Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

netwrix

What is Zero Trust?

Aug 20, 2024 By Martin Cannard In Netwrix
“Never trust; always verify.” That’s the philosophy that drives the Zero Trust model, and it represents a major shift from the previous motto: “Trust but verify.” As threat actors have become more sophisticated, organizations have shifted their security frameworks away from a network-centric model and toward an identity-first model. Zero Trust assumes that every attempt to access an organization’s digital assets is from a threat actor until it can be proven otherwise.
Read Post
securitysenses

The Role of ISO 27001 in Enhancing Information Security

Aug 20, 2024 By SecuritySenses In SecuritySenses
In today's digital age, information security is paramount for organizations of all sizes and industries. Protecting sensitive data from cyber threats, unauthorized access, and other vulnerabilities is a critical concern. One of the most effective frameworks for achieving robust information security is ISO 27001. This international standard provides a comprehensive approach to managing and safeguarding information assets. This article delves into the role of ISO 27001 in enhancing information security, exploring its key principles, benefits, and implementation strategies.
Read Post
manageengine

Strengthening your defenses: Aligning Firewall Analyzer with the new PCI DSS v4.0 standards

Aug 19, 2024 By Firewall Analyzer In ManageEngine
According to IBM’s 2023 Cost of a Data Breach Report, the global average cost of a data breach is $4.45 million. This includes expenses related to detection, response, and post-breach costs. Moreover, non-compliance can result in regulatory fines. For instance, GDPR violations can lead to fines of up to €20 million or 4% of the company’s annual global turnover, whichever is higher. The challenges don’t stop there.
Read Post
Trustwave

Active Defense and Offensive Security: The Two Sides of a Proactive Cyber Defense Program

Aug 19, 2024 By David Broggy In Trustwave
Offensive security and active defense may appear at first glance as contradictory cybersecurity solutions, but when paired, they create complementary and robust protective solutions. Let's take a quick look at what each solution offers before we go into the details. Offensive security involves attempting to identify flaws in an organization before a threat actor has a chance to exploit them.
Read Post
graylog

MITRE ATT&CK: API-based Enterprise Techniques and Sub-techniques

Aug 19, 2024 By The Graylog Team In Graylog
Imagine you have a backpack with a granola bar buried at the bottom and a tenacious tiny dog who loves snacks. Even though the dog shouldn’t be able to reach that granola bar stored away carefully, it managed to open a zipper and snoop through the contents to eat the snack. From an IT environment standpoint, Application Programming Interfaces (APIs) are the backpack carrying sensitive – but appealing to attackers – data.
Read Post
knowbe4

Is Disabling Clickable URL Links Enough?

Aug 19, 2024 By Roger Grimes In KnowBe4
Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by itself to potentially not need employee security awareness training and simulated phishing. We can understand why this misperception might exist. Many anti-phishing educational lessons discuss the need for people to evaluate all URL links before clicking on them.
Read Post
Arctic Wolf

What is Endpoint Security?

Aug 19, 2024 By Christopher Fielder In Arctic Wolf
Endpoints are a continuous target for threat actors. They serve as gateways to the overall network, meaning an attack that starts on a single endpoint can quickly spread across the attack surface. They offer a valuable entry point into an organization’s environment that can be used to launch sophisticated cyber attacks.
Read Post
knowbe4

Ransomware Group Known as 'Royal' Rebrands as BlackSuit and Is Leveraging New Attack Methods

Aug 19, 2024 By Stu Sjouwerman In KnowBe4
The ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI. The latest advisory from the FBI on ransomware threat group BlackSuit, is actually an updated 18-month-old advisory originally released to warn organizations about the threat group Royal. It appears that the group has rebranded, according to the advisory, and has updated their methods of attack.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.