Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2024

Snyk

Repo Jacking: The Great Source-code Swindle

Jul 25, 2024 By Elliot Ward In Snyk
In this post, we explore a powerful, yet widely unknown attack vector which has emerged in the last couple of years known as ‘Repo Jacking’. During our research, we discovered the enormous potential to compromise software components with tens of millions of downloads across the Terraform IaC (Infrastructure as Code) and Composer (PHP package registry) ecosystems. Despite its power, Repo Jacking remains under-researched and frequently misunderstood.
Read Post
Tines

A step-by-step guide for embracing workflow automation

Jul 25, 2024 By Eoin Hinchy In Tines
Workflow automation offers huge potential benefits for security teams, including improved incident readiness, faster time to value, enhanced team retention, and reduced errors. Whether your team is planning to embrace security automation for the first time or enhance an existing program, a clear roadmap is essential. In this post, I'll share a step-by-step guide for security teams looking make the most of workflow automation and the technology that's allowing teams to work even faster, AI.
Read Post
kovrr

Obtaining Fit-For-Purpose Cyber Insurance Amid a Volatile Market

Jul 25, 2024 By Kovrr In Kovrr
‍After cyber insurance rates skyrocketed from late 2020 to 2022, when the majority of the market had little choice but to switch to a completely remote way of working, prices have slowly started to drop. This new downward trend is promising, as organizations are increasingly searching for the most cost-effective ways to manage their cyber risks and offset potential losses.
Read Post
netwrix

How to Remove Risky Local Admin Rights - without Hurting User Productivity

Jul 25, 2024 By Grant Stromsodt In Netwrix
Local administrator rights provide users with unrestricted access to their machines, enabling them to install applications, modify system settings and perform other administrative tasks. While this level of freedom can enhance productivity and flexibility, it also poses significant threats to security, compliance and business continuity. Accordingly, best practices recommend strictly limiting local admin rights.
Read Post
ioncube24

Weekly Cyber Security News 25/07/2024

Jul 25, 2024 By Kevin In ionCube24
Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! I’m sure some of you out are still dealing with the last week’s issue and never want to hear the word CrowdStrike again, well this might have helped.
Read Post
sysdig

Transforming enterprise data from leaky sieve to Fort Knox

Jul 25, 2024 By Crystal Morin In Sysdig
Enterprises today face significant challenges in managing, governing, and securing corporate data. Data moves and is shared more ubiquitously than we likely recognize. Through the use of large language models (LLMs), shared with third-party vendors, or exposed on the dark web, there are blind spots that hinder the security and IT teams’ visibility into where data resides and how and by whom it’s accessed.
Read Post
Internxt

Geek Squad Scam 2024: What Is It and How to Prevent It

Jul 25, 2024 By Mia Naumoska In Internxt
One of the recent email scams of the past few months is the Geek Squad scam. Similar to other phishing scams, this scam involves cybercriminals impersonating Geek Squad - a trusted tech support team from the American company Best Buy. As we learn more about the Geek Squad scam, including what it is and how to spot and prevent it, you will be able to protect yourself from it and learn techniques to defend yourself against present and future scams.
Read Post
cloudflare

Making WAF ML models go brrr: saving decades of processing time

Jul 25, 2024 By Alex Bocharov In Cloudflare
We made our WAF Machine Learning models 5.5x faster, reducing execution time by approximately 82%, from 1519 to 275 microseconds! Read on to find out how we achieved this remarkable improvement. WAF Attack Score is Cloudflare's machine learning (ML)-powered layer built on top of our Web Application Firewall (WAF). Its goal is to complement the WAF and detect attack bypasses that we haven't encountered before.
Read Post

Identify Possibly Impacted Hosts with CrowdStrike Dashboard

Jul 25, 2024 By CrowdStrike In CrowdStrike
This video is an overview of the dashboard available for CrowdStrike Insight customers to identify possibly impacted devices related to the recent defect in a CrowdStrike content update for Windows hosts. For more information on this dashboard, please visit the CrowdStrike Remediation and Guidance Hub.
View Video

Strategies for Increasing AI Efficiency - Insights from the Cisco Research Efficient AI Summit

Jul 25, 2024 By Panoptica In Panoptica
As AI models become more accurate, they are becoming much larger, requiring a significant amount of computing power to run. How can we make the future of AI more scalable and sustainable? Cisco Research hosted a virtual summit on efficient AI, bringing together researchers to explore efficient AI challenges and discuss opportunities for solving those challenges now and into the future. The Cisco Research team has been working on efficient AI initiatives for several years, contributing research papers and incorporating their work into an open-source project called ModelSmith.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.