Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Trustwave: [APAC Briefing] Optimising your Cyber Response with a Cyber Mesh Architecture
Gartner predict by 2024, organisations adopting a cybersecurity mesh architecture to integrate security tools to work as a collaborative ecosystem will reduce the financial impact of individual security incidents by an average of 90%. (*) Attend this session to see how Trustwave can help optimise your existing Microsoft cybersecurity investment to give coverage across today's cyber frameworks, helping identify, protect against, detect and respond to cyber threats faster.
CloudCasa: Use Cases and Challenges for Kubernetes Cross-Cluster Migration of Data
There are many reasons for having multiple Kubernetes clusters, including: In this webinar we will review the uses cases for these different environments, and the challenges for moving persistent workloads between clusters, such as: Finally, we will review several tools or services for migrating, recovering or cloning workloads across clusters.
Elastic: Modernizing SIEM operations
When applied to security operations, legacy SIEMs restrict analysts by security use case, narrow their scope of work exclusively to security data, and prevent holistic data collection with restrictive licensing costs. Security teams need their SIEM to facilitate fast queries and investigative actions, automate detection and prevention, and streamline workflows - all with integrated cloud environments in mind. Can your current SIEM adapt to your upcoming business needs? Holistic visibility across data types is critical if analysts are to have an impact in defending the organization.
North Korean hackers taint PuTTY SSH client with malware
Mandiant has reported an instance in which a group of North Korean hackers tainted the PuTTY SSH client through a malicious ISO package.
Stealing User Passwords with Mimikatz DCSync
Mimikatz provides a variety of ways to , but one of the most alarming is the DCSync command. Using this command, an adversary can simulate the behavior of a domain controller and ask other domain controllers to replicate information — including user password data. In fact, attackers can get any account’s NTLM password hash or even its plaintext password, including the password of the KRBTGT account, which enables them to create Golden Tickets.
Using Active Directory's AdminCount Attribute to Find Privileged Accounts
Active Directory accounts with elevated privileges pose a serious security risk: They are a top target for attackers because they provide administrative access to systems and data, and they can also be misused by their owners, either deliberately or accidentally. Therefore, it’s critical for IT teams to keep close track of accounts with elevated permissions.
This Week in VulnDB
Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.
How analyzing employee behavior can improve your cybersecurity posture
Despite the ongoing rise in social engineering attacks, the idea that cybersecurity is only about technology manifests within most of our minds. Organizations often neglect human behavior's impact on their cybersecurity postures. Instead, they spend lavishly on endpoint security tools, threat hunting programs, and building incident response plans. Admittedly, these security measures are a crucial part of mitigating attacks.
How to protect an account that has been hijacked before you register it
Account takeover fraud is not new but it is growing fast. By 2018, account takeover fraud accounted for losses of around $4 billion. In 2021, this figure increased by more than 200%, and as of today, it is estimated to exceed $12 billion. A recent paper published by Microsoft has revealed a new and disturbing way of compromising accounts where hackers hijack accounts before users register them. For instance, they create an account in Zoom or Dropbox using the user's credentials.
Digital identity verification to top $40 billion in 2032 - What is new?
According to new data from Juniper Research, global spending on digital identity verification checks will rise from US$11.6 billion in 2022 to US$20.8 billion in 2027, and is expected to reach US$40 billion.