Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
opsdemon
Latest posts
Novel Exploit Chain Enables Windows UAC Bypass: Understanding CVE-2024-6769
Researchers have uncovered a new vulnerability, tracked as CVE-2024-6769, which enables attackers to bypass Windows User Access Control (UAC) and elevate their privileges to gain full system control without triggering any alerts. This exploit, affecting Microsoft’s Windows platform, has sparked debate about whether UAC truly acts as a security boundary. While Microsoft does not classify this as a vulnerability, security experts warn organizations to be vigilant about the risks involved.
WatchGuard MDR for MSPs
Why settle for reactive security when you can have Managed Detection & Response (MDR) for proactive threat hunting and rapid response? Stay protected.
Infostealer Threat Group "Marko Polo" Evolving Into an "Empire"
New research by Recorded Future provides insight into how advanced and sophisticated the threat group Marko Polo has become since launching in 2022. Marko Polo is of particular interest due to their rapid progress in advancing their operations.
The Essential Role of CIEM: Stopping Multi-Cloud Identity-based Threats
Enterprises are increasingly adopting multi-cloud environments to take advantage of the flexibility and scalability of different cloud platforms. However, this shift has also introduced a major security challenge: the rise of identity-based threats. With 82% of data breaches now involving cloud-stored data, securing cloud identities has become a critical need. The complexity of managing identities and permissions across multiple cloud platforms only amplifies the risks.
Battling Imposter Syndrome in Cybersecurity: A Personal Journey | Razorthorn Security
Lisa Ventura shares her personal struggle with imposter syndrome and how it almost held her back from launching a cybersecurity association. Learn about her journey in overcoming self-doubt and raising awareness through an annual imposter syndrome day.
The critical risk in DORA financial regulations
Supply chain attacks are a growing concern, particularly within the financial sector, with attackers increasingly using key technology suppliers as a ‘jumpbox’ to pivot into their intended target organisation. Last year’s MOVEit breach for instance saw a single ICT supplier ultimately cause ~2,356 organisations to be compromised, with primary victims predominantly in the financial sector.
Assessing and Prioritizing Risk in Your Infrastructure
There are lots of hurdles to jump when trying to set up and maintain a SIEM. Preparing infrastructure and installing the software components, getting logs ingested into the system, parsing and normalizing those log messages properly, configuring alerts for detection, etc. These are all large tasks that require thoughtful planning and a lot of work to get right. But let’s say you’ve managed to clear all those hurdles…in that case, great job!!
Empower Development Teams to Own the Security of Their Services with Jit Teams
When it comes to securing applications in the cloud, the challenge isn’t detecting potential security issues. There are hundreds of application security tools and cloud security tools that are capable of surfacing code flaws and security misconfigurations that could lead to vulnerabilities. The real challenge is empowering development teams to adopt these tools to consistently improve the security posture of their services.
What is Operational Technology Security? #cybersecurityawarenessmonth
Payton the the Forescout Intern gives a high level explanation of Operational Technology (OT) Security and how it impacts the world.