Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
How to Use SIEM Tools in the Modern World
In our highly connected world, organizations of all sizes need to be alert to the risk of cyberattacks. The genuine threats to today’s enterprises include data leaks, ransomware, and theft of commercial secrets or funds, with the potential for severe financial and reputational damage. Investing in tools to monitor your systems and alert you to suspicious activity as early as possible is vital for strengthening your security posture.
Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks
Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for developers, this article is not about the typical case of typosquatting or random malicious package. This article shares the findings of targeted attacks aimed at businesses and corporations that Snyk was able to detect and share the insights.
5 Common Ways You're Putting Your Company's Cybersecurity at Risk (and How to Do Better)
As the attack surface expands and cyber threats continue to evolve, most organizations make security awareness training a key part of their cybersecurity programs. Especially now with growing evidence that social engineering tactics reap big rewards for bad actors and cataclysmic outcomes for enterprises of every size. To wit, a study has found that 88% of all data breaches involve mistakes by employees.
Taking a Data-Driven Approach to SOC Operations
Today’s escalating threat landscape means that security operations teams face a multitude of challenges. This can make it challenging for them to keep pace with the sheer scale of threats, tactics and techniques that bad actors frequently use. When you consider recent ransomware attack statistics, it is easy to see that cybercrime has intensified, with a record-breaking number of threats of increasing severity taking place year-on-year.
6 cybersecurity must-haves for innovative public sector leaders
ThoughtLab’s newly released cybersecurity benchmark study revealed that cybersecurity is at a critical inflection point across industries.
Netwrix Password Policy Enforcer
Netwrix Password Policy Enforcer strengthens the security of your Microsoft Active Directory environment by enforcing the use of strong passwords. Easily strike the right balance between password security and user productivity for your organization.
Active Directory Security with Netwrix Solutions
Gain peace of mind by securing your Active Directory and Azure AD from end to end. Identify and mitigate security gaps before attackers exploit them. Detect, respond and recover fast from security incidents to minimize downtime and business impact. 95 million AD accounts are attacked every single day. The reason is simple: Active Directory is the gateway to your critical data, applications, and IT infrastructure. How can you protect your business?
Introducing our brand new (and free!) Calico Azure Course
Calico Open Source is an industry standard for container security and networking that offers high-performance cloud-native scalability and supports Kubernetes workloads, non-Kubernetes workloads, and legacy workloads. Created and maintained by Tigera, Calico Open Source offers a wide range of support for your choice of data plane whether it’s Windows, eBPF, Linux, or VPP. We’re excited to announce our new certification course for Azure, Certified Calico Operator: Azure Expert!
npm package hijacking through domain takeover - how bad is this "new" attack?
When relying on a 3rd-party package from a non-commercial entity, there is always the risk of lack of support, especially when it comes to outdated packages and versions. If the package stops being maintained, nobody will implement a new feature we might need or fix a newly-discovered security vulnerability. Consider, for example, CVE-2019-17571. A critical remote code vulnerability which was never fixed in Log4j 1.x, since it was not supported anymore, and only fixed in Log4j 2.x.