Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

armo

The importance of CSPM inventory

Oct 1, 2024 By Ido Huberman In ARMO
Almost all organizations either rely on cloud computing or are planning to adopt cloud computing technologies soon to ensure their businesses remain competitive and gain an edge over the competition. As businesses increasingly rely on cloud services to manage their operations, the complexity of these environments continues to grow, introducing new challenges in maintaining security and compliance. This is where Cloud Security Posture Management (CSPM) comes into the picture.
Read Post
outpost 24

Exploiting trust: Weaponizing permissive CORS configurations

Oct 1, 2024 By Thomas Stacey In Outpost 24
If you’re a pentester, or a consumer of application security pentest reports, you’ll probably have come across Cross-Origin Resource Sharing (CORS) and its commonly associated misconfigurations. In either case, you’ll likely have quickly dismissed the finding because it resulted in yet another “recommendation” (a vulnerability without any impact).
Read Post
device authority

Securing the Future: Extending Privileged Access to IoT and OT Devices through Strategic Partnership

Oct 1, 2024 By Tyler Gannon In Device Authority
In today’s hyperconnected world, the proliferation of Internet of Things (IoT) and Operational Technology (OT) devices has dramatically transformed industries, driving innovation, efficiency, and automation. However, as organizations continue to adopt these devices, the security landscape has become increasingly complex. Traditional IT security measures often fall short of safeguarding these critical assets, leaving them vulnerable to cyber threats.
Read Post
bitsight

How to Set Up and Run a Workable AI Council to Govern Trustworthy AI

Oct 1, 2024 By Stephen Boyer In BitSight
As in many companies around the world, Bitsight leadership believes that adoption and innovation through the use of artificial intelligence (AI) capabilities is crucial to the future of our company. From the top down, our employees are continually on the hunt for ways to leverage AI to improve business outcomes and customer productivity.
Read Post
indusface

RCE Zero Day Vulnerabilities in CUPS Put Linux Systems at Risk

Oct 1, 2024 By Vivek Chanchal In Indusface
A new series of vulnerabilities in the Common Unix Printing System (CUPS) threatens numerous Linux systems, potentially allowing remote code execution (RCE). This affects a wide range of platforms, including Debian, Red Hat, SUSE and macOS. The vulnerabilities—tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177—are believed to endanger over 76,000 devices, with estimates suggesting up to 300,000 could be affected.
Read Post
cyberark

A New Era of Machine Identity Security: Welcome Venafi to CyberArk

Oct 1, 2024 By Matt Cohen In CyberArk
We are thrilled to announce that we have completed the acquisition of Venafi, a recognized leader in machine identity management. This strategic move aligns with our commitment to not just protecting human identities but expanding our capabilities for securing the rapidly growing world of machine identities.
Read Post
lookout

SaaS Security: Understanding Modern Threats and How to Guard Against Them

Oct 1, 2024 By Lookout In Lookout
The rise of cloud-based software applications has changed the way many companies operate. Leveraging SaaS platforms allows organizations to streamline their workflows and better accommodate remote and hybrid workforces. However, spreading your data throughout the cloud can leave it vulnerable — unless you have strong SaaS security practices in place.
Read Post
cycognito

Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594

Oct 1, 2024 By Emma Zaballos In CyCognito
CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine. The National Institute of Standards and Technology (NIST) has not yet evaluated this vulnerability’s CVSS score but HashiCorp assigned it a base score of 7.5 (high). An outside security researcher, Jörn Heissler, discovered an issue with the valid_principals field in Vault’s SSH secrets engine.
Read Post

Organizational Resiliency in Healthcare: Preparing for System Downtime #shorts #healthcare

Oct 1, 2024 By Rubrik In Rubrik
Building organizational resilience is critical in healthcare. But it's not just about preventing cyberattacks—it's about ensuring patient care continues even when systems go down. Practicing cyber resilience through well-defined downtime procedures and understanding the critical outcomes for patients is essential. As Anahi Santiago, Chief Information Security Officer at ChristianaCare, emphasizes, knowing the path to achieve these outcomes, even in a crisis, is key to maintaining high standards of care.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.