Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
What Is a Threat Actor?
A threat actor is an individual or group that purposefully exploits weaknesses in computer systems, networks, devices and individuals for their own benefit. There are many different types of threat actors, with each of them having their own motives and skill levels. Some types of threat actors include cybercriminals, insiders, hacktivists and nation-state threat actors. Continue reading to learn what threat actors do, the tactics they use and how to stay safe from them.
Mitigating DOM clobbering attacks in JavaScript
The Document Object Model (DOM) acts as an interface between HTML and JavaScript, bridging the gap between static content and dynamic interactivity. This function makes the DOM indispensable for modern web developers. However, the DOM has a pitfall — DOM clobbering. DOM clobbering occurs when HTML elements conflict with global JavaScript variables or functions, which can lead to unexpected behavior and a potential security loophole in your web application.
Find Security Flaws in Your Dart & Flutter Applications: Veracode Expands Mobile Application Security Support
Veracode recently released Static Analysis support for Dart 3 and Flutter 3.10. This makes it possible for developers to leverage the power of Dart and Flutter and deliver more secure mobile applications by finding and resolving security flaws earlier in the development lifecycle when they are fastest and least expensive to fix.
Ensuring Data Protection for Third Parties: Best Practices
When a company contracts or partners with a third party to handle and process its sensitive customer data, it is crucial for those third parties to use effective strategies to safeguard that data. Third parties should treat the data they handle from organizations as their own, complying with regulations and security requirements set by the organization.
The 443 Podcast - Episode 253 - What Is Same-Origin Policy? Replay
This week we look back to an episode that originally aired in May 2021 where we remember a Def Con legend then dive in to two web browsing security acronyms. Keep an eye out later this week as we come to you from this year's Black Hat and Def Con cybersecurity conferences! You can view more information on the CISA guidance as well as Blaze Lab's full blog post at the links below: The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
1.7 Million Oregon Health Users Lose Their Data to a PH Tech Breach
PH Tech is a specialized services company that works with health insurance companies providing some of their business and administrative services. The company employs 211 people and serves a variety of businesses throughout Oregon and other locations. Because this company manages insurance enrollment, various customer service tasks, and payment services, the organization handles a great deal of personal and medical data that could have been exposed during the latest data breach.
Top 5 Security Vulnerabilities of 2023
2023 is a year of “digital forest fires.” The MOVEit and the Barracuda Networks’ email supply chain attacks underscore the massive butterfly effect a single software flaw can have on the threat landscape. Supply chain attacks spread like a forest fire. Once cybercriminals compromise widely used software, attackers gain access to potentially all organizations that use that software.
Role Explosion: Rethinking Access Control
As the digital landscape expands, organizations are facing a complex challenge: managing access to an ever-growing number of resources, applications, and services. The traditional approach of using identity groups to handle access control is becoming increasingly untenable. So, let's explore the causes behind role explosion and discuss the need for a paradigm shift towards a more scalable and efficient access management strategy.
Neo_Net: Decoding the Reign of a Cybercrime Mastermind
Following research on a notorious cybercrime mastermind known as Neo_Net, Cyberint has unveiled the extent of the threat actor’s activities, who primarily targets Spanish and Chilean banks. The findings indicate that the mastermind’s crimes have now expanded into multiple countries and industries worldwide. Further analysis reveals that Neo_Net has not only focused on targeting Financial Applications through the creation of fake Android applications, but has also expanded its schemes.