Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Tripwire: Navigating the PCI DSS 4.0 Release
The Payment Card Industry Data Security Standard (PCI DSS) has tenure in the industry, with its first version created in 2004. PCI DSS was unique when introduced because of its prescriptive nature and its focus on protecting cardholder data. Cybersecurity is a changing landscape, and prescriptive standards must be updated to address those changes. The last update to PCI was in 2018, and the world has certainly changed since then.
Bridging The Needs Of Security And Development Teams, Veracode Unveils Next-generation Software Security Platform
Veracode announces its Continuous Software Security Platform, which seamlessly embeds application security into the software development lifecycle (SDLC). The platform streamlines workflows by bringing together development and security teams to provide a broad understanding of risk, remediation guidance, and progress at every stage of the development process.
Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack
Between February 27 and March 1, 2022, Docker Engine honeypots were observed to have been compromised in order to execute two different Docker images targeting Russian and Belarusian websites in a denial-of-service (DoS) attack. Both Docker images’ target lists overlap with domains reportedly shared by the Ukraine government-backed Ukraine IT Army (UIA). The UIA previously called its members to perform distributed denial-of-service (DDoS) attacks against Russian targets.
A Tripwire Milestone: ASPL - 1000 is here
When I joined nCircle as a security researcher in 2006, ASPL 117 had just been released. I missed the ASPL-100 release celebration, which included custom sweatshirts, but there was still one unclaimed shirt in the office and I brought it home, my first piece of company swag. That shirt still hangs in my closet all these years later.
3 Jedi-inspired lessons to level up your JavaScript security
You might think of Star Wars as a movie reserved for geeks, but what if I told you that there are deep life lessons that can be applied to developer security practices? Get your lightsaber ready and prepare to dive into JavaScript security! Star Wars is an epic space-based film series written and directed by George Lucas that often needs no introduction. I’m a fan myself, and personally relate to many of the quotes shared by Jedi Knights in the movie series.
New York Department of Financial Services Modernizes Regulatory Oversight through Establishing First-of-its-Kind Use Case with SecurityScorecard
New York DFS is working with SecurityScorecard to further support the department’s first-in-the-nation cybersecurity efforts to modernize its supervision process. The New York Department of Financial Services (DFS) is now working with SecurityScorecard to modernize its approach toward regulatory oversight.
Coffee Talk with SURGe! 2022-MAY-03 CISA Top Vulnerabilities, Mandiant Zero-Days, State of Security
Grab a cup of coffee and join Ryan Kovar, Audra Streetman, and Mick Baccio for another episode of Coffee Talk with SURGe. This week the team from Splunk discussed CISA's list of the top exploited vulnerabilities for 2021, Mandiant's analysis of 80 zero-days exploited in the wild last year, and signs the ransomware group REvil may be back in operation. Mick and Ryan competed in a 60 second charity countdown on how to solve the talent crisis in cybersecurity before taking a deep dive into the topic of zero-days and vulnerability mining.
CIS Control 7: Continuous Vulnerability Management
The Center for Internet Security (CIS) provides Critical Security Controls to help organizations improve cybersecurity. Control 7 addresses continuous vulnerability management (this topic was previously covered under CIS Control 3). Continuous vulnerability management is the process of identifying, prioritizing, documenting and remediating weak points in an IT environment.
CIS Control 6: Access Control Management
The Center for Internet Security (CIS) publishes Critical Security Controls that help organization improve cybersecurity. In version 8, Control 6 addresses access control management (in previous versions, this topic was covered by a combination of Control 4 and Control 14).
CIS Control 4: Secure Configuration of Enterprise Assets & Software
Maintaining secure configurations on all your IT assets is critical for cybersecurity, compliance and business continuity. Indeed, even a single configuration error can lead to security incidents and business disruptions. Control 4 of CIS Critical Security Controls version 8 details cyber defense best practices that can help you establish and maintain proper configurations for both software and hardware assets.