Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
opsdemon
Latest posts
The Hidden Challenges of Automating Secrets Rotation: Why Automatic Credential Rotation Isn't a One-Click Solution
Automating secrets rotation requires maturity and planning. Let's look at how to inventory, scope, and secure credentials without risking downtime or vulnerabilities.
Certification Update with Stefanie - Tanium Converge 2024
Get a first-hand update from Tanium's VP of Enablement on the latest certification news. Tanium's 2024 Converge user conference was held November 17-21 in Orlando, Florida. Converge 2025 will be in Orlando, Florida, November 17-20..
Hellcat Ransomware: A Growing Threat to Businesses and Organizations
Hellcat ransomware emerged in early November 2024 and quickly became a notable threat in the cybersecurity landscape. The group first gained attention on November 6, 2024, when it claimed responsibility for a cyberattack against Schneider Electric. Known for its aggressive tactics and unique ransom demands, Hellcat is already making its mark in the world of ransomware.
Grow Your MSP Practice with SecurityScorecard MAX
Managing vendor security is a growing challenge for MSPs. Clients expect you to deliver enterprise-grade protection across their entire supply chain. However, many struggle with limited resources, manual processes, and the complexity of addressing third-party risks. SecurityScorecard MAX turns this challenge into an opportunity, helping you protect your clients while driving recurring revenue for your business.
New NIST Guidelines: Rethinking Passwords
The National Institute of Standards and Technology (NIST) issued a new perspective on password management policies, recognizing that many traditional practices used to ensure password security are no longer effective. The suggested practices to eliminate include not requiring periodic password changes, reducing restrictions on special characters, and discontinuing the use of security questions for account recovery.
Trustwave Launches Two New Microsoft Security Accelerators
Trustwave has launched two additional Microsoft Security accelerators designed to quickly increase an organization’s security maturity and identify potential cost-saving initiatives. The new accelerators are focused on Microsoft Purview and Microsoft Entra ID.
Web Shell Upload Via Extension Blacklist Bypass - Part 2
Web shell attacks are a critical and growing threat, often evading traditional defenses. In this Part 2 of our exploration into web shell attacks, we uncover how attackers leverage extension blacklist bypasses to upload malicious web shells and compromise systems. Stay informed! Like, comment, and subscribe for more expert insights into cyber threats and effective defense strategies. For Collaboration and Business enquiries, please use the contact information below.
PROXY.AM Powered by Socks5Systemz Botnet
A year ago, Bitsight TRACE published a blog post on Socks55Systemz,a proxy malware with minimal mentions in the threat intelligence community at the time. In that post, we correlated a Telegram user to the botnet operation and estimated its size at around 10,000 compromised systems. After a year-long investigation, we are shedding new light on these conclusions.
Barak Engel Lightning Interview
Welcome to the third installment of Riscosity’s Lightning Interview Series In this episode, we sit down with Barak Engel, founder and CEO at EAmmune, and CISO at MuleSoft, Amplitude, StubHub, BetterUp, and Faire among others. Barak is also the author of Why CISOs Fail, The Security Hippie, and The Crack in the Crystal. Ever wonder how you pentest a novel? Tune in to find out.
2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps
Trust is the foundation of the open source community — but what happens when that trust is betrayed? When a backdoor vulnerability was found in a widespread Linux-based data compression tool, it nearly created an opportunity for malicious actors to seize control of countless computers worldwide. The vulnerability was introduced by a trusted contributor who, after years of building rapport with maintainers, ultimately exploited that trust.