Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
How to Find Sensitive Data in Jira and Confluence Before Migration
In Part 1 of this series, we covered the hidden costs of migrating without cleanup, user bloat inflating your Cloud license bill, and sensitive data creating compliance exposure the moment it leaves your firewall. If you haven't read it yet, start there for the full picture of what's at stake financially and operationally. This post picks up where that one left off. You know cleanup matters.
Microsoft 365 posture gaps are attack paths MSPs need to close now
Author: Umair Ahmed, Product Marketing Manager, Security Microsoft 365 attacks do not always start with a dramatic zero-day. Many begin with something simpler: a stolen password, a malicious Office file, a user approving the wrong application, or a tenant setting that was left too permissive. For an MSP technician, the urgent question is: Even if Microsoft patched the vulnerabilities inside the platform, are my tenant configurations still exposing my clients to risk?
How to Set Up 2FA for Jira Service Management Portal Customers | miniOrange
Looking to enforce Two-Factor Authentication (2FA) for your JSM portal-only customers? In this video, we walk you through the complete setup of 2FA settings using the miniOrange Cloud 2FA app for Jira Service Management (JSM), covering admin configuration, customer management, and the end customer enrollment flow. What you will learn in this video Timestamps Enforcing Two-Factor Authentication on your JSM portal with miniOrange helps organizations.
Active Directory Login for WordPress: The Complete Beginner's Guide
You’ve set up a WordPress portal for your organization. It could be used for project updates, employee resources, or internal documentation. Everything works fine until you realize each employee now has one more username and password to remember just for WordPress. People forget their logins, reuse weak passwords, or share accounts to save time. IT ends up buried under reset requests, and security takes a hit.
How Keeper Forcefield Protects Against Microsoft Edge's Password Vulnerability
New research shows Microsoft Edge loads all saved passwords into memory in plain text, and Keeper Forcefield is built to protect against exactly this kind of vulnerability. A security researcher recently published a working tool called EdgeSavedPasswordsDumper that extracts credentials stored in Edge directly from the browser’s parent process memory. There is no exploit needed, just sufficient system privileges.
Security metamorphosis: a Mythos-ready architecture checklist for autonomous AI attacks
The Anthropic Glasswing initiative brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks as launch partners. You can find a lot of posts and reactions on social media as it is definitely a big deal that Anthropic is keeping their Mythos Preview model out of general access.
OverWatch for Defender
Standardized on Microsoft Defender but want the power of CrowdStrike’s elite threat hunters? Now you can have both Meet CrowdStrike Falcon OverWatch for Defender: 24/7 threat hunting focused on what automation misses Real-time detection and response to sophisticated threats Deeper visibility without changing your existing deployment You keep Defender. You gain a team hunting for the activity hiding in plain sight.
The Terrorist Designation: A New Red Line for Ransomware with Cynthia Kaiser
In this episode, host Caleb Tolin explores the battlefield of enterprise defense, which has moved from simple data theft to ultra heinous crimes that put patient outcomes at risk. Guest Cynthia Kaiser shares Battlefield Stories from her time at the FBI and her current work as SVP of the Ransomware Research Center at Halcyon (@halcyonsecurity ) illustrating how the industrialization of cybercrime has reached a tipping point. They dive into the alarming reality of modern dwell times, specifically looking at how groups like Akira move from initial access to full encryption in as little as one hour.
Close Defensive Gaps Before AI Attacks Exploit Them
The speed of AI-powered attacks is mind-numbing. CrowdStrike found that average eCrime breakout time fell to 29 minutes, with the fastest recorded breakout at 27 seconds. Armadin showed an LLM-driven NTLM relay attack completing in under three minutes, then roughly 1.5 minutes with BloodHound MCP context.
Building a Future-Proof Cloud Strategy Without VMware
For two decades, VMware was the default answer for virtualization. It worked, it was well supported, and the commercial terms were predictable enough that infrastructure strategy could largely ignore the underlying platform and focus on workloads. Broadcom’s acquisition ended that. Perpetual licences are gone. Product catalogues have collapsed from 168 offerings into four mandatory bundles. Per-core minimums have created fixed costs for capacity many organisations don’t use.