Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2024

CrowdStrike

How to Secure Business-Critical Applications

Feb 9, 2024 By Jacob Garrison In CrowdStrike
As organizations move more of their business-critical applications to the cloud, adversaries are shifting their tactics accordingly. And within the cloud, it’s clear that cybercriminals are setting their sights on software applications: In fact, industry data shows 8 out of the top 10 breaches in 2023 were related to applications.
Read Post
keeper

How To Tell if Spyware Is on Your Phone and How to Remove It

Feb 9, 2024 By Tim Tran In Keeper
While browsing the internet, you may accidentally install spyware on your phone without even knowing. Android phones are known to be more susceptible to spyware than iPhones; however, anyone who owns a smartphone needs to watch out for spyware – especially if your phone is outdated or jailbroken. Some ways you can tell if spyware is installed is if your phone’s camera and mic turn on randomly, you hear a noise during phone calls, or you see unfamiliar apps and files on your phone.
Read Post
netskope

Cloud Threats Memo: Back to the Basics: New DarkGate Campaign Exploiting Microsoft Teams

Feb 9, 2024 By Paolo Passeri In Netskope
DarkGate is a commodity malware with multiple features including the ability to download and execute files to memory, a hidden virtual network computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation.
Read Post
netwrix

A Comprehensive Guide to Active Directory Monitoring Tools

Feb 9, 2024 By Craig Riddell In Netwrix
Effective Active Directory (AD) monitoring is a cornerstone for security and compliance. It empowers administrators to spot suspicious activity, including improper changes to AD objects like user accounts and Group Policy objects (GPOs), in time to avoid data breaches or minimize their impact.
Read Post
WatchGuard

Navigating the Landscape of Security Frameworks and Regulations: A Guide to Vulnerability Management and Patching

Feb 9, 2024 By Iratxe Vazquez In WatchGuard
In today's rapidly evolving cyber threat landscape, organizations across all industries face an imperative need to safeguard their digital assets. Adherence to standard security frameworks, regulations, and insurance requirements is not just a strategic step towards a robust cybersecurity posture but a matter of compliance. These standards, regulations, and insurance requirements mandate ongoing vulnerability management and patching to mitigate risks and protect sensitive data.
Read Post

Vulnerability A03 : Injection - OWASP TOP 10

Feb 9, 2024 By VISTA InfoSec In VISTA InfoSec
Welcome to our latest video on the OWASP Top 10, focusing on Vulnerability A03: Injection. This video is designed to provide a comprehensive understanding of injection vulnerabilities, which are among the most common and dangerous security risks in web applications. In this video, we will explore the concept of injection vulnerabilities, their various types, and how they can be identified. We will also look at real-world examples to illustrate the potential impacts of these vulnerabilities when they are exploited.
View Video
centripetal

Fortinet Vulnerability: CVE-2024-21762

Feb 9, 2024 By Lauren Farrell In Centripetal
On Thursday, February 8th, the Fortinet Product Security Incident Response Team released an advisory (FG-IR-24-015) notifying of an out-of-bound write vulnerability in their SSL VPN tracked as CVE-2024-21762. The vulnerability “may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests”.
Read Post
synopsys

Test mode enhancements to Defensics fuzz testing

Feb 9, 2024 By Andy Pan In Synopsys
Defensics® is the leading fuzz testing solution for discovering unknown vulnerabilities and ensuring system robustness. The tool has been widely adopted across industrial Internet of Things (IoT) and medical devices, as well as telecom network environments to mitigate risks when deploying embedded software. Defensics offers powerful capabilities out of the box for testers to perform protocol testing and hardening checks.
Read Post
Arctic Wolf

PRC State-Sponsored Threat Actors (Volt Typhoon) Target Critical Infrastructure Entities

Feb 9, 2024 By Andres Ramos In Arctic Wolf
On February 7, 2024, CISA issued an advisory detailing their discoveries concerning state-sponsored cyber actors linked to the People’s Republic of China (PRC). Notably, the PRC-affiliated threat actor, Volt Typhoon, is actively engaged in efforts to infiltrate IT networks, with the potential aim of launching cyber attacks on vital U.S. infrastructure in the event of a substantial crisis or conflict with the United States.
Read Post

Cybersecurity Dilemma: Balancing Government Involvement Without Sacrificing Security Budgets

Feb 9, 2024 By Razorthorn In Razorthorn
Unravel the cybersecurity dilemma in our latest video, where we explore the complex relationship between government involvement and corporate cybersecurity programs. Many cybersecurity leaders may express reluctance when asked about government intervention, fearing the additional burdens of setting up new compliance wings and diverting resources from tangible security budgets.
View Video
Rubrik

Announcing Amazon S3 Protection with Rubrik Security Cloud

Feb 9, 2024 By Mike Preston In Rubrik
Data is at the heart of nearly every business operation, and it’s critical to ensure the security and integrity of that data. Amazon Simple Storage Service (S3) has long been a popular choice for organizations seeking a scalable, cost-effective, and resilient storage solution for their data needs. In fact, nearly one million organizations around the world rely on Amazon S3 to store hundreds of exabytes of unstructured, business-critical data.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.