Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Vulnerability disclosure: Which comes first, the security bug in PHP or the CVE?
For security researchers, there is a series of hurdles in raising a potential vulnerability well before the issue itself is widely recognized. Convincing the project maintainers that there is an issue becomes the first hurdle, even with a working example. At times, there is a thin and fuzzy line to a vulnerable path being identified as a bug rather than a security vulnerability.
Common SAML vulnerabilities and how to remediate them
Security Assertion Markup Language (SAML) is an XML-based framework that plays a pivotal role in enabling secure identity and access management. It acts as a trusted intermediary between various entities in a digital ecosystem, such as identity providers, service providers, and users. The primary purpose of SAML is to facilitate single sign-on (SSO), a seamless and efficient authentication process where a user can access multiple applications and services using a single set of credentials.
The New Normal For Cybersecurity Practitioners
Former UBER CSO Joe Sullivan joined SecurityScorecard CEO Aleksandr Yampolskiy to discuss pressing topics on the mind of every CISO. Are we on the verge of entering the "Golden Era" of cybersecurity? SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.
The 443 Podcast - Episode 273 - Hacking the Crypto Supply Chain
This week on the podcast, we cover a supply chain attack against one of the largest hardware cryptocurrency wallet manufacturers. After that, we discuss the latest Apache Struts vulnerability under active exploit by threat actors. We end the episode with our thoughts on a research blog post about a set of threat actors using an old school attack against modern targets. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
Applying the Churchill Knowledge Audit to Cybersecurity
When FedEx founder Fred Smith attended Yale in the mid-1960s, he wrote an economics paper describing the concept of overnight delivery of packages by air. His professor infamously gave him a “C” grade because he viewed it as implausible. But Smith knew something his professor didn’t—and it was an idea that would change the way the business world worked forever. I bring this story up for two reasons. For one thing, I worked for FedEx and learned a lot from my time there.
What To Do if You Click on a Phishing Link
If you click on a phishing link you should immediately disconnect your device from the internet, scan your device using antivirus software and keep a lookout for suspicious activity and transactions on your online accounts. Continue reading to learn what a phishing link is, what could happen if you click on a phishing link and how to avoid clicking malicious links.
NIS2: Prepping your cybersecurity plan
If you are an organisation that operates or does business in the European Union (EU), then your team is likely preparing for the NIS2 Directive, an EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU and goes into effect on October 17, 2024. However, according to a survey by cybersecurity firm Sailpoint (and a Sumo Logic customer), only 34% of organisations in the UK, France, and Germany are prepared for NIS2.
ALPHV Site Taken Down by the FBI
On December 19, 2023, the FBI successfully dismantled one of the ALPHV/BlackCat ransomware sites. The customary FBI banner now adorns its main page, while the other sites associated with the cybercrime gang remain operational. This development may be linked to the recent 5-day disruption of the entire gang’s Darknet infrastructure.
14.7 Million Homeowners Exposed in Nationstar Mortgage/Mr. Cooper Event
We reported on Mr. Cooper—one of the nation’s largest mortgage providers—a month ago. Mr. Cooper was featured as they dealt with the throws of a cybersecurity event. The attack disrupted their networks and caused homeowners to avoid payment dues temporarily. Back then, the consequences of the attack were unclear. Subsequently, the public was left to speculate about the event’s impact. Preliminary investigations have concluded, and the impact figure is massive.
Passwords Suck! Going Passwordless With Passkeys, SSO and Biometrics
Passwords suck. We all hate creating passwords. We hate remembering them. They can be stolen. Billions of them are available on the Dark Web. Passkeys are more secure than passwords, however, passkeys stored with platforms like Google and Apple cannot be easily shared from one platform to another. This prevents teams from sharing access. Adrien Julienne from Keeper Security hosts Ricky White, Director of Technology and Operations at The Migus Group to learn how organizations can move to a passwordless future with passkeys, SSO and biometrics.