Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Detecting and mitigating CVE-2021-4034: "Pwnkit" local privilege escalation
A new advisory from Qualys discloses a local privilege escalation bug in SUID-set program ‘pkexec’. The flaw has been designated the CVE ID of CVE-2021-4034 and nicknamed “pwnkit” by the vulnerability finders. The CVSSv3 base score is calculated to be a high 7.8 out of 10.0. The vulnerable program is a part of Polkit, which manages process privileges.
Weekly Cyber Security News 28/01/2022
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Last week’s attack on Crypto.com did in fact lead to lost currency….
Protecting Mobile Point of Sale and Financial Apps From Cyber Breaches
Learn how the Lookout App Defense Solution is protecting leading mPOS providers, mobile banking, and finance/fintech apps from cyber threats.
RFDiscussion #3 - AWS IAM Join Tokens
Deep dive into how Teleport uses a new IAM join method to makes it easier to enroll a fleet of servers into Teleport.
How Data Privacy Has Evolved in the Age of the Breach
As Data Privacy Day once again rolls around, we can look back at some healthy improvements when it comes to privacy that organizations made over the previous 12 months. We can also use this yearly reminder on such an important topic to look forward to the coming year to pinpoint where additional changes are needed.
What a Modern Privileged Access Management (PAM) Solution for Cloud-Native Applications Looks Like
Privileged Access Management (PAM) is a go-to solution to prevent privilege misuse and insider threats, and limit malware propagation. After all, properly protecting and monitoring the keys to the kingdom is always a good practice. Privileged Access Management has been even more critical in recent times. With the advent of the cloud where infrastructure is provisioned with a single API call and authenticated with a single API key, the risk of someone misusing these credentials is far higher.
How to Scale Your Vendor Risk Management Program in 2022
As cybersecurity regulations continue to tighten their grip on vendor security, a greater weight of responsibility is expected to fall on Third-Party Risk Management Programs. So if you're currently struggling to keep up with your vendor security due diligence, your workflow congestion will only worsen if a scalable and streamline vendor risk management program isn't achieved.
Managing API Specifications in the Veracode Platform
In this video, you will learn how to upload, update, and delete API specifications using the API Specification Management tab in the Veracode Platform. This tab is a feature of Dynamic Analysis API Scanning.
The Security Playbook for Remote-first Organizations
The sudden shift to remote work in 2020 exposed companies to a variety of new security challenges that haven’t gone away. Review the seven most crucial areas of security for emerging remote-first organizations. Continue reading below or feel free to download a copy of this playbook. We’ll also include our free Post-COVID Security Checklist as a reference you can keep in your back pocket.
How OpenBullet is used and abused by cybercriminals
OpenBullet is a testing suite of software allowing users to perform requests on a target web application. The open source tool can be found on GitHub and is used by businesses for various legitimate purposes including scraping and parsing data and automated penetration testing. Although designed to aid security professionals, in the wrong hands OpenBullet can be abused for the opposite purpose.