Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

graylog

Understanding Broken Function Level Authorization

May 28, 2024 By The Graylog Team In Graylog
Application Programming Interfaces (APIs) allow your applications to talk to one another, like an application-to-application iMessage or Signal. If you’ve ever texted a message to the wrong group chat, you’ve created a situation that mimics what broken function level authentication does between users and applications.
Read Post
WatchGuard

Navigating the NIS 2 Landscape - Part 1

May 28, 2024 By Kirk Jensen In WatchGuard
The European Union (EU) is taking a significant step forward in the fight against cybercrime by introducing the Network and Information Systems Directive 2, or NIS 2. This directive represents a major overhaul of cybersecurity regulations across the continent, aiming to bolster defenses against the ever-evolving threats of the digital age. In this first of four blog posts, we will introduce the basics of NIS 2.
Read Post
foresiet

ShrinkLocker: Turning BitLocker into Ransomware

May 28, 2024 By Foresiet In Foresiet
Attackers are continually developing sophisticated techniques to bypass defensive measures and achieve their goals. One highly effective approach involves exploiting the operating system's native features to evade detection and ensure compatibility. In the realm of ransomware threats, this can be seen in the use of the cryptographic functions within ADVAPI32.dll, such as CryptAcquireContextA, CryptEncrypt, and CryptDecrypt.
Read Post
jfrog

The basics of securing GenAI and LLM development

May 28, 2024 By Sean Pratt In JFrog
With the rapid adoption of AI-enabled services into production applications, it’s important that organizations are able to secure the AI/ML components coming into their software supply chain. The good news is that even if you don’t have a tool specifically for scanning models themselves, you can still apply the same DevSecOps best practices to securing model development.
Read Post
foresiet

Significant Surge in Cyber Activity Targeting Upcoming Indian General Election

May 28, 2024 By Foresiet In Foresiet
Foresiet, your trusted cybersecurity partner, brings to light a dramatic increase in cyber activity aimed at disrupting the upcoming Indian general election. This uptick, primarily driven by various hacktivist groups, has led to the exposure of personal identifiable information (PII) of Indian citizens on the dark web. The election, which will be held in seven phases from April 19 to June 1, 2024, will elect all 543 members of the Lok Sabha, with results announced on June 4, 2024.
Read Post
veracode

Understanding PCI DSS 4.0: What You Need to Know

May 28, 2024 By Jenny Buckingham In Veracode
If you're in a business that handles credit cards, you already know how crucial it is to keep that data secure. PCI DSS is a set of compliance requirements that ensure all companies handling cardholder data keep it secure. And that it's not just a good idea—it's a must. As cyber threats become more sophisticated, it's challenging to keep pace with complex security and compliance landscapes.
Read Post
keeper

What's New With Keeper | May 2024

May 28, 2024 By Rachel Gessner In Keeper
Keeper Security is excited to announce that we now support passkeys on Android and iOS mobile apps. This update extends passkey management functionality in the Keeper Vault beyond the Keeper browser extension support for Chrome, Firefox, Edge, Brave and Safari that we announced last year. Passkeys are a new type of credential that can entirely replace passwords or be used for multi-factor authentication.
Read Post
tigera

Container Security: Protect your data with Calico Egress Access Controls

May 28, 2024 By Utpal Bhatt In Tigera
23andMe is a popular genetics testing company, which was valued at $6B in 2021. Unfortunately, there was a massive data breach in December 2023, which caused a steep decline in the company’s value and trust, plummeting the company to a penny stock. While this breach was not directly related to Kubernetes, the same risks apply to containers running in your Kubernetes environments.
Read Post
veracode

Older, Larger, Riskier: The Correlation Between Application Age and Security Debt in the Public Sector

May 28, 2024 By Chris Eng In Veracode
Years of accumulated security debt due to unaddressed software vulnerabilities and inadequate security configurations plague the applications that support our government functions. The age and size of applications play a significant role in the accumulation of security debt. The State of Software Security 2024 report provides a detailed analysis of how these factors correlate with security vulnerabilities, particularly in older and larger applications.
Read Post
levelblue

The Evolution of Cyber Threats in the Age of AI: Challenges and Responses

May 28, 2024 By Chris Mark In LevelBlue
Cybersecurity has become a battlefield where defenders and attackers engage in a constant struggle, mirroring the dynamics of traditional warfare. In this modern cyber conflict, the emergence of artificial intelligence (AI) has revolutionized the capabilities of traditionally asymmetric cyber attackers and threats, enabling them to pose challenges akin to those posed by near-peer adversaries.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.