Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2024

cloudflare

Monitoring machine learning models for bot detection

Feb 16, 2024 By Daniel Means In Cloudflare
Cloudflare’s Bot Management is used by organizations around the world to proactively detect and mitigate automated bot traffic. To do this, Cloudflare leverages machine learning models that help predict whether a particular HTTP request is coming from a bot or not, and further distinguishes between benign and malicious bots. Cloudflare serves over 55 million HTTP requests per second — so our machine learning models need to run at Cloudflare scale.
Read Post
upguard

TPRM & FINRA Compliance: Regulatory Notice 21-29

Feb 16, 2024 By Nicholas Sollitto In UpGuard
The United States Congress first authorized the Financial Industry Regulatory Authority (FINRA) to protect American investors and oversee the broker-dealer industry in 2007. FINRA is an independent regulatory organization that upholds its obligation and ensures a fair market by establishing rules to regulate business activities and improve the security of member firms and other market participants. With few exceptions, most broker-dealer firms must register with FINRA.
Read Post
upguard

In-House vs Outsourced Third-Party Risk Management

Feb 16, 2024 By Nicholas Sollitto In UpGuard
Today’s cybersecurity landscape is teeming with third-party threats: supply chain risks, regulatory compliance requirements, third-party security flaws, malicious insiders, and more. Whether your organization’s risk appetite craves conservative or aggressive third-party relationships, these risks make third-party risk management (TPRM) necessary.
Read Post
upguard

Using TPRM to Protect Intellectual Property in University Research

Feb 16, 2024 By Nicholas Sollitto In UpGuard
University-industry collaborations and other joint research ventures offer access to resources, expertise, funding, and other benefits for university researchers. However, through the use of unvetted software, password sharing, and other actions these external partnerships can expose the university and its intellectual assets to substantial cybersecurity threats, such as unauthorized access, data breaches, and other cyber attacks.
Read Post
nightfall

Done with traditional DLP? Here's how generative AI can help.

Feb 16, 2024 By Madeline Day In Nightfall
Since the widespread migration to the cloud, DLP has become an essential—yet often dreaded—tool for protecting data from leaks, breaches, exfiltration, and more. It’s no secret that traditional DLP solutions have a less-than-stellar reputation. Security teams are squeezed tighter than ever in terms of time and resources. Needless to say, adding more alerts on top of already daunting workloads is less than ideal. It’s time for a smarter, more sustainable form of DLP.
Read Post
Forescout

Department of Justice disrupts Moobot botnet commandeered by Russian APT28: analysis of attacks against routers and malware samples

Feb 16, 2024 By Forescout Vedere Labs In Forescout
On February 15, the US Department of Justice announced “Operation Dying Ember”: the takedown of a botnet controlled by APT28, the Russian military cyber threat actor also known as Fancy Bear. APT28 was previously known for developing the VPNFilter botnet, which targeted routers and network attached storage devices and was also disrupted by the DoJ in 2018.
Read Post
alienvault

Strong results in third-party testing confirm AT&T Cybersecurity as an XDR leader

Feb 16, 2024 By Belinda Streak In AT&T Cybersecurity
Here at AT&T Cybersecurity, we know that the technology powering our managed detection and response services is solid—and we’ve got documentation to prove it. But we also know you’ve probably read your share of marketing materials making claims with nothing to back them up, so when we get the opportunity to share third-party metrics that support what we’ve been saying, we jump on it.
Read Post
vista infosec

PCI DSS Requirement 6 - Changes from v3.2.1 to v4.0 Explained

Feb 16, 2024 By Narendra Sahoo In VISTA InfoSec
Welcome back to our series on PCI DSS Requirement Changes from v3.2.1 to v4.0. Today, we’re discussing Requirement 6, which is crucial for protecting cardholder data. It mandates the use of vendor-supplied security patches and secure coding practices for in-house developed applications. These measures help mitigate vulnerabilities that hackers could exploit. The requirement also emphasizes the importance of vigilance in identifying and remediating vulnerabilities.
Read Post

Bleeding Credit Unions Dry: The Story of Sloppy and Broken Operations

Feb 16, 2024 By CISO Global In CISO Global
How vulnerable are credit unions, the bedrock of community finance, to rapidly advancing cyber threats? Very. Join CISO Global's Chris Clements, Tigran Safari, James Montagne, and special guest Iwona Karpeta as they discuss recent attacks against credit unions, how they responded, and how their customers were impacted. Speakers: Chris Clements is the VP of Solutions Architecture for CISO Global. Chris has spent more than two decades working in the information security field and has a wide range of experience, including business management, sales, product, and service delivery.
View Video
elastic

Strengthening small utilities: The power of public-private partnership

Feb 16, 2024 By Bill Wright In Elastic
In the wake of recent cyber attacks against US water utilities, the vulnerability of local entities dependent on operational technology (OT) has been starkly highlighted. This danger was further emphasized last week when Congress held a hearing titled Securing Operational Technology: A Deep Dive into the Water Sector. Witnesses at the hearing painted a stark picture of the significant cybersecurity risks facing small utility companies today.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.