Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
AI-Driven Cloud Detection Engineering: Turning Security Telemetry Into Action
Amal Mammadov is a cloud security practitioner and detection engineering specialist whose work sits at the intersection of threat intelligence, cloud-native architecture, and security operations. In this interview, he outlines why most organisations are losing ground despite heavy security investments and what it actually takes to build detection programmes that produce outcomes.
Tripwire: Tackling the CIS: One Control at a Time
The Center for Internet Security (CIS) Critical Security Controls (CSC) are a trusted source of truth in the cybersecurity community. Many organizations implement the CIS CSC framework to ensure their cybersecurity programs are functioning at peak effectiveness.
Netwrix: How to Protect Your Organisation from Common AD Vulnerabilities
In our first session, we will explore the key strategies for mitigating risks and vulnerabilities. Vincent Le Toux, AD Security Evangelist & Product Owner for Netwrix PingCastle, will show how you can audit your environment to identify common risks in your AD security posture that enable attacks, like the ones mentioned in the Detecting and Mitigating Active Directory Compromises guide.
Netwrix: A Deep Dive into Common AD Attacks: Tactics, Detection and Prevention
In our first session, we will explore the key strategies for mitigating risks and vulnerabilities. Vincent Le Toux, AD Security Evangelist & Product Owner for Netwrix PingCastle, will show how you can audit your environment to identify common risks in your AD security posture that enable attacks, like the ones mentioned in the Detecting and Mitigating Active Directory Compromises guide.
Cyberint: Demonstrating Cyber Success: How To Report Success & Value To Executive Stakeholders
First, CISOs and other leaders often struggle to demonstrate the value and success of a cyber program. After all, when a cyber program is effective, nothing happens - no breaches, no ransomware attacks, no major incidents that must be reported to regulators and customers. It's really a case of no news is good news. A second challenge is measuring and reporting on cyber risk. Risk is ultimately a subjective topic with many dimensions and it can be hard to accurately quantify an organization's level of cyber risk. It's also difficult to translate a reduction in risk to dollars and cents.
Snyk Acquires Developer-First DAST Provider Probely
Company Now Covers API Security Testing Crucial for Modern AI Development.
One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024
One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine's Annual InfoSec Awards during CyberDefenseCon 2024.
Stored XSS Vulnerability in bodi0's Easy Cache Plugin
Product Name: bodi0’s Easy Cache Vulnerability: Stored XSS Vulnerable Version: Will be disclosed soon CVE: Will be disclosed soon On September 16, 2024, the team of pentesters at Astra Security found a stored Cross-Site Scripting or XSS in bodi0’s Easy Cache plugin. It is a plugin designed for WordPress that helps optimize the caching functionality, thus allowing enhanced page loading and reducing the server load.
ARMO selected by Orange Business to Secure its Managed Kubernetes Services
We’re honored to share a new partnership with Orange Business (Norway), a global leader in digital services. ARMO was selected to secure Orange Business’ new Managed Kubernetes Service (MKS) with ARMO’s advanced runtime-driven cloud security platform. This collaboration marks a significant milestone in delivering robust security solutions for on-premises Kubernetes environments for Orange Business.
Nation-State Threat Actors Rely on Social Engineering First
A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique. In the second and third quarters of 2024, state-sponsored APTs from China, Russia, Iran, and North Korea used social engineering attacks to compromise their targets. Iranian threat actors continued conducting cyber espionage against countries across the Middle East, Europe, and the US. They also expanded their targeting to hit financial companies in Africa.