Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
CrowdStrike Uncovers New MacOS Browser Hijacking Campaign
The CrowdStrike Content Research team recently analyzed a MacOS targeted browser hijacking campaign that modifies the user’s browsing experience to deliver ads. Research began with a variant that uses a combination of known techniques to deliver, persist and sideload a Chrome extension. Analysis of the fake Chrome installer uncovered the use of more than 40 unique dropper files to install the extension.
Killnet: Analysis of Attacks from a Prominent Pro-Russian Hacktivist Group
In our new threat briefing report, Forescout’s Vedere Labs leverages a list of IP addresses known to be used by Killnet hacktivists during past attacks to study their TTPs when attacking a series of honeypots we control.
Brute-Force Attacks: How to Defend Against Them
When you hear the words “brute force," subtlety is probably not the first thing that comes to mind. Indeed, classic brute-force cyber attacks use the most straightforward tactics—trial and error—to gain entry into a protected system. When brute force works, the attack's type, depth, and severity depend on the attacker's goals.
GoodWill Ransomware? Or Just Another Jasmin Variant?
In March 2022, researchers spotted a new ransomware family named GoodWill, with a new method to collect the ransom. Instead of requesting payment through crypto coins like other threats such as Night Sky or Hive, GoodWill requests that its victims help vulnerable people by following a sequence of steps, such as donating clothes, feeding less fortunate children, or providing financial assistance to hospital patients.
Using Rego as a generic policy language
Policies have a vital role in every organization, but can mean a lot of different things depending on the context. For our purposes, a policy refers to the principles or ideas that an organization uses to make decisions. In this post, we’ll discuss Open Policy Agent (OPA) and its rule language, Rego, highlighting how we can use them to write a simple policy for a payroll microservice.
Developing Secure Software With Confidence
Software development and security often have separate challenges and concerns. Developers are worried about pushing software to production in a timely manner. Security teams worry about the security of the code being pushed. Veracode offers a solution that meets the needs of both sides. On Peerspot, where Veracode is ranked number one in application security, users discuss how Veracode enables them to build an advanced application security program.
Software Supply Chain Security for Open Source Projects - it's time to prepare!
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on? This raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be considered in this security strategy. In the recent past, we have also learned that attacks are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
CrowdStrike Falcon Prevents the Follina Zero-day Vulnerability
In this demo we'll see the Falcon Platform identify systems vulnerable to Follina in your organization, prevent an attack of this vulnerability and show threat hunting capabilities to identify any systems that may have been targeted.
Introduction to Teleport
Want to know how Teleport’s Access Plane technology replaces VPNs, shared credentials, and legacy privileged access management technologies, improving security and engineering productivity? Learn more about Teleport’s Certificate Authority and Access Plane for your infrastructure so you can: ➢ Set up single sign-on and have one place to access your SSH servers, Kubernetes, databases, Windows desktops, and web apps.➢ Use your favorite programming language to define access policies to your infrastructure.➢ Share and record interactive sessions across all environments.
Can Macs Get Ransomware? Examples + Prevention Strategies
Many of the most prolific ransomware attacks to hit the news, such as Wannacry and Petya in 2017, affected PC users only. The distinct absence of Apple computers in the long list of victims has many Mac users wondering if ransomware attacks are a cyber threat they need to worry about. Can ransomware affect Macs? Short answer: Yes. While rare, security researchers have noted examples of Mac-compatible ransomware variants.