Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Lazarus campaign TTPs and evolution
AT&T Alien Labs™ has observed new activity that has been attributed to the Lazarus adversary group potentially targeting engineering job candidates and/or employees in classified engineering roles within the U.S. and Europe. This assessment is based on malicious documents believed to have been delivered by Lazarus during the last few months (spring 2021). However, historical analysis shows the lures used in this campaign to be in line with others used to target these groups.
Tips and best practices for building secure container images
When you start scanning your container images, it can be disconcerting to discover that you have large numbers of vulnerabilities. Below is a scan I did last week on a vulnerable node image that I built. While a fairly extreme example, you can see that this image out of the box is showing as having over 800 vulnerabilities in it.
Learning application security by finding and fixing insecure code in OWASP NodeGoat
Wouldn't it be great if we, developers, learn about application security by training on purposely-built vulnerable applications rather than finding our mistakes in production? Yes, we think so too. In this session, we welcome Priscila Oliveira, Software Engineer at Sentry and core contributor of open source npm proxy project Verdaccio, to chat about her appsec experiences as developer, and learn together about secure coding practices, how to hack a live application, open source vulnerabilities and how to fix them.
Sumo Logic Named a Visionary in the 2021 Gartner Magic Quadrant for SIEM for the First Time
The Sumo Logic team is excited to announce that it has been named a Visionary in the Gartner 2021 Magic Quadrant for Security Information Event Management (SIEM). We believe our placement in the Visionary quadrant reflects the value and success our customers have realized by using our cloud-native security platform and the innovative ways in which it solves SIEM and modern security operations use cases.
Breaking Out of the NOC Box
When did you first see a network operations center (NOC)? For me, it was 1983 at BBN in Cambridge. With some whiteboards, a few terminals, and a handful of chairs, it was modest compared to ones I’ve seen since–but it was also the NOC for the whole internet at the time. Even then, that significance made it a pretty cool place.
What is Ransomware as a Service (RaaS)? The dangerous threat to world security
Ransomware attacks are on a steep upward trend and the gradient isn't softening its progression. In Q3 2020, ransomware attacks have increased globally by 40% to 199.7 million cases. In the U.S. alone, attacks have increased by 139% year-over-year, totaling 145.2 million cases in Q3 2020. The impetus to the sudden recent spike in ransomware attacks, was the dramatic shift from a linear attack model, to an insidious multi-dimensional Ransomware as a Service model.
Flexible Pricing to Address the Evolving MSP Business
As MSPs prepare for the shift to hybrid work environments, it is more important than ever to have the pricing and packaging model you and your customers need. The more options you have, the more competitive you can be in the market. It's critical that service providers find vendors the flexibility you need to scale your business.
Use the Jenkins Credentials Binding Plugin to Protect Your Veracode Credentials
In this video, you will learn how to: You can use the Jenkins Credentials Binding Plugin to hide your Veracode API credentials from the Jenkins interface and logs. You use the plugin to associate, or bind, your Veracode API credentials to environment variables and save them to the Jenkins credentials store. During a build, Jenkins uses the environment variables to secretly access your credentials. The Jenkins interface and logs only show the bound environment variables.
Protecting and Managing Microsoft 365 Data
Microsoft 365 provides tools to assist with compliance, but they don’t provide native backup and recovery - they recommend customers backup their data with third-party applications. Rubrik’s SaaS-based approach to data protection for Microsoft 365 ensures critical data is secured, easily discoverable, and always accessible.
Modernize and Automate Data Protection
Backup job scheduling doesn’t need to be time-consuming. With Rubrik’s policy-driven platform you can easily align SLAs with your business needs and eliminate the manual process—reducing time spent by 90%.