Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Hangin' with Haig: Conversations Beyond the Keyboard with Guest cyber threat hunter, Jessica O'Bryan
ThreatQuotient's Director of Alliances, Haig Colter, assumes the role of host in our series Hangin’ with Haig: Conversations Beyond the Keyboard. In our upcoming episode, we welcome Jessica O’Bryan, Cyber Threat Intelligence & Threat Hunt Development Lead for the Cyber Security Operations Center (CSOC) at Viasat. Haig will dive into Jessica’s journey in the cybersecurity industry and her love for rock climbing and surfing. In order to follow her passion for the outdoors and sports, Jessica has traveled throughout the west coast in a camper. Join us and listen in on Jessica's incredible adventures.
SecurityScorecard Finds Log4j Active Exploitation from Nation State Actors
There's little question that you've already heard about the recently discovered security flaw related to Log4j, a widely used Java library for logging error messages in applications. The vulnerability enables a threat actor to remotely execute commands via remote code execution (RCE) on nearly any machine using Log4j. But it's also important to cut through all of the noise to truly understand the implications of the Log4j and what organizations can do to combat it.
5 reasons to stop using your web browser password manager
Web browsers are indispensable tools for navigating the internet, but you should think twice before entrusting your secrets to them.
How do we solve a problem like Log4shell?
With the infamous Log4shell vulnerability spread far and without any direct fixes available yet, what do we do? Our panel of Java champions discuss the immediate reality, the near term solutions, and how the community can help itself and its members Speakers Host - Randall Degges | Head of Developer Relations & Community at Snyk Ana-Maria Mihalceanu | Developer Advocate Red Hat Martijn Verburg | Principal Engineering Group Manager (Java) at Microsoft
Log4Shell Deep Dive
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Snyk + Dynatrace workshop: Integrating for real-time vulnerability detection
Since 2019, Snyk and Dynatrace have partnered with a shared mission of securing the entire software development lifecycle (SDLC) and accelerating digital transformation. As many agile organizations migrate their workloads to the cloud, it’s tempting for teams to let security take a back-seat until all the pieces of the infrastructure puzzle are in place.
Happy holidays from 1Password
Forget hunting down the WiFi password, ‘tis the season to invite your loved ones to 1Password Families.
Arctic Wolf Cloud Detection and Response
Cloud Detection and Response protects you from key cloud threats like account and business email compromise, ransomware, suspicious resource usage, and phished credentials. Arctic Wolf's Concierge Security® Team continually reviews your cloud posture and works to harden your environment over time. The cloud has changed the way we work. Accelerate your cloud transformation and have confidence your business is secure with Arctic Wolf Cloud Detection and Response.
Arctic Wolf Releases Open Source Log4Shell Detection Script
After successful deployment to Arctic Wolf’s customer community of more than 2,300 organizations worldwide, today we are making “Log4Shell Deep Scan” publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.
December 2021 Patch Tuesday: AppX Installer Zero-day, Multiple Critical Vulnerabilities
It’s the last Patch Tuesday update of 2021, and as with many other updates this year, this month’s list includes important ones — among them a zero-day (CVE-2021-43890 in AppX installer), multiple critical vulnerabilities and a variety of attack types utilized in several Microsoft product families — highlighting once again that patching and prioritization are prominent programs SecOps staff must regularly implement to keep adversaries from infiltrating their organizations’