Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

opsdemon

Latest posts

Compliance Management Best Practices: When Will Excel Crush You?

When companies first determine they need a formal compliance program, many are unclear if they need a compliance tool to manage it. Many companies turn to Microsoft Excel as the compliance tool of choice when first undertaking a GRC program. This eBook covers where Excel makes sense and how to know when your program has outgrown Excel.

The Insider's Guide to Compliance: How To Get Compliant and Stay Agile

Compliance is a process and you need to understand the right steps to take at the right time. This eBook provides a roadmap for understanding where you fit on the compliance spectrum, how to measure trade offs between growth and compliance, and practical tips for dealing with auditors as you move through the compliance process.

How Mature Is Your Insider Threat Program

The Veriato Insider Threat Program Maturity Model report was created to help security professionals assess their ability to monitor, detect, and respond to insider threats. Join Insider Threat expert, Jim Henderson from Insider Threat Defense, Nick Cavalancia from Techvangelism and Cyber Security Expert, Patrick Knight as they discuss numerous results from the Insider Threat Maturity Report.

How to Create Incident Response Plan Steps for Data Breaches

An estimated 34 percent of companies have experienced data breaches in the last 12 months. With those odds, every organization should be prioritizing cyber security and cyber attack management. Take the time now to put together a data breach incident response plan utilizing these steps, so if your organization is affected, you’ll be able to respond as quickly and effectively as possible. Here are some key steps the plan you create should include.

Abuse MITM possible regardless of HTTPS

Almost ten years ago Firesheep made the news. Security people had known for years the danger of public WiFi-networks, but it was not until someone made a user-friendly Firefox extension out of the idea until it really got people’s attention. Since then a lot has happened to the web, so would something like that still be possible?

Detectify security updates for 29 November

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

November turns bad for Microsoft & Instagram!

Data breach is a major player when it comes to causing financial as well as reputational losses to a business. With the implementation of laws such as GDPR and a plethora of privacy debates going across the globe, unethical data collection or poor coding practices are the new players in the town. In the last two weeks, Microsoft and Instagram have been in the news – one for collecting MS Office user data while other for displaying passwords in the plain text.

S3 Security Is Flawed By Design

Amazon S3, one of the leading cloud storage solutions, is used by companies all over the world to power their IT operations. Over four years, UpGuard has detected thousands of S3-related data breaches caused by the incorrect configuration of S3 security settings. Jeff Barr, Chief Evangelist for Amazon Web Services recently announced public access settings for S3 buckets, a new feature designed to help AWS customers stop the epidemic of data breaches caused by incorrect S3 security settings.