Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Trustwave Threat Hunting Guide: Identifying PwnKit (CVE-2021-4034) Exploitation
The Trustwave Threat Hunting team has authored a practical guide to help the cybersecurity community address the Linux “polkit” Local Privilege Escalation vulnerability (CVE-2021-4034) by identifying common behavior in exploitation.
Trustwave Action Response: Polkit Privilege Escalation Vulnerability - PwnKit (CVE-2021-4034)
Trustwave security and engineering teams became aware of the vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) on January 25. We immediately investigated the vulnerability and potential exploits and continue to actively monitor the situation for our clients. Check your distribution for specific patches. As part of a strong patch management program, ensuring your infrastructure and applications are up to date is critical for mitigating cyber risk..
Dimensions and Measures
Learn how to start exploring the datasets in Advanced Analytics. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data-centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.
Netskope Threat Coverage: WhisperGate
A new destructive malware called WhisperGate was discovered in mid-January 2022 targeting Ukrainian organizations. This threat emerged during geopolitical conflicts in Ukraine, masquerading as ransomware. However, this malware has a more destructive nature: wiping files and corrupting disks to prevent the OS from loading. Ukraine has suffered other cyberattacks that seem to be connected to WhisperGate, such as the defacement of many websites connected to their governments.
Unifying AWS IAM Access Across Multiple AWS Accounts and Products
AWS Identity and Access Management (IAM) is a keystone to accessing AWS accounts, but as companies grow, it can be difficult to understand and standardize, especially across many AWS accounts. To put some personality into the challenges of managing identity for multiple AWS resources and accounts, I’ll start with a short story about a fictional company that you might recognize as similar to the one you work in today! ACME Net is growing fast.
Detecting CVE-2022-21907, an IIS HTTP Remote Code Execution vulnerability
In January 2022, Microsoft disclosed a remote code execution vulnerability for Internet Information Server (IIS) identified as CVE-2022-21907, which they have subsequently reported as wormable. Through Microsoft, Corelight Labs was able to review a proof of concept for an attack against the vulnerability. This blog presents an open source detection method that Corelight Labs is releasing to detect exploit attempts of CVE-2022-21907.
How to Reduce Risk and Secure Data With Security Service Edge (SSE)
There’s a new acronym in town: SSE, which stands for Security Service Edge. If this looks mighty similar to Secure Access Service Edge (SASE), it’s because they are closely related.
ICS Security: What It Is and Why It's a Challenge for Organizations
Industrial control systems (ICS) are specific kinds of assets and associated instrumentation that help to oversee industrial processes. According to the National Institute of Standards and Technology, there are three common types of ICS.