Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
State of IT 2024
2023 was a year of wild transformation, most notably with huge advances in the availability of AI technologies, persistent security threats, and economic uneasiness. But how will this affect IT professionals in the field in 2024? In this edition of the biannual SME IT Trends Report, JumpCloud surveyed 1200+ IT professionals across the U.S., U.K., and India for insights on how the industry is faring, how others working in IT are preparing for 2024, and quantitative data on IT budgets, OS usage, AI adoption, and more.
How to Modernize Your AD Instance
Whether you want to extend your Active Directory instance to support additional capabilities, need to prepare for an eventual migration without replacing your current implementation, or are ready to move away from AD completely, we've built a roadmap for you. Find your path to modernizing Active Directory by following along with the journeys of Tyrone, Kate, and Eric, fictional IT professionals navigating three different real-world situations where AD needs an update. Grab your copy for detailed insights on the different ways you can prepare your organization to modernize AD.
The Value of Continuous Threat Exposure Management in Securing the Evolving Attack Surface
In cybersecurity, current approaches don’t stay current for long. Organizations that fail to adapt accordingly often discover this fact at the cost of their secure network. This is particularly true in the face of complex and increasingly unpatchable attack surfaces and a corresponding reduction in the impact of automated remediation practices. Traditional security approaches are unable to fully address these challenges.
LESLIELOADER - Undocumented Loader Observed
Kroll observed the use of SPARKRAT in conjunction with a previously undocumented loader written in Golang. The loader assists in the initial infection and deployment of the malicious payload, enabling SPARKRAT to execute on a system. This process allows the payload to reach the target system undetected and unquarantined. The loader achieves its goal by decoding and decrypting a secondary payload binary, then injecting it into a notepad.exe instance.
ISO 27001 Audit Explained: Requirements, Key Steps, and Best Practices
Complying with International Organization for Standardization/International Electrotechnical Commission 27001 (ISO/IEC 27001) is crucial for ensuring robust cybersecurity practices within your organization and safeguarding your crucial assets.
PCI DSS Requirement 11 - Changes from v3.2.1 to v4.0 Explained
In the ever-evolving landscape of cybersecurity, staying updated with the latest standards and protocols is crucial. One such standard that has undergone significant changes is the Payment Card Industry Data Security Standard (PCI DSS) Requirement 11. This requirement, focused on the regular testing of security systems and networks, has seen notable updates in its transition from version 3.2.1 to version 4.0.
Dental DDoS? No. Cameras and Ransomware? Oh yeah.
We’re back again with a monthly-ish blog reflecting on major goings on in the security world. I am writing the first draft on the rarest of holidays, leap day1! February gets extended by a day every four years, and if we had to guess Ivanti wishes this month would end.
5 Steps to Building a Robust Cyber Resilience Framework
The reality of cybersecurity is simple – breaches will occur – and reactivity will always be the losing strategy. Having a cyber resilience framework shifts the focus from preventing attacks to ensuring readiness, mitigating impact, and driving a swift return to operations. With the average data breach costing millions – like it or not – cyber resilience is no longer optional. But how do we translate ‘cyber resilience’ into actionable steps? It starts with a framework.
CTI Roundup: Linux Servers Target of New Malware Campaign
New Linux malware campaign targets misconfigured servers, ransomware actors diversify their exfiltration tools, and Cado reveals its top cloud threat findings report for 2H23.
Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data
Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.