Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

bitsight

Don't RegreSSH: An Anti-Pavlovian Approach to Celebrity Vulns

Jul 30, 2024 By Ben Edwards In BitSight
Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability (CVE-2024-6387). Dubbed by its celebrity name regreSSHion, it is a Remote Code Execution vulnerability in some versions of OpenSSH discovered by the Qualys Threat Research Unit on July 1, 2024. Specifically, versions of OpenSSH compiled against the glibc library, which is to say “probably most of them”, were impacted.
Read Post
nucleus

Operationalize EPSS Scoring to Build Mature and Proactive Vulnerability Management

Jul 30, 2024 By Corey Tomlinson In Nucleus
Cybersecurity teams across all disciplines, including vulnerability management, are challenged to move faster than ever before. Whether it’s responding to a security incident, finding a new vulnerability, or stopping an attack, speed is at a premium.
Read Post
kovrr

Obtaining Fit-For-Purpose Cyber Insurance Amid a Volatile Market

Jul 25, 2024 By Kovrr In Kovrr
‍After cyber insurance rates skyrocketed from late 2020 to 2022, when the majority of the market had little choice but to switch to a completely remote way of working, prices have slowly started to drop. This new downward trend is promising, as organizations are increasingly searching for the most cost-effective ways to manage their cyber risks and offset potential losses.
Read Post
bitsight

Streamlining Your Response to Security Assessments With Bitsight Trust Management Hub

Jul 25, 2024 By Viet Tran In BitSight
Most organizations now recognize that even if they have a strong internal security posture, a security lapse by any one of their many third-party vendors or partners can be just as catastrophic to their business as a direct breach. Industry and government regulators are increasingly focused on this topic as well, resulting in a wave of new compliance requirements that extend to third-party risks.
Read Post
nucleus

Nucleus & Cycode Integration Delivers Unified Vulnerability Management and Application Security

Jul 25, 2024 By Adam Dudley In Nucleus
As modern enterprise IT environments become more complex, the need for robust cybersecurity measures continues to grow. Because of this expanding complexity, DevSecOps functions are more common, requiring the integration of security into the application development lifecycle. Application Security Posture Management (ASPM) solutions offer a unified framework for securing the diverse application environment and merging security into the application development process.
Read Post
securitysenses

5 Must-Have Features for Advanced Inventory Management Software in 2024

Jul 25, 2024 By SecuritySenses In SecuritySenses
Advanced inventory management software gives you the power to track items, forecast demand, and analyze data for smart decisions. Features like dynamic replenishment planning and AI-powered decisions help keep your stock levels just right while cutting down on costs. Plus, quality software fits well with ecommerce platforms and other tools you use. With technology moving, new tools like AI and machine learning will make managing inventory faster and more precise. Choosing the best software depends on what your business needs and how much money you can spend.
Read Post
synopsys

Once and future code snippets: How AI reignites risk

Jul 24, 2024 By Phil Odence In Synopsys
Code snippets copied from copyleft-licensed open source projects represented the biggest risk in software 15 years ago. The Heartbleed vulnerability, discovered in April 2014, brought to the fore concerns about the security of open source components, and license risk took a bit of a back seat. But the problem never went away. Now, the advent of Generative AI as a tool for writing software is shining a new light on the issue.
Read Post
riscosity

Data Catalogs: What They Are & Why They're Important

Jul 24, 2024 By Anirban Banerjee In Riscosity
A data catalog is a critical data repository that enables visibility into what data you have, where it’s going, and who owns it – all critical inputs for maintaining data security. A company's data needs to be both organized and centralized, while also easily being discoverable. In this article, we’ll explore what data catalogs are and how they can create business value in your organization.
Read Post
bitsight

Vendor Risk Management Principles: A Strategic Guide For Security Managers

Jul 24, 2024 By Melissa Stevens In BitSight
In today’s interconnected business environment, organizations rely heavily on third parties, and while third party relations are critical for success in most businesses, they also leave data more vulnerable to exposure from bad actors. This makes vendor risk management (VRM) a critical component of any company's overall risk management strategies. Effective VRM practices help protect sensitive data and maintain robust security postures, minimizing the potential risks introduced by vendors.
Read Post
upguard

CrowdStrike Outage: What Happened and How to Limit Future Risk

Jul 24, 2024 By Nicholas Sollitto In UpGuard
In the early morning of July 19, a software update to CrowdStrike’s Falcon sensor started to cause one of the most extensive IT outages in history, affecting several industry sectors, including financial services, healthcare, transportation, and others. According to CrowdStrike, the outage stemmed from “a defect found in a Falcon content update for Windows hosts.” At this point, the software update has not affected Mac and Linux systems.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.