Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

veracode

A New Era of AppSec: 10 Times as a Leader in Gartner Magic Quadrant for Application Security Testing

May 22, 2023 By Natalie Tischler In Veracode

Ten represents the completion of a cycle and the beginning of a new one, as there are ten digits in our base-10 number system. We've scanned nearly 140 trillion lines of code, so we can’t help but pick up on the one and the zero in our exciting announcement. It's the tenth publication of the Gartner® Magic Quadrant™ for Application Security Testing (AST), and we are pleased to announce we are a Leader for the tenth consecutive time.

Read Post
upguard

The Cybersecurity Risks of Unmanaged Internet-facing Assets

May 21, 2023 By Edward Kost In UpGuard
Because unmanaged assets are not continuously monitored for security risks, they likely contain cybersecurity exposures, like software vulnerabilities and cloud security misconfigurations. When these assets are connected to the internet, they become active attack vectors heightening your risk of suffering a data breach. If you’re looking for ideas for reducing your organization’s attack surface, start by locating and decommissioning unmanaged internet-facing assets.
Read Post
upguard

18 Attack Surface Reduction Examples for Improved Cybersecurity

May 21, 2023 By Edward Kost In UpGuard
A large attack surface poses significant security risks for organizations. It provides hackers with numerous opportunities to access your sensitive data. The process of attack surface reduction involves reducing all possible entry points to your sensitive resources. This is a fundamental cybersecurity practice that's critical for data breach mitigation.
Read Post
upguard

Free PCI DSS Vendor Questionnaire Template (2023 Edition)

May 21, 2023 By Edward Kost In UpGuard
PCI DSS compliance is mandatory for all entities processing cardholder data, including your third-party vendors. Security reports provide a window into a vendor’s information security program, uncovering their security controls strategy and its alignment with regulations like the PCI DSS. The following template will give you a high-level understanding of each vendor’s degree of compliance with PCI DSS and uncover potential compliance gaps requiring deeper investigation.
Read Post
netwrix

RID Hijacking: How Guests Become Admins

May 20, 2023 By Kevin Joyce In Netwrix

RID hijacking is a persistence technique used by adversaries who have compromised a Windows machine. In a nutshell, attackers use the RID (relative identifier) of the local Administrator account to grant admin privileges to the Guest account (or another local account). That way, they can take actions using the Guest account, which is normally not under the same level of surveillance as the Administrator account, to expand their attack while remaining undetected.

Read Post
Featured Post
safebreach

Cyber Warfare and Government Attitudes To Cybersecurity

May 19, 2023 By Avishai Avivi, CISO In SafeBreach
The cybersecurity landscape has changed almost beyond recognition. Cyber attacks, have grown into an inescapable facet of our daily lives. Everyone, from the world's most powerful people to general consumers, live under the spectre of cyberattacks. Cyberattacks also creep into the military sphere, with the threat of all-out cyber warfare looming large over conflicts across the globe.
Read Post
Featured Post
ThreatQuotient

Understand how Cyber Threat Intelligence can best leverage the capabilities of network detection and response

May 19, 2023 By Jay Allmond, Threat Intelligence Engineer In ThreatQuotient
Intelligence is now considered essential to the process of identifying, understanding and acting upon threats. According to the "Global Perspectives on Threat Intelligence" study conducted by Mandiant, 96% of decision-makers interviewed for the research believe that it is important to understand which cyber threat actors could be targeting their organisation. Consequently, threat Intelligence should be fully integrated into the internal mechanisms linked to threat detection and response.
Read Post
manageengine

Latitude data breach: How one click could cost you everything

May 19, 2023 By General In ManageEngine

Imagine clicking on a seemingly harmless link and unknowingly giving away your personal and financial information to cybercriminals. Sounds like a nightmare, right? This nightmare became a reality for thousands of people in Australia and New Zealand when Latitude Financial Services suffered a massive data breach in March of 2023. Let’s take a look at the implications of the Latitude data breach and what you can do to protect yourself from falling victim to a similar attack.

Read Post
manageengine

Threat hunting 101: Leveraging MITRE ATT&CK framework for extended threat detection

May 19, 2023 By General In ManageEngine

Threat detection and mitigation is one of the core responsibilities of a SOC. With cyberattacks becoming more sophisticated, it has become arduous for security analysts to secure their network from threats. Hybrid work and BYOD policies are making it more difficult for SOCs to keep track of network activities. Attackers continue to improvise new tactics and techniques to compromise an organization’s network.

Read Post
alienvault

Phishing-resistant MFA 101: What you need to know

May 19, 2023 By Sarah Lefavrais In AT&T Cybersecurity

The spread of the remote workforce and the growth of digital transformation has exponentiated the number of login-based attack vectors. While multi-factor authentication (MFA) generally protects against common methods of gaining unauthorized account access, not all multi-factor authentication methods can defend against sophisticated attacks. To achieve full zero-trust access, MFA is being replaced by phishing-resistant MFA and the standards that define it.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.