Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Automated Software Supply Chain Attacks: Should You be Worried?
From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing malicious packages, the threat actor behind this campaign has taken things to a new scale.
Threat Update: CaddyWiper
As the conflict in Eastern Europe continues, the Splunk Threat Research Team (STRT) is constantly monitoring new developments, especially those related to destructive software. As we have showcased in previous releases in relation to destructive software and HermeticWiper, malicious actors modify their TTPs in order to become more effective and achieve their objectives.
Enhance your SOC's visibility on Microsoft platforms with LimaCharlie
This video is a recording of the LimaCharlie webinar hosted on March 31, 2002 titled: Enhance your SOC's visibility on Microsoft platforms with LimaCharlie.
BERT Embeddings: A Modern Machine-learning Approach for Detecting Malware from Command Lines (Part 2 of 2)
CrowdStrike data science researchers recently explored and experimented with the use of Bidirectional Encoder Representation from Transformers (BERT) for embedding command lines, focusing on anomaly detection, but without detailing the model itself. Diving deeper into that research, CrowdStrike researchers explain the reasons for using BERT for command line representation and how to train the model and assess its performance.
How Does Infrastructure as Code on AWS work?
Imagine having to manually provision and configure every device in a large corporation. Then visualize the upgrade process. How about patching? Then, picture ensuring conformity on every device. Next, add some enterprise-wide IT governance changes that must be implemented. The process would be daunting, to say the least, every time.
CI Fuzz Demo | Security Testing Made for Developers
Debug your software in a few clicks. Combine the advantages of both static and dynamic code analysis, with instrumented fuzz testing to ship secure software, and run automated security checks to achieve maximum code coverage without false positives.
Spring4shell - RCE in Spring Framework?
A critical remote code execution (RCE) vulnerability was identified March 30th, 2022 for the Spring Framework. Spring core, used by millions of systems to develop Java web applications quickly, is one of the Java world’s most popular open source Java frameworks. The RCE vulnerability, if successfully exploited could potentially allow an attacker to take control of a vulnerable system.
Boost Your Information Security to Meet ITAR Compliance
The U.S. Government requires all manufacturers, importers, exporters, and brokers of defence articles, defence services or related technical information to meet International Traffic in Arms Regulations (ITAR) compliance. Applying these regulations to your business and to those within the greater supply chain introduces additional costs, rigor, and complexity into your processes. This whitepaper introduces 5 essential checkpoints of ITAR and provides strategies to assist with compliance and cyber resilience.
Mind the gap: The state of secrets scanning in 2021
Consuming secrets is a cornerstone for connectivity between applications and infrastructure. Whether it be cloud identity-based secrets such as IAM role keys from AWS, or FTP accessibility credentials - secrets such as these are often discovered by malicious users. The common culprit is usually in a public space such as public repositories on GitHub. While it's easy to think "that will never happen to us", it only takes one misplaced key pushed to the wrong repository for your entire infrastructure, application, and databases to be compromised and exposed.
The DevOps Guide To Vulnerability Management Tools In 2021
Imagine you are in charge of maintaining data for some of the most secretive government offices and powerful business entities globally. You have a significant investment in your security apparatuses protecting that knowledge. For years you haven't had a single blip or incident to cause any suspicion. Then the unthinkable happens, and from a single weak point, your entire network is compromised by malicious code hidden in an innocuous update.