Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
CrowdStrike's View on the New U.S. Policy for Artificial Intelligence
The major news in technology policy circles is this month’s release of the long-anticipated Executive Order (E.O.) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. While E.O.s govern policy areas within the direct control of the U.S. government’s Executive Branch, they are important broadly because they inform industry best practices and can even potentially inform subsequent laws and regulations in the U.S. and abroad.
More Than Security Ratings
It might be hard to remember, but around twenty years ago, Amazon was only known for one thing: selling books. But it’s grown up in the last two decades, encompassing multiple business verticals, and selling more than just books (especially convenient when you need garbage bags, a spatula, and holiday decorations all at the same time).
Finance Solutions Provider Systems East Suffers 200k+ Data Breach
Based in Central New York, Systems East, Inc., is a finance, billing, and payment solution for commercial software products. Their software options differ from other finance payment options by their cross-system elements. The Systems East software provides one tool to manage multiple accounts and tasks. Systems East’s local success may be short-lived, however, because they’ve suffered a data breach—a big one.
Decoding CVSS 4.0: Clarified Base Metrics
Since 2005, the Common Vulnerability Scoring System (CVSS) has been used to assess and communicate the severity of vulnerabilities in software. If you’re involved in cybersecurity, even if you’re not directly involved in managing vulnerabilities, you’ve probably come across CVSS designations like ‘critical’ or ‘high’ when referring to vulnerabilities in the industry.
How to choose the right XDR provider for your organization?
eXtended Detection and Response (XDR) technology has transformed the cybersecurity paradigm by enhancing visibility and threat detection, providing unprecedented response capabilities. It is a tool capable of monitoring the different security layers of a company, generating a single pane that unifies the detections produced in these layers.
Beyond PCI! Decoding the Essentials of Compliance Standards | ISO 27k and More | Razorthorn Security
Dive deep into the intricate world of compliance standards with our latest video, where we dissect the common misconception that a single standard, such as ISO 27k, is the be-all and end-all. In this eye-opening exploration, we debunk the myth that meeting PCI compliance requirements is the finish line. Discover why these standards are merely the foundation, not the complete story. Many find themselves entangled, thinking, "If I'm PCI Compliant, I'm done." Hold on – that's just the beginning!
Using RegEx for Threat Hunting (It's Not Gibberish, We Promise!)
Known as RegEx (or gibberish for the uninitiated), Regular Expressions is a compact language that allows security analysts to define a pattern in text. When working with ASCII data and trying to find something buried in a log, regex is invaluable. But writing regular expressions can be hard. There are lots of resources to assist you: “But stop,” you say, “Splunk uses fields! Why should I spend time learning Regular Expressions?”
How to perform basic digital forensics on a Windows computer
Digital forensics is a critical field in the investigation of cybercrimes, data breaches, and other digital incidents. As our reliance on computers continues to grow, the need for skilled digital forensics professionals is more crucial than ever. In this guide, we will explore the basics of performing digital forensics on a Windows computer, including key steps, tools, and techniques.
Unveiling LummaC2 stealer's novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection
The Malware-as-a-Service (MaaS) model, and its readily available scheme, remains to be the preferred method for emerging threat actors to carry out complex and lucrative cyberattacks. Information theft is a significant focus within the realm of MaaS, with a specialization in the acquisition and exfiltration of sensitive information from compromised devices, including login credentials, credit card details, and other valuable information.
What Is NIST SP 800-171 Compliance? A Guide to Protecting Your Sensitive Data
NIST SP 800-171 details requirements that all Department of Defense (DoD) contractors have been required to follow for years. The guidelines were updated in 2020, and Revision 3 was published in May 2023. Netwrix is ready to help organizations achieve, maintain and prove NIST 800-171 compliance. Below, we summarize its key requirements and share recommendations for getting started with the regulation.