Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Operationalizing Attack Surface Protection
Introducing Remediation Planner and new workflow integrations.
WatchGuard: Top Security Threats Worldwide Q2 2023
Join WatchGuard CSO Corey Nachreiner and Director of Security Operations Marc Laliberte as they discuss key findings from the WatchGuard Threat Lab's Q2 2023 Internet Security Report. They'll cover the latest malware and network attack trends targeting small and midsized enterprises and defensive tips you can take back to your organization to stay ahead of modern threat actor tactics. In this webinar you'll learn.
Elastic: Capture the Flag Workshop
During this interactive virtual event you'll get hands-on with Elastic Security - competing against fellow security practitioners in the hunt for threats. Within a real attack scenario, participants will hone their security skills, interact with fellow practitioners, and experience how Elastic Security builds on the power of the Elastic Stack to enable hunt teams and SecOps to do their jobs faster and better.
Fortify data security with FIPS-compliant OpManager
In an era where data breaches and cyberthreats are a constant concern, ensuring the security of your network monitoring systems is paramount. The Federal Information Processing Standards (FIPS) compliance standard serves as a robust benchmark for data security. In this comprehensive blog, we’ll explore the importance of FIPS compliance and delve into how OpManager, leading network management software, adheres to these standards to bolster security for its users.
Ensuring vendor integrity: Why the cloud shouldn't be your only backup
As a senior consultant I deal with customers across numerous industries and maturity levels. I am often engaged in conducting risk assessments or gap analysis aligned with common frameworks such as the National Institute for Standards and Technology’s (NIST) Cybersecurity Framework (CSF). Most, if not all, the frameworks have a few controls that focus on the organization’s backup processes and disaster recovery plans.
Defending against DDoS Attacks: What you need to know
Patience is one of those time-dependent, and often situational circumstances we experience. Few things define relativity better than patience. Think of the impatience of people who have to wait ten minutes in a line at a gas station, yet the thought of waiting ten minutes for a perfectly brewed cup of coffee seems entirely reasonable. It can’t be about the cost, since even the smallest cup of coffee is equal to, if not more expensive than a gallon of gasoline.
Container Images - Code Source
Mend for GitHub.com Code Source provides a streamlined and highly effective approach to tracing vulnerabilities back to their source code in repositories. Mend’s proprietary labeling achieves this by adding the source repository URL and the Dockerfile path to your Dockerfile using OCI annotations, saving you time in researching risks detected on your built container images.
Cloudflare account permissions, how to use them, and best practices
In the dynamic landscape of modern web applications and organizations, access control is critical. Defining who can do what within your Cloudflare account ensures security and efficient workflow management.
MFA Defenses Fall Victim to New Phishing-As-A-Service Offerings
ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication. “In 2023, ‘in-the-middle’ techniques are some of the most frequently-observed methods used to gain access to MFA-secured networks,” the researchers write. “They enable threat actors to intercept or bypass MFA protocols by stealing communications without the victim’s knowledge.
Tools From Cybercrime Software Vendor W3LL Found to be Behind the Compromise of 56K Microsoft 365 Accounts
A new report uncovers the scope and sophistication found in just one cybercrime vendor’s business that has aided credential harvesting and impersonation attacks for the last 6 years. Normally when we talk about a Cybercrime-as-a-Service malware, toolset, or platform being behind a string of attacks, we rarely know anything more than the malicious tools that were used.