Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
opsdemon
Latest posts
Threat Actor Recruitment: Exploiting Online Platforms to Target Employees
CYJAX’s open-source intelligence team collects data from social media, instant messaging platforms, gated communities, and dark web locations to safeguard clients from threats stemming from online locations.
Salt Typhoon and the T-Mobile Breach: How Chinese Hackers Targeted U.S. Telecom and Political Systems
Salt Typhoon, a Chinese state-sponsored hacking group, has emerged as one of the most significant cyber threats to U.S. critical infrastructure. Initially identified in 2020, with increased recognition of their activities in 2021, the group has been linked to high-profile cyber espionage campaigns targeting U.S. telecommunications companies.
ISO 27001 Certification Expired: Why, and What Can You Do?
Two years ago, The International Organization for Standardization (ISO) published a long-awaited update to their primary cybersecurity framework, ISO 27001. The previous version, ISO 27001:2013, was nearly a decade old and in need of a refresh. The new version, ISO 27001:2022, is currently the version in effect. As part of the roll-out of ISO 27001:2022, companies were given instructions on how to transition to the new version from the 2013 version.
Building a Resilient Network Defense with Network Based Intrusion Detection Systems
Network based Intrusion Detection System (NIDS) is an important layer of security in the cybersecurity world. It essentially acts as a proactive guard, constantly scrutinizing network traffic activity — watching the data packets that travel across your devices for patterns that suggest signs of unauthorized access and other malicious behavior.
November Release Rollup: Document Portal, Trainable Classifiers, and More
We’re excited to share new updates and enhancements for November, including: For more information on these updates and others, please read the complete list below and follow the links for more detailed articles.
The Developer's Guide to the Cyber Resilience Act
In February 2024, Change Healthcare, one of the biggest IT solution companies in the U.S. healthcare system, suffered from a ransomware attack resulting in a complete shutdown of their IT system. Because of this attack, hospitals and pharmacies experienced interruptions in patient treatments, as well as in payments for several weeks. This is a nightmare for any software developer, security engineer or a company.
Web Shell Upload Via Extension Blacklist Bypass - Part 1
We delve into an in-depth exploration of a common web security vulnerability related to file uploads and it demonstrates how attackers can exploit weaknesses in file extension blacklists to upload malicious web shells. We also cover the mechanics of bypassing these security measures, including specific techniques and tools used to see practical examples of how to conduct such an attack in a controlled environment, emphasizing the importance of understanding these vulnerabilities for defensive programming.
From Awareness to Action: The Evolution of Security Training
Explore how security awareness has shifted to a holistic approach of human risk management. Learn why changing behaviour, not just spreading awareness, is crucial in today's cyber landscape.
Enhancing Data Security and Privacy with Protecto's AI-Powered Tokenization
The inherently non-deterministic nature of AI inputs, processing, and outputs multiplies risks, making traditional data protection methods insufficient. In the enterprise world, unstructured data—brimming with sensitive information such as Personally Identifiable Information (PII) and Protected Health Information (PHI)—poses a significant challenge, especially as this data flows into AI agents.