Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Top 12 client-side security threats
Today’s web applications are complex, often made up of a mix of existing software, open-source and third-party code, and custom JavaScript and HTML all integrated via application program interfaces (APIs). While web applications are hosted and maintained on an organization’s server, they actually run on an end user’s browser.
SSH into Docker Container or Use Docker Exec?
SSH has always been the default mechanism to get remote shell access into a running Unix or Linux operating system from a terminal client to execute commands. While SSH is familiar, Docker provides more lightweight and easier-to-use methods that don’t require running your container with an SSH server. This post will explore two methods to get shell access into a Docker container using OpenSSH and the docker exec command.
How to manage your company's IT security without stressing out
Responsible for keeping your business secure? We know it can feel like a daunting task. After all, the average business has multiple employees using different devices with varying amounts of technological expertise. A single team member might use just one app to stay productive, while another may use 1,000. And they could work in a company-owned location, like an office, or hundreds of places around the world, including their own home.
Weak password report reveals password reuse problem
Bruteforce and stolen credentials are prime reasons for a data breach. New data recently released shows that setting strong passwords might not be enough in an increasingly volatile cybersecurity landscape. Find out why you need to prioritize user password security.
Threat-Based Methodology: An Introduction
This three-part blog series will explore threat-based methodology and how it benefits every company with a network. The series leverages the analysis presented by the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office (PMO) in conjunction with the National Institute of Standards and Technology (NIST).
Identifying and Avoiding Malicious Packages
Securing your software supply chain is absolutely critical as attackers are getting more sophisticated in their ability to infect software at all stages of the development lifecycle. This webinar, hosted by JFrog Director of Threat Research Jonathan Sar Shalom, will be a technical showcase of the different types of malicious packages that are prevalent today in the PyPI (Python) and npm (Node.js) package repositories. All examples shown in the webinar will be based on real data and malicious packages that were identified and disclosed by the JFrog security research team.
Artifactory Integration - Plugin Upgrade
This is a short tutorial on migrating the WhiteSource JFrog Artifactory plugin from any version before 21.12.1 to version 21.12.1
Hello CISO - Episode 4: Employee Surveillance vs. Enterprise Security
How do you balance data collection at work with workers’ inalienable right to privacy? It's a fine line to walk, but if you always err on the side of employee privacy, it's hard to go wrong. In this episode of Hello CISO, Troy breaks down how to systematize that balance – and how to uncover the hidden costs of data collection. Hello CISO is a new series aimed at Chief Information Security Officers, IT security teams, and all other members of an organization responsible for maintaining the safety and integrity of the business and its operations.
Announcing Snyk free security for open source projects
Snyk announces expanded free offerings for open source project maintainers including unlimited scans across our platform and additional features. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
A Simple Guide to Getting CVEs Published
We were once newcomers to the security research field and one of the most annoying problems we ran across was how to get a CVE published. After all, what good is it to find a juicy vulnerability if you can’t get the word out to others? So, as a resource to help our fellow researchers, we decided to put together a CVE publishing guide based on our experience, and honestly a lot of good old trial and error.