Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Analyzing Play and LockBit: The Top Ransomware Threats Facing Retailers
This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs team on major threat actor groups currently operating globally. Retailer databases are chock-full of information that makes them highly attractive targets for ransomware gangs, as highlighted by Trustwave SpiderLabs in its recent 2024 Trustwave Risk Radar Report: Retail Sector.
Attackers Abuse DocuSign to Send Phony Invoices
Threat actors are abusing DocuSign’s API to send phony invoices that appear “strikingly authentic,” according to researchers at Wallarm. “Unlike traditional phishing scams that rely on deceptively crafted emails and malicious links, these incidents use genuine DocuSign accounts and templates to impersonate reputable companies, catching users and security tools off guard,” Wallarm says.
Phishing Campaign Impersonates OpenAI To Collect Financial Data
Cybercriminals are impersonating OpenAI in a widespread phishing campaign designed to trick users into handing over financial information. The emails inform users that a payment for their ChatGPT subscription was declined, inviting them to click a link in order to update their payment method. The phishing emails appear fairly convincing, but trained users could spot some red flags. The most obvious giveaway is that the emails were sent from “info@mtacom,” which is clearly unrelated to OpenAI.
How to comply with PCI DSS 4's Req 6.4.3 and 11.6.1 in 4 minutes or less?
Being PCI DSS 4 compliant is crucial for e-commerce merchants—businesses that accept credit card payments on their websites and web applications. The new PCI DSS requirements (6.4.3 and 11.6.1) are designed to strengthen payment page security, and if you’re processing online payments, you’re likely required to comply. Compliance helps protect your customers’ sensitive payment information while ensuring the integrity and security of your payment process.
Weekly Cyber Security News 07/11/2024
Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Could turn nasty: Does anyone pay any attention to DocuSign random emails? I suppose if you did, you could have nasty surprise: It was bad enough with robo vacs spying but your trusty air fryer now?
Prevent Security Breaches in Self-Hosted Environments with GitGuardian's Custom Host for Validity Checks
Stop chasing false positives in your self-hosted instances. With GitGuardian's custom host for validity checks, security teams get real-time insights to prioritize active threats, reduce noise, and prevent costly breaches.
Mastering Classified Systems Artifact Distribution to the Tactical Edge
This JFrog webinar, hosted by our Public Sector partner Carahsoft, focused on automating the secure distribution of critical digital artifacts in air-gapped networks. For agencies, ensuring the integrity of these artifacts at the edge is paramount. Real-time access to mission-critical software for warfighters is essential, and timely software updates boost operational readiness and capabilities. Leveraging JFrog's latest tools, this approach significantly enhances operational capabilities for public sector agencies.
The Howler Episode 14: Jeff Green, Senior Vice President, R&D
This month we sit down with Jeff Green, Senior Vice President of R&D, as he shares his experience helping open our brand-new India office, leadership advice he swears by, and more! Jeff is an industry veteran with over 30 years of experience in building world-class products and technologies for enterprises and consumers primarily focused in security. Currently as Senior Vice President of R&D, Jeff leads Arctic Wolf’s global research and engineering organization with a focus on delivering security outcomes for customers and ending cyber risk at high scale.
The Global Effort to Maintain Supply Chain Security | Part Two
A well-run kitchen requires a fully stocked pantry and a clear understanding of what’s on hand. In cybersecurity, your pantry is your asset inventory—every server, every piece of software, and even those firmware components lurking in the background. You wouldn’t want to cook without knowing exactly what ingredients are available, and you don’t want to secure your supply chain without knowing what’s in your digital inventory.
CVE-2024-42509, CVE-2024-47460: Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points
On November 5, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing two critical-severity vulnerabilities affecting Aruba Networks Access Points. These vulnerabilities, identified as CVE-2024-42509 and CVE-2024-47460, could allow unauthenticated command injection.