Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Rubrik

Another Case for Cyber Resilience: A Large-Scale Extortion Campaign and Best Practices for Data Security in the Cloud

Aug 20, 2024 By Drew Russell In Rubrik
Recently, a widespread cloud extortion operation—affecting 110,000 domains and involving significant financial demands—was uncovered. Unit 42, the cybersecurity research division of Palo Alto Networks, released a report this month detailing how threat actors exploited misconfigured.env files to gain unauthorized access, steal sensitive data, and demand ransoms after deleting cloud assets.
Read Post
cyberark

The Human Factor in a Tech-Driven World: Insights from the CrowdStrike Outage

Aug 20, 2024 By Len Noe In CyberArk
The idea that people are the weakest link has been a constant topic of discussion in cybersecurity conversations for years, and this may have been the case when looking at the attack landscape of the past. But we live in a new world where artificial intelligence (AI), large language models (LLMs) and deep fake technology are changing every day.
Read Post
bitsight

Challenges in Automating and Scaling Remote Vulnerability Detection

Aug 20, 2024 By Kolby O'Malley-Dertien In BitSight
When a new major CVE gets released, cybersecurity companies race to discover ways of detecting the new vulnerability and organizations scramble to determine if they are impacted or not. Developing high-confidence techniques to scan the public-facing Internet assets for newly published vulnerabilities can potentially take weeks or even months as vulnerability researchers discover and test various detection methods.
Read Post
tripwire

Securing Infrastructure as Code: Best Practices for State Management

Aug 20, 2024 By Joseph Chukwube In Tripwire
IT infrastructure management is a complex task. Over the years, various methods have been used to better manage corporate environments. Whether it is network monitoring, asset control, application monitoring, or any of the other infrastructure management obligations, different solutions have been attempted to make the job easier. These undertakings became even more challenging as infrastructure moved from the deceptively tidy on-premises data centers out to the cloud.
Read Post
ThreatQuotient

Automating Intelligence with ThreatQ TDR Orchestrator

Aug 20, 2024 By Julia Weifenbach In ThreatQuotient
ThreatQ TDR Orchestrator serves as a bridge between human expertise and machine precision, optimizing workflows in security operations. By leveraging this dynamic solution, organizations can ensure that the tacit knowledge of security analysts is efficiently captured and combined with automated processes. This integration facilitates a more agile response to threats, as the human element of decision-making is supported by the speed and consistency of automation.
Read Post
jfrog

From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms

Aug 20, 2024 By Ori Hollander In JFrog
NOTE: This research was recently presented at Black Hat USA 2024, under the title “From MLOps to MLOops – Exposing the Attack Surface of Machine Learning Platforms”. The JFrog Security Research team recently dedicated its efforts to exploring the various attacks that could be mounted on open source machine learning (MLOps) platforms used inside organizational networks.
Read Post
securitysenses

The Role of ISO 27001 in Enhancing Information Security

Aug 20, 2024 By SecuritySenses In SecuritySenses
In today's digital age, information security is paramount for organizations of all sizes and industries. Protecting sensitive data from cyber threats, unauthorized access, and other vulnerabilities is a critical concern. One of the most effective frameworks for achieving robust information security is ISO 27001. This international standard provides a comprehensive approach to managing and safeguarding information assets. This article delves into the role of ISO 27001 in enhancing information security, exploring its key principles, benefits, and implementation strategies.
Read Post
manageengine

Strengthening your defenses: Aligning Firewall Analyzer with the new PCI DSS v4.0 standards

Aug 19, 2024 By Firewall Analyzer In ManageEngine
According to IBM’s 2023 Cost of a Data Breach Report, the global average cost of a data breach is $4.45 million. This includes expenses related to detection, response, and post-breach costs. Moreover, non-compliance can result in regulatory fines. For instance, GDPR violations can lead to fines of up to €20 million or 4% of the company’s annual global turnover, whichever is higher. The challenges don’t stop there.
Read Post
trilio

OpenStack vs. VMware: Differences, Costs, and Backup Options

Aug 19, 2024 By David Safaii In Trilio
When it comes to managing your cloud infrastructure, picking the right platform can make a big difference in how smooth, scalable, and cost-effective your operations are. Two of the top contenders in this space are OpenStack and VMware. Both offer powerful tools for handling virtualized environments, but they suit different needs and preferences. Knowing the key differences between them is essential to help you make the best choice for your organization’s goals and technical needs.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.