Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Operation Power Off: 50 DDoS-services taken offline in international crackdown
Law enforcement agencies in the United States, UK, Netherlands, Poland, and Germany have brought down the most popular DDoS-for-hire services on the internet, responsible for tens of millions of attacks against websites. 50 of the world's biggest "booter" sites used to launch disruptive distributed denial-of-service attacks have been taken down as part of "Operation Power Off" - a joint action by the US Department of Justice, FBI, the UK's National Crime Agency, and their equivalents.
Snyk in 30: Open source security for Atlassian Bitbucket Cloud
In our latest Snyk in 30, Jason Lane (Director of Product Marketing) and I (Marco Morales, Partner Solutions Architect) showcased Snyk Open Source with a focus on our integration with Bitbucket Cloud. They covered why open source security is vital for modern app development, along with tips on taking a holistic approach to application security that goes beyond just shifting left.
Exploring the Spring Security authorization bypass (CVE-2022-31692)
In early November, a new authorization bypass vulnerability was found in Spring Security 5. Now, before we panic let’s look into this problem to see if you are vulnerable. Although the vulnerability is classified as high, there is only a specific set of use cases that are vulnerable. This means that not everyone is vulnerable, and I will show that in a second. Regardless, the advice is to upgrade to the newer version of the Spring Security.
Corelight Demo Data Now in Falcon LogScale Community Edition
At CrowdStrike, we’re always looking for new ways to share the power of CrowdStrike Falcon® LogScale, our log management and observability solution. The latest advancement to Falcon LogScale, previously known as Humio, is adding Corelight demo data to the Falcon LogScale Community Edition.
Getting IaC to work for DevSecOps
Prof. Avishai Wool, AlgoSec Co-Founder and CTO, provides his unique perspective on the value of IaC to DevSecOps and how it can anable organizations to deploy applications faster and avoid risky configuration mistakes early in the game.
Cybersquatting - Preventing, Detecting, and Responding To It
Cybersquatting, or domain squatting, is registering, trafficking in, or using an internet domain name solely with the bad faith intent of profiting from the goodwill generated by a trademark that belongs to someone else. It refers to a bad faith abusive registration of a domain name in violation of someone else’s trademark rights.
Security Awareness
Why is security awareness important when we have all of these appliances and software and hardware to protect us? Well, ultimately, attacks come down to a set of human eyes and a keyboard, and a mouse. And if a user is well educated and if they're trained well and they're astute, they can help prevent a security incident from ever happening or detect it.
Webinar: Introduction To Cloud Security & IAM Policy Configuration Level Review
Through this webinar, we aim to help enterprises & individuals understand about cloud security and I-AM policy can play a role to build safe and secure mobile apps that garner trust. It will help you to prevent sensitive data loss and infrastructure exposure, resulting in fraud, reputation damage, and regulatory penalties.
Are You Prepared for the Windows 10 Retirement?
The time is now to start accelerating the shift to Windows 11.
Elastic: From Noise to Signal: Enrichment and Routing with Cribl, Corelight and Elastic
Monitoring network traffic is essential to SecOps. Security teams need to streamline network detection, data routing, and analysis for faster incident response. Corelight, Cribl, and Elastic combine to provide a unique solution that transforms the noise of network traffic into effectively routed, optimised data. Join Corelight, Cribl, and Elastic for a webinar on Wednesday, January 25, where we'll walk through how our joint solution enables security teams to.