Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

netwrix

What are SMB Ports, Port 139 and Port 445?

Sep 27, 2024 By Mark Techa In Netwrix
Organizations are increasing their use of various solutions to address communication needs across their infrastructure. As file systems are an integral part of collaboration, this article will dive into one of the most widely used protocols necessary for many systems. We will learn more about the SMB protocol, Port 139, Port 445, how it works, the risks associated with it, and remediation steps to provide a more secure communication channel.
Read Post
graylog

What is NIST 800-53?

Sep 27, 2024 By Jeff Darrington In Graylog
Imagine compliance is like a driving application. You know your location and you plug in the destination address, then it shows you the route’s overview. If you want a more specific map, you can zoom in a bit and get more details. Similarly, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and it’s most recent revision provide the overview roadmap for your compliance journey.
Read Post
Snyk

Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System

Sep 27, 2024 By Jim Armstrong In Snyk
On September 27, 2024, evilsocket.net (Simone Margaritelli) published information about several vulnerabilities in CUPS (Common UNIX Printing System), which can allow for arbitrary remote code execution (RCE). There are currently 4 CVEs associated with these findings, with potentially more on the way. There is also some debate about the severity of these vulnerabilities, however, one of the CVEs was initially given a CVSS score of 9.9. We will update this blog if new information becomes available.
Read Post
fidelis security

What is Threat Detection and Response?

Sep 27, 2024 By Fidelis Security In Fidelis Security
Attackers nowadays are good at setting up camp in networks and stealing important information. This means you need to be on your toes with top-notch threat spotting. You need something that can handle the whole attack process, from when they first break in to when they move around and take data.
Read Post
indusface

How do Compliance Regulations Drive Application Security?

Sep 27, 2024 By Vinugayathri Chinnasamy In Indusface
A zero-day flaw in MOVEit software exposed the data of 66.4 million individuals, revealing businesses are increasingly vulnerable to cyberattacks. Applications, which manage sensitive data, are prime targets for these threats. Compliance regulations recognize the risks and establish guidelines aimed at ensuring applications meet data protection, privacy, and overall security. PCI DSS v4.0 for example introduces 64 new requirements including strict security measures to protect public-facing applications.
Read Post
astra

How to Conduct Web App Penetration Testing?

Sep 27, 2024 By Jinson Varghese In Astra
Web application penetration testing is a comprehensive and methodological process that leverages various tools and techniques to identify, analyze, and prioritize vulnerabilities in the application’s code and configurations. It goes beyond basics to find interlinked business logic vulnerabilities before attackers can gain unauthorized access to sensitive data, disrupt operations, or steal user data.
Read Post
cycognito

Emerging Security Issue: Progress Software WhatsUp Gold (CVE-2024-6670)

Sep 27, 2024 By Emma Zaballos In CyCognito
CVE-2024-6670 is a critical (CVSS v3 score: 9.8) SQL injection vulnerability. Threat researcher Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) discovered that, if the application is configured with only one user, unauthenticated attackers can leverage this vulnerability to retrieve users’ encrypted passwords.
Read Post
securitysenses

Cybersecurity in Web Development: Best Practices for Secure Sites

Sep 27, 2024 By SecuritySenses In SecuritySenses
Creating a website takes more than designing it to be visually appealing and user-friendly. Due to increased cyber threats, web developers have a challenge on their hands as they are required to observe security measures for both the users and the website. There is a high possibility of incurring costs due to reputation loss and business losses due to security breaches, thus emphasizing the need for the incorporation of security into every stage of web development. Everything must be perfectly safe, so we decided to ask professionals from paspartoo.com what things really matter.
Read Post
securitysenses

AI and License Plates: A Game-Changer for Vehicle Tracking

Sep 27, 2024 By SecuritySenses In SecuritySenses
You know how in those spy movies, they always seem to magically identify cars zipping by? Well, it's not just Hollywood magic anymore. Thanks to AI, license plate recognition has come a long way from the days of squinting cops with notepads. Let's dive into this tech that's shaking up everything from parking lots to police work.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.