Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Detectify security updates for January 11
Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.
Understanding JusPay Data Breach
Juspay, an Indian payment service provider, which processes transactions for giants like Amazon, MakeMyTrip, Airtel, Flipkart, Uber and Swiggy suffered from a data breach resulting in 3.5 crore records of customer data being compromised. The data dump contains sensitive information including the card’s merchant brand, expiry date, the first six and last four digits, user name, email IDs and phone numbers. This data can be put together and used for phishing scams.
OWASP Top 10: Injection Security Vulnerability Practical Overview
OWASP A1 (Injection) covers diversified injection vulnerabilities and security flaws including SQL and NoSQL injections, OS command injection and LDAP query manipulations.
Improve Your Security Posture By Focusing on Velocity, Visibility, and Vectors
In the wake of the widely publicized FireEye breach and the alarming SolarWinds supply chain attack, this presents an ideal opportunity for reflection on the broader shift taking place across the world—the transition from legacy on-prem infrastructures to the cloud.
Veracode Wins Best AppSec Feature Set and Customer Support Awards From TrustRadius
TrustRadius recently awarded Veracode with a 2021 Best Application Security Feature Set Award and Best Application Security Customer Support Award. These honors are given to companies that have gone above and beyond to delight their users. To win the Best Feature Set Award, each nominated organization had to receive 10 TrustRadius reviews in the past year that featured specific mention of their product’s feature set.
Ransomware Gangs Scavenge for Sensitive Data by Targeting Top Executives
In their attempt to extort as much money as quickly as possible out of companies, ransomware gangs know some effective techniques to get the full attention of a firm’s management team. And one of them is to specifically target the sensitive information stored on the computers used by a company’s top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom.
Steps for PCI DSS Gap Analysis
Complying with Standards drawn by the Payment Card Industry Security Standards Council can be complicated and time-consuming. But, with a PCI DSS Gap Analysis, the process becomes a lot easier, streamlined, and less exhaustive. PCI Gap Analysis is the first step towards the Compliance process. The assessment provides details on your current security posture against what is expected and needs to be achieved by the organization.
The Biggest Cyber Attacks and Tips to Build Cyber Resilience
A Q3 Report by Risk Based Security on data breaches in 2020 showed that by the end of Q2, 2020 was already considered as the worst year in terms of data exposed. To add a cherry on the top, in Q3, a total of six breaches together accounted for approximately 8 billion exposed records. The pandemic further made the health sector most vulnerable to data breaches. No surprises there!
Yes, Virginia, There is a -Santa Claus- Way to Detect Unemployment Fraud
Fraud rates for Unemployment Insurance Benefits (UIB) and Pandemic Unemployment Assistance (PUA) are out of control. In May 2020, Brian Krebs of Krebsonsecurity published two articles detailing fraud that was occurring in several different state’s UIB portals. These states had been warned by the US Secret Service to be on the lookout for this. Reading the articles, the common theme is that many states are missing rudimentary controls for combating fraud.