Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Lateral Movement with CrackMapExec: A Tutorial
CrackMapExec is an open-source tool that leverages Mimikatz to enable adversaries to harvest credentials and move laterally through an Active Directory environment. This blog post details how this tool works and offers a solution for defending against it.
How NTFS Alternate Data Streams Introduce Security Vulnerability
You may not be familiar with NTFS file streams, but you use them every day when you access files on any modern Windows system. This blog post explains this feature of NTFS ADS, shows how hackers can exploit file stream functionality in cyberattacks, and offers strategies for defending your organization.
Covenant C2 Framework: The Complete Tutorial
Covenant is one of the latest and greatest command and control (C2) post-exploitation frameworks. This post will walk you through the process of configuring Covenant and using it to execute payloads on compromised hosts. Note: This post demonstrates the capabilities of Covenant as of mid-September 2019.
Webinar: 2023 Security Predictions - 15 Dec 2022
Every year, the WatchGuard Threat Lab team likes to dust off the crystal ball and predict the way cyber threats and information security will evolve going forward. Though we base our forecasts on quantifiable trends we’ve seen in the past, we also take the opportunity to extrapolate the more futuristic and dystopian cyber outcomes that might occur if attackers were left unchecked. In the end, our goal is to share how defenders must adjust to ensure we avoid the worst outcomes.
How to Prepare for the Next Zero-Day Attack
Sudden, unexpected, and potentially very damaging. Zero-day attacks are the perfect storm for malicious actors and one of the worst-case scenarios for developers, security professionals, and DevOps teams. Yet it’s not all bad news for those charged with protecting your code, software, and applications, as long as you expect the unexpected and prepare for it. Building a fast, effective mitigation response for zero-day attacks starts with these three tactics.
Going Beyond Unit Testing | How to Uncover Blind Spots in your Java Code with Fuzzing
Check out fuzz.ci/cli to try out the tool for yourself! While most Java developers already use unit testing to test whether their application behaves as expected, complementary testing approaches such as fuzz testing enable them to also check their applications for unexpected or strange behaviors that could lead to crashes and make them vulnerable to Denial of Service (Dos) attacks or Zero-Day exploits.
Best practices for application security in cloud-native environments
Editor’s note: This is Part 3 of a five-part cloud security series that covers protecting an organization’s network perimeter, endpoints, application code, sensitive data, and service and user accounts from threats. In Parts 1 and 2 of this series, we discussed the importance of protecting the boundaries of networks in cloud environments and best practices for applying efficient security controls to endpoints.
The Benefits of Doing Regular Cyber Risk Assessments
When it comes to cyber security, there are a few benefits of doing regular cyber risk assessments. Read on for more information.
How 24/7 Security Monitoring Can Help Keep Your Network Online
If you want to keep your business network online, investing in 24/7 security monitoring is a great option. Here's what you need to know.
Latest Cyber Guidance for Retailers from NCSC
The National Cyber Security Centre (NCSC) recently published important cybersecurity guidance to help protect retailers, which comes right as the holiday shopping season is in full swing. Retail organizations are no strangers to cyber attacks. In fact, some recent large-scale retail industry cyber attacks have included popular brands such as Guess, Under Armour, CVS Health, Home Depot, and Target.