and other promotions are great ways for companies to encourage customer loyalty. But what happens when fraudsters and other malicious actors exploit the system to reap unfair rewards? Welcome to the world of bonus abuse. Bonus abuse costs an average of 15% of the iGaming sector’s annual revenues. This unethical behavior takes advantage of incentives designed to attract new customers or reward long-standing ones.
People Problem or Data Problem? Risks and Mitigation of Insider Threats
An insider is any person with authorized access to systems or data that gives them the ability to take potentially harmful actions. Insiders range from business partners or third party contractors to full- and part-time employees–essentially all valid users with access to resources that you'd rather keep out of the wrong hands. People are just people, but when they mishandle data, they fall into the category of being an insider threat–intentional or not.
ZTNA and Microsegmentation: A Powerful Duo to Mitigate the Risk of Breaches
Last year, organizations all around the world collectively suffered more than 10,000 data breaches. These attacks may have exposed more than 360 million people to potential cyber threats, from identity theft to ransomware. As remote employment, cloud computing, and mobile devices become more common in the workplace, threat actors have more methods than ever to compromise legitimate accounts and steal sensitive data.
Achieving Secure Access: How to Implement Zero Trust for Remote Workers
A remote workforce is a uniquely powerful thing. It allows an organization to recruit and retain the best talent for the job regardless of their ability to report to an office suite every morning. Yet, as a certain comic book uncle once informed his young nephew, with great power comes great responsibility. To meet that responsibility of providing both access and security, you need to know how to implement zero trust.
4 Key Cybersecurity Challenges Businesses Face, Is MDR the Solution?
Digital expansion, remote work, and the proliferation of connected devices have extended the attack surface, making organizations attractive targets for cybercriminals. Although many businesses believe they are too small to be attacked, hackers often use them as a testing ground to hone their techniques before taking aim at larger, more lucrative targets.
How SecurityScorecard's Supply Chain Detection and Response Protects Financial Institutions
As financial institutions continue to expand their digital ecosystems, the growing reliance on third-party vendors and service providers introduces significant cyber risks. With a majority of data breaches linked to vulnerabilities in the supply chain, managing these risks has become a necessity.
Introducing GitGuardian's New Auto-ignore False Positive Playbook
We are proud to announce our new Auto-ignore false positive playbook. We've added this new automated Playbook to the GitGuardian Secret Detection platform to eliminate false positives from your incident queue and help you focus on actionable alerts. In the summer of 2024, we released FP remover, our internal machine learning model, that can significantly reduce false positives by understanding code context and semantics. In our testing it eliminates up to 80% of false positives.