Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Compliance Guide: Australia & its New Telco Regulation (2022)
Of the many lessons that can be learned from how the Optus data breach was handled, one stands out - Australia’s privacy laws are not equipped to support Aussie data breach victims. To change this, the Australian Government is amending its Telecommunications Regulations 2021 Act. APRA-regulated financial entities can now be involved in efforts to mitigate financial fraud following a data breach.
How to Avoid a Disaster Like the Optus Breach
The Optus data breach was the second-largest data breach in Australia. 9.8 million current and former Optus customers were impacted by the event, with 2.1 million suffering compromises of highly-sensitive government identification information, like driver’s license numbers and passport numbers. In other words, this single cybersecurity incident has placed almost half of the Australian population at risk of identity theft scams and financial fraud.
How Did the Optus Data Breach Happen?
The Optus data breach occurred through an unprotected and publically exposed API. This API didn’t require user authentication before facilitating a connection. A lack of an authentication policy meant anyone that discovered the API on the internet could connect to it without submitting a username or password.
6 Steps for Success with CI/CD Security Hardening
Rapid digitalization and increasing remote business operations place a significant burden on developers, who are continuously pressured to push out software faster. As a result, CI/CD security risks being overlooked, although it is an essential part of modern software development practice. While it accelerates product releases, CI/CD is vulnerable to cybersecurity issues such as corrupted code, security misconfiguration, and mismanagement of secrets.
How Falcon OverWatch Hunts for Out-of-Band Application Security Testing
CrowdStrike Falcon OverWatch™ threat hunters frequently uncover security testing activity in the course of routine hunting. While much of this activity can be confidently attributed to planned and sanctioned testing, OverWatch is always careful not to discount a threat on the basis that it looks like a test. Some of the more stealthy adversaries will attempt to evade detection by mimicking or using tools and techniques commonly used by security testers.
Pentesting as a Service for Web Applications
Penetration testing is an effective way to detect flaws in your application before they turn into a serious threat, helping you better understand the applications attack surface. But in the always-on economy there comes a problem - traditional pen testing delivery takes weeks to set up and the results are point in time, which leaves critical application vulnerabilities exposed longer than it should - given the average time for a threat actor to weaponize a new vulnerability is only 7 days.
Redscan: (AMER) Q3 2022 - Threat Landscape Briefing: Insider Threat Peaks to Its Highest Level Yet
Kroll saw insider threat peak to its highest level yet, with an almost 50% rise in volume compared with the second quarter of the year. Insider threat makes up part of the unauthorized access category, which saw an increase in popularity as a threat incident type from 24% in Q2 to 35% in Q3. Kroll also observed a number of malware infections via USBs in Q3, suggesting that wider external factors may encourageinsider threat, such as an increasingly fluid labor market and widespread economic turbulence.
Netacea launches bot intelligence service
Business Logic Intelligence Service will offer insight into bots based on Netacea's ongoing research into bot marketplaces and dark web chatter.
Sponsored Post
Linux security: How the third-most-used OS in the world has become the number one target of cyberattacks
If we were to ask a bunch of people to choose a computer, they would most likely go with a Windows or Mac machine. The possibility of them choosing a Linux machine is slim. This is directly reflected in recent desktop adoption trends as well. Linux accounts for only 2.14% of all desktop operating systems (OSs) while its counterparts, Windows and Mac, occupy about 75.23% and 15.86% respectively.
AT&T Cybersecurity Insights Report: Focus Energy and Utilities
As energy and utilities companies strive to use the edge to innovate new solutions for delivering more efficient and resilient services, cybersecurity risks to carrying out those business missions loom large. Ransomware attackers and other cybercriminals have increasingly found energy and utilities organizations a profitable target, lobbying high-profile attacks in the last few years that have threatened safety and uptime in the process.