Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
opsdemon
Latest posts
Phishing Attacks Exploits the Open Enrollment Period
A phishing campaign is impersonating HR to target employees who are making annual insurance changes during the open enrollment period, according to researchers at Abnormal Security. The attackers are using legitimate notifications from Dropbox to send phishing messages, asking recipients to view a document on Dropbox regarding annual salary increases and open enrollment elections.
Upping An Offensive Security Game Plan with Pen Testing as a Service
While most security professionals recognize the value of penetration testing, they too often conduct pen tests only sporadically – maybe quarterly at best. Pen Testing as a Service (PTaaS) is a way to change that equation, enabling companies to conduct pen tests more regularly, or whenever a particular need arises. That’s important because of the crucial role pen testing plays in providing offensive security –finding problems before bad actors do.
CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102)
The e-commerce world was recently shaken by the discovery of a vulnerability in Adobe Commerce and Magento, two of the most widely used e-commerce platforms. Dubbed "CosmicSting" and designated as CVE-2024-34102, this vulnerability exposes millions of online stores to potential remote code execution and data exfiltration risks.
Prioritize The Security Issues That Matter With Context Engine
Use contextual prioritization to focuses on the real risks, while weeding out the noise.
CrowdStrike Partners with MITRE Center for Threat-Informed Defense to Launch Secure AI Project
As organizations deploy more AI-enabled systems across their networks, adversaries are taking note and using sophisticated new tactics, techniques and procedures (TTPs) against them. The need for continued innovation to fight these threats is paramount.
Bypassing the Bypass: Detecting Okta Classic Application Sign-On Policy Evasion
In September 27, 2024, Okta disclosed a critical vulnerability affecting their Classic environment that created a concerning security gap in identity protection. The vulnerability, active since July 17, 2024, allowed attackers with valid credentials to bypass application-specific sign-on policies by simply modifying their user-agent string.
Increasing Organic Traffic with User-Friendly Site Builders
Creating an effective online presence is vital for businesses and individuals aiming to thrive in a competitive digital landscape. One of the most significant factors in this endeavour is driving organic traffic to your website. User-friendly site builders play a crucial role in achieving this goal by simplifying the web development process while offering tools that enhance visibility and engagement.
Top 5 PDF Password Protectors to Keep Your Files Safe
As we know, PDF is the most used file format in professional and educational settings. Even sensitive data, like bank statements, are usually shared in a PDF format. Before sending these sensitive files over to the recipient, it is essential to ensure their safety to protect confidential data. By applying a password, you can safeguard your files from data breaches. Therefore, it is a good idea to password-protect your PDF files using a trustworthy protection tool. Read this article till the end, as it features a list of renowned PDF Password Protectors to help you pick a suitable tool.
5 Key Differences Between Proxies and Firewalls
The world has never been this hyper-connected, but here's the bad side: if you are not dealing with one security threat, it's another, from malware and hacking to even lapses by your team. To enhance the protection of sensitive data, you might need more than one tool. Two of the most thrown-around words in this space are firewalls and proxies. To non-tech-savvy eyes, they mean the same thing. But the truth is that they are not!