Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

securitysenses

Artificial Intelligence in Cybersecurity: Threat or Advantage?

Nov 25, 2024 By SecuritySenses In SecuritySenses
In today's hyperconnected world, cybersecurity stands as the first line of defense against the growing tide of cyber threats. With billions of devices connected globally, protecting sensitive information has never been more critical-or complex. Enter artificial intelligence (AI), a technological marvel capable of revolutionizing cybersecurity. But as with all powerful tools, AI is a double-edged sword. It holds incredible potential to bolster defenses yet can also amplify the capabilities of cybercriminals.
Read Post
securitysenses

How Can You Become More Tech-Savvy and Use the Internet Smarter?

Nov 25, 2024 By SecuritySenses In SecuritySenses
Connecting to the world's greatest digital hub (and repository of cat memes) has never been easier and more inclusive. That said, the fact that almost anyone can access the internet now doesn't mean we're all using it responsibly or getting the most out of the experience. This short guide will introduce you to four essential steps towards savvier and safer internet use.
Read Post
protecto

Format-Preserving Encryption vs Tokenization: Learn the Key Differences

Nov 24, 2024 By Rahul Sharma In Protecto
Data security demands robust protection methods in our digital age. Format-preserving encryption and tokenization stand out as robust solutions for safeguarding sensitive information. Understanding the difference between data tokenization and encryption helps organizations protect data while maintaining usability. Modern businesses must choose between encryption vs tokenization for their needs. The choice between these methods impacts system performance and security levels.
Read Post
aikido

Path Traversal in 2024 - The year unpacked

Nov 23, 2024 By Mackenzie Jackson In Aikido
Path traversal, also known as directory traversal, occurs when a malicious user manipulates user-supplied data to gain unauthorized access to files and directories. Typically the attacker will be trying to access logs and credentials that are in different directories. Path traversal is not a new vulnerability and has been actively exploited since the 90s when web servers gained popularity, many relied on Common Gateway Interface (CGI) scripts to execute dynamic server-side content.
Read Post
protecto

Static Data Masking vs. Dynamic Data Masking: What's the Difference?

Nov 23, 2024 By Rahul Sharma In Protecto
Data masking is essential for protecting sensitive information in today’s data-driven world. It ensures that critical data, such as personal and financial information, remains secure from unauthorized access by replacing real data with fictitious or obfuscated values. By replacing real data with fictitious or obfuscated values, data masking safeguards privacy while enabling necessary operations like testing and analytics.
Read Post
securitysenses

How to Boost Mobile Security Across International Borders

Nov 23, 2024 By SecuritySenses In SecuritySenses
Today, our smartphones store a wealth of personal and financial information, which can be especially vulnerable when traveling internationally. When traveling, your device is more vulnerable to increased surveillance, hacking attempts, and theft. The solution is straightforward: take as many precautions as possible to safeguard your device.
Read Post
splunk

Bypassing the Bypass: Detecting Okta Classic Application Sign-On Policy Evasion

Nov 22, 2024 By Michael Haag In Splunk
In September 27, 2024, Okta disclosed a critical vulnerability affecting their Classic environment that created a concerning security gap in identity protection. The vulnerability, active since July 17, 2024, allowed attackers with valid credentials to bypass application-specific sign-on policies by simply modifying their user-agent string.
Read Post
splunk

CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

Nov 22, 2024 By Michael Haag In Splunk
The e-commerce world was recently shaken by the discovery of a vulnerability in Adobe Commerce and Magento, two of the most widely used e-commerce platforms. Dubbed "CosmicSting" and designated as CVE-2024-34102, this vulnerability exposes millions of online stores to potential remote code execution and data exfiltration risks.
Read Post
Trustwave

Upping An Offensive Security Game Plan with Pen Testing as a Service

Nov 22, 2024 By Ed Williams In Trustwave
While most security professionals recognize the value of penetration testing, they too often conduct pen tests only sporadically – maybe quarterly at best. Pen Testing as a Service (PTaaS) is a way to change that equation, enabling companies to conduct pen tests more regularly, or whenever a particular need arises. That’s important because of the crucial role pen testing plays in providing offensive security –finding problems before bad actors do.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.