Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Important Updates on Spring4Shell Vulnerability
In December 2021, the cybersecurity industry was made aware of CVE-2021-44228, known as Log4Shell, a novel vulnerability in a commonly found software component called Java Log4j. Arctic Wolf extensively covered the Log4Shell vulnerability and gave updates as it got involved.
Proactive Compliance Verification for Network Security
Regulatory compliance can cost teams valuable time and money. Forward Enterprise's security posture verification can relieve this burden and prove that your network behavior conforms with corporate policy intent in real-time. In this demonstration, Technical Solutions Architect, Glen Turner shows us how operators can use Forward to prove the network meets PCI DSS regulatory requirements.
Detecting and Mitigating CVE-2022-22963: Spring4Shell RCE Vulnerability
Today, researchers found a new HIGH vulnerability on the famous Spring Cloud Function leading to remote code execution (RCE). The vulnerability CVE-2022-22963 would permit attackers to execute arbitrary code on the machine and compromise the entire host.
Fraud Prevention Strategy: Finding Weak Links in the Payment Transaction Cycle
This blog is a part of our new series 5 Strategies for Building Resilience to Financial Crimes and Cyber Attacks in 2022. In the last few years, we have all observed an increase in the sophistication of cyber-enabled attacks and financial crimes. This coincided with intensified focus on digital banking by financial institutions and increased volumes of online transactions.
How to Meet Third-party Risk Requirements in NIST 800-53
The National Institute of Standards and Technology (NIST) has responded to the increased prevalence of third-party risks by specifying industry standards for securing the supply chain attack surface - the attack surface most vulnerable to third-party risks.
Is there such a thing as Spring4Shell?
Very early in the morning on March 30th (for me), my colleague DeveloperSteve posted a “Hey, have you seen this?” message in our slack channel. It was an “advance warning” of a “probable” remote code execution (RCE) in the massively popular Java Spring framework. I would come to find out that even earlier than that, the Snyk Security team started investigation a potential RCE in Spring after seeing a tweet that has since been deleted.
What Is Client-Side Security and Why Is It Important for Your Business?
You can’t open a newspaper today without reading about another cyberattack or data breach—with web applications accounting for a fair share of the reporting. Web application vulnerabilities, poor infrastructure configurations, and inadequate security controls make these web-based targets a prime focus for attackers. That’s why organizations need to make sure they’ve implemented front-end or “client-side security” as well as server-side or back-end security.
CloudFlow: Application Centric Risk Analysis And Remediation Using Tags
In addition to the ability to filter risks for cloud types, accounts and regions, you can now focus your risk analysis and remediation on specific categories of risks identified by tags (key/value combinations) applied to the cloud platform assets. Customers can leverage this capability to focus on analyzing and remediating risks related to specific applications.
What is Data Encryption and Why It's Recommended for Really Safe Online Security
Encryption has come a long, long way over the last few years. Something once reserved only for militaries and governments, encryption has been made super accessible and has become standard practice in the tech industry. Whether it’s texts, photos, or word docs - it can, and should, be encrypted. Put simply, encryption scrambles any file sent or stored online into unreadable nonsense that can only be translated (or decrypted) by a user with a key.
Vonahi Interview with Jenny
Watch our founder provide a quick interview exclusively for the Jenny platform by DecipherCyber.