Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Vulnerability vs. Threat vs. Risk vs... "Other"
In cybersecurity, three key terms are vulnerability, threat and risk. Often they’re tossed around interchangeably, but they have a specific relationship to one another..
OpenSSL CVE-2022-3602 and CVE-2022-3786 (Spooky SSL): What They Are and How to Mitigate Risk
On November 1, OpenSSL v3.0.7 was released, patching two new high-severity vulnerabilities: CVE-2022-3602 and CVE-2022-3786. The new vulnerabilities have been dubbed by the community as “Spooky SSL,” although the name is not recognized by the OpenSSL team. CVE-2022-3602 was originally discovered by a researcher known as Polar Bear, while CVE-2022-3786 was found during the analysis of the first vulnerability by Viktor Dukhovni.
Top Three User Priorities for Software Composition Analysis
The increased use of open-source software components in application development exposes companies to security vulnerabilities and liability related to software licensing. To mitigate these risks, software development organizations are turning to Software Composition Analysis (SCA) tools, which identify security and license compliance issues in code.
Methods of Social Engineering
What are some of the methods phishers use to compromise organizations? In this video, Nick goes over the common methods phishers use to gain information: Phishing is most insidious when it uses a combination of techniques. It can even overcome sophisticated security measures like Multifactor Authentication (MFA) – for example, if an attacker manages to steal a password through email, then calls the user pretending to be a technician asking them to approve an authenticator popup on their phone.
CrowdStrike: The Forrester Total Economic Impact of CrowdStrike Falcon LogScale
For years, organizations have struggled with the growing amount of log and events data being generated. At the same time, legacy log management platforms have placed technological or financial constraints on the amount of data they can reasonably collect, leading to potential blind spots across the IT environment. The Forrester Total Economic Impact™ (TEI) study, commissioned by CrowdStrike and conducted by Forrester Consulting, closely examines the quantified benefits, cost savings and ROI of Falcon LogScale, formerly known as Humio, a centralized log management and observability platform.
CloudCasa: Hybrid and Cross-Cloud Data Protection and Recovery for Kubernetes
How's your multi-cloud data protection and recovery strategy? If you currently use or plan to use one or more hosted Kubernetes services like Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS) or Google Kubernetes Engine (GKE), join this webinar to learn how integration with your AWS, Azure, or GCP cloud account enables integrated, hybrid and multi-cloud data protection and recovery.
Authorize your Datadog integrations with OAuth
OAuth is an authorization protocol that allows apps to securely request user data without requiring the user to enter their sensitive credentials (e.g., API keys, application keys, etc.). Datadog API-based data integrations now fully support OAuth.
API Scanning: How to Scan API Endpoints?
Your APIs are the digital face of your business. It helps to exchange your business-critical data. Do you know the point where the information is exchanged? The answer is API Endpoint. A crucial endpoint on API where the data exchange happens. While focusing on API protection, don’t ignore API endpoints. How to secure your API endpoint? API scanning can help you secure endpoints. It also optimizes it for better reliability and performance.
5 Biggest Supply Chain Attacks in 2022 (So Far)
Supply chain attacks have been on the rise in the last few years, rapidly becoming one of the most dangerous security threats. This article highlights some of the most noteworthy supply chain incidents observed in 2022.
TIPs to Measure your CTI Program
Nowadays, organizations are exposed to a high volume of security related information. Unfortunately, most of these organizations have little to no capabilities of using this information in a proactive manner, i.e. using information to try to change or anticipate an outcome. In other words, using information to produce intelligence products. It is safe to say that few of these organizations have a clear understanding of what Cyber Threat Intelligence (CTI) is and what it is not.