Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Four cybersecurity predictions for 2022
2021 has been another challenging year for businesses, not least because of the ongoing wave of cyberattacks. Everyone is hoping for some good news in 2022, but realistically, cybercrime slowing down won’t be on the agenda. Cybersecurity and avoiding the threat of data breaches is going to be front of mind for many going into next year. We’ve spoken to two members of our leadership team who’ve shared their thoughts on four trends we’re likely to encounter in 2022.
How to Find and Eliminate Blind Spots in the Cloud
Visibility in the cloud is an important but difficult problem to tackle. It differs among cloud providers, and each one has its own positive and negative aspects. This guide covers some of the logging and visibility options that Amazon Web Services (AWS) and Google Cloud Platform (GCP) offer, and highlights their blind spots and how to eliminate them.
Reduce Active Directory Security Risks
Since a majority of the breaches are credential based, securing your multi-directory identity store - Microsoft Active Directory (AD) and Azure AD - is critical to protecting your organization from adversaries launching ransomware and supply chain attacks. Your security and IAM teams are concerned about securing AD and maintaining AD hygiene - and they need to be in sync, for example, to ensure that legacy and deprecated protocols like NTLMv1 are not being used and that the right security controls are in place to prevent breaches in real time.
Log4j Vulnerability CVE-2021-45105: What You Need to Know
A third Log4j2 vulnerability was disclosed the night between Dec 17 and 18 by the Apache security team, and was given the ID of CVE-2021-45105. According to the security advisory, 2.16.0, which fixed the two previous vulnerabilities, is susceptible to a DoS attack caused by a Stack-Overflow in Context Lookups in the configuration file’s layout patterns. What is this CVE about? What can you do to fix it? How does it differ from the previous CVEs?
PHP Security 101 + 1
PHP is by far the most widely used server-side programming language. Security threats surrounding PHP applications have been in the news because PHP captures over 80% of the internet with over 10 million websites built. It’s no wonder that with such a massive usage, PHP is also one of the most targeted and exploited languages, as shown in the below statistics.
AuthPoint Risk Framework - Geofence Risk Policy
The geofence risk feature is available in WatchGuard Cloud and provides advanced risk-based authentication capabilities to customers and partners. Two key benefits include enhanced real-time incident management and limited exposure by configuring rules that block attempts from unauthorized geographies.
AuthPoint Risk Framework - Time Scheduled Policy
The time schedule risk policy enables you to specify the dates and times when authentication policies apply to user authentications. For example, you can configure a time schedule policy object if you want to allow authentication only during specified times, such as work hours.
CISO Interview Series: What Are Some of the Key Components to Succeeding as a CISO in Today's Business Environment?
The role of the modern CISO is more than understanding the technical side of the business. In fact, the role consists of even more than understanding the business side of the business. When I spoke with Ian Thornton-Trump, he was able to shed light on how important effective communication and team-building are to the overall success of a modern CISO. His insights can be valuable to any person currently in a CISO position and also to anyone looking to embark on the path to becoming a successful CISO.
What is Log4Shell (the Log4j vulnerability)?
Log4j, Log4j, Log4j. Let’s see you say that 10 times fast. If you can’t, then you may need to learn because Log4j is on the tips of everyone’s tongues right now. In fact, people are calling Log4j the biggest security breach since Tutar, Borat’s movie daughter, sneaked into The White House and had a lively face-to-face conversation with President Trump.
What is Log4Shell (the Log4j vulnerability)?
Log4j, Log4j, Log4j. Let’s see you say that 10 times fast. If you can’t, then you may need to learn because Log4j is on the tips of everyone’s tongues right now. In fact, people are calling Log4j the biggest security breach since Tutar, Borat’s movie daughter, sneaked into The White House and had a lively face-to-face conversation with President Trump.