Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Illegally obtained digital identities traded on Genesis Market increase by 250% in two years
New report uncovers the tactics used to steal and sell genuine digital fingerprints on the most popular deep web marketplace.
How Threat Intelligence Could Have Helped Prevent 2020's Cybersecurity Incidents
If anyone has benefitted from the pandemic, it has been cyber attackers. As businesses expanded their investment in cloud resources and other IT resources in response to the pandemic, cyberattacks also dramatically increased. Businesses reported 445 million cyberattack incidents in 2020, double the rate for 2019. It didn’t have to be this way. With stronger threat intelligence solutions in place, many of the security incidents of 2020 could likely have been averted.
How to prevent OWASP API Top 10 security vulnerabilities? API attack prevention
Broken object level authorization Broken user authentication Excessive data exposure Lack of resources and rate limiting Broken function level authorization Mass assignment Security misconfiguration Injection Improper assets management Insufficient logging and monitoring Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.
A hacker's approach to finding security bugs in open source software
Spencer Pearlman, Security Researcher at Detectify, presented A Hacker’s Approach to Finding Security Bugs in Open Source Software in a partnered webinar with friends at Debricked. Securing modern web applications takes new approaches, and this includes looking at it from a hacker’s perspective. Here are highlights from the presentation on how tech teams can apply the same hacker mindset to discover vulnerabilities in open-source software in their tech stack.
Developer Security Champions Rule the DevSecOps Revolution
DevSecOps has fundamentally changed the way in which organizations approach security in modern software development. The role of developer security champion was created to meet the need for security to be tightly integrated into DevOps and DevSecOps practices. Read on to learn more about what developer security champions are and how they help promote secure coding best practices as organizations work toward continuous integration and delivery.
Snyk IaC public beta introduces Terraform plan analysis
We’re happy to share new beta features of Snyk Infrastructure as Code (Snyk IaC) inside the Snyk CLI, adding support for Terraform plan scanning, plus performance and security improvements.
Kubernetes Quick Hits: Use SecurityContext to run containers with a read-only filesystem
In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. In less than four minutes, you’ll learn how to use the readOnlyRootFilesystem control to keep your containers immutable and safe from modification by hackers and misbehaving code. Snyk helps software-driven businesses develop fast and stay secure. In addition to container security scans, Snyk can continuously monitor to find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Shifting security left while building a Cloud Native bank
Building a digital bank requires a unique combination of agility and speed while maintaining the highest level of security. Lunar, a digital challenger bank in the Nordics, has always had technology and agility as a differentiator. Lunar was built for the cloud, with Cloud Native principles, such as microservices, containers, and container orchestration amongst others. In this presentation Kasper will present some insights into the principles on which the Lunar infrastructure was built on, the continuous focus on security, and how application security is shifting left and becoming a developer concern.
12 - Using the new Connect Web Services (1.5+)
The new Connect Web Service feature is available in 1.5.0 provides the ability to retrieve or update custom host properties defined in the App and potentially trigger any Forescout Action based on the value of these properties. Watch this video to gain a hands-on understanding of how to leverage this feature in your App.
A Real-World Look at AWS Best Practices: Root Accounts
Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.