Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Defending Against Zero-Day Attacks with AlienVault USM Anywhere
Recently, an AlienVault customer reached out to ask how AlienVault handles the detection of zero-day attacks, which are exploits against previously unknown vulnerabilities. In this blog, I shed light on how we approach this.
Demo - Continuous security assessment for AWS
Netskope’s Continuous Security Assessment for AWS helps address the risk tied to misconfigurations that may lead to resources being inadvertently exposed to the internet. Netskope achieves this by continuously monitoring and auditing your AWS configuration, using the CIS benchmark, PCI-DSS, in addition to AWS best practices, to assess your compliance posture.
Demo - Insider threat protection for AWS S3
Learn more about Netskope for IaaS at netskope.com
The Art and Science of Secure Coding: Key Practices that Stand Out
Flaws in code lines, file system and data input methods make up the core security vulnerability of any application. This is what we address through secure coding practices. Secure coding guidelines stand out as the last battling army before the enemy line of security risks and threats.
Top 10 PCI DSS Compliance Pitfalls
Despite the fact that PCI DSS has been in effect for over a decade, and most merchants are achieving compliance, some of the world’s largest retailers have been hit by to data breaches. The sad truth is that achieving compliance doesn’t guarantee data protection, even for large organizations. For example, more than five million credit card numbers were stolen in 2018 hacks of two major retailers.
Getting started with Detectify
Detectify is an automated vulnerability scanner that helps you stay on top of threats by testing your web application for 1000+ vulnerabilities. Getting started with Detectify is easy - you can get up and running in a matter of minutes.
Proof of Concept: CVE-2018-2894 Oracle WebLogic RCE
A recent vulnerability was sent in to Detectify Crowdsource regarding an unauthenticated remote code execution (RCE) in Oracle WebLogic Server. It is easily exploited and this video shows the proof of concept.
Case Study: ionCube Encoder on BitBucket
Working with a wide variety of customers and technologies often brings interesting challenges and stories that usually end up buried in a support ticket never to see the light of day again. However, after a curious ticket regarding integration of our product into a BitBucket pipeline, we asked WeTek if they would like to contribute an article about this particular problem. Well, here it is, a great article highlighting the subtleties that can trip us up!
Why do we need automation in Security? - An Introduction to SOAR
Pick up any industry and you will realize that every one has gone through an evolution – from being entirely dependent on humans to being now run majorly by machines and automated processes. There comes a point, for every industry, where in order to function efficiently and effectively operate, automation becomes a necessity.
How UK Public Sector Organizations Can Craft an Effective Cyber Security Strategy
Organizations in the United Kingdom’s public sector face several challenges in terms of their digital security. Today, these companies must meet an increasing number of regulatory compliance obligations. GDPR likely sits near the top of UK public sector organizations’ list of responsibilities given the penalties they could incur should they fail to adequately protect EU citizens’ personal data.