Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Coralogix - On-Demand Webinar: Achieving Scale and Compliance During a Global Expansion
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. With a hybrid environment of both single and multi-tenant infrastructures generating massive amounts of data, the team needed a powerful solution to centralize and manage their log data. In this session, Armis’s Head of DevInfra Roi Amitay discusses how his team leverages Coralogix’s unique capabilities together with custom-built dev tools to streamline the development and debugging of microservices on multiple EKS clusters.
Coralogix - On-Demand Webinar: Decoupling Streaming Data Pipelines at Scale
In this session, Harel Ben-Attia, Chief Architect at Coralogix shares the model we have implemented in order to create a resilient and scalable streaming data pipeline and how we had to rethink our entire approach to message processing from the ground up in order to achieve our goals.
CMMC Town Hall With Edward Spenceley, Bank of America | 2/16/22 | NeoSystems
NeoSystems CMMC Town Hall Series: Join NeoSystems’ Chief Information Security Officer, Ed Bassett, for our weekly CMMC Town Hall designed for the Defense Industrial Base and GovCon community. Each session features special guests and offers an opportunity for attendees to ask questions regarding CMMC and cybersecurity. Topics covered include CMMC compliance requirements, how to prepare for CMMC certification, and the latest updates from the CMMC AB.
Ep 6 Securing the digital supply chain featuring Prasad Ramakrishnan and Drew Daniels
In this episode of Securing the digital supply chain we talk with two extremely accomplished security thought leaders from the Bay Area - Prasad Ramakrishnan, who is currently the CIO of freshworks and Drew Daniels who is a seasoned security savant and currently a senior member of SVCI. Both our guests have storied pasts in many well known companies, from startups to IPOs. We discuss SDLC, how to create successful security programs, the ins and outs of software supply chain management and some easter egg nuggets for vendors on how to approach CIOs and CISOs!
A quarter of critical vulnerabilities exposed during penetration tests are not being remediated by businesses
Today, new research from cyber security specialist Bulletproof found the extent to which businesses are leaving themselves open to cyber attack. The research found that when tested, 28% of businesses had critical vulnerabilities - vulnerabilities that could be immediately exploited by cyber attacks. A quarter of businesses neglected to fix those critical vulnerabilities, even though penetration testing had highlighted them to the business after a retest was completed.
Step into the new year with organized and secure IAM
According to Business Insider, 80% of people give up on their new year resolutions within the first 30 days. Don’t let your business and IT security goals fall into this trend, too! We’re now in February, but there’s still plenty of time to salvage your new-year goals, both your IT security and personal ones. The secret to falling into that successful 20% is to chart your resolution with clear plans on how to achieve it.
CrowdStrike's Annual Threat Report Reveals Uptick Around Ransomware and Disruptive Operations; Exposes Evolution of eCrime Ecosystem
Report reveals adversaries adopt the use of "lock-and-leak" operations; identifies expanded targeting of Cloud Service Providers by Russia-nexus adversaries.
Best practices for securing Kubernetes applications
Cloud-based Kubernetes applications have become the standard for modernizing workloads, but their multi-layered design can easily create numerous entry points for unauthorized activity. To protect your applications from these threats, you need security controls at each layer of your Kubernetes infrastructure.
Sponsored Post
European Oil Hacks
Last week saw the European ports were hit by a cyberattack, authorities disclosed that this was a targeted attack against Belgium, Germany, and the Netherlands. These threat actors have hit multiple oil facilities in Belgium's ports, including Antwerp, which is the second biggest port in Europe after Rotterdam. Among the impacted port infrastructure, there is the Amsterdam-Rotterdam-Antwerp oil trading hub, along with the SEA-Tank Terminal in Antwerp.
Case study: Python RCE vulnerability in Celery
I conducted research based upon existing Python vulnerabilities and identified a common software pattern between them. By utilizing the power of our in-house static analysis engine, which also drives Snyk Code, our static application security testing (SAST) product, I was able to create custom rules and search across a large dataset of open source code, to identify other projects using the same pattern. This led to the discovery of a stored command injection vulnerability in Celery.