Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

vanta

Fitting incident management into the SOC 2 puzzle

May 18, 2023 By Vanta In Vanta

In today’s business landscape, security and compliance mean everything. ‍ Because of this, many modern businesses look towards solutions that will provide customers and prospects with the most confidence and trust. One of these is SOC 2 compliance and attestation. SOC 2 is a marker of solid and consumer-minded companies that want to protect customer data.

Read Post

Stopping API attacks with Salt Security and AWS WAF

May 18, 2023 By Salt Security In Salt Security
Every company’s APIs are unique and so are its security gaps. Bad actors will poke and prod to learn your APIs and find mistakes in business logic they can exploit. Catching these attacks requires context and deep behavioral analysis over time. With its recent AWS WAF Ready designation, Salt Security makes it easier and faster for businesses to protect the APIs running in their AWS environments. Salt provides the visibility, intelligence, and context over time to identify and block attacks using tools you already rely on such as Amazon API Gateway, AWS WAF, and other inline enforcement points.
View Video
knowbe4

Phishing Tops the List Globally as Both Initial Attack Vector and as part of Cyberattacks

May 18, 2023 By Stu Sjouwerman In KnowBe4

A new report covering 13 global markets highlights phishing prevalence and its role in cyber attacks when compared to other types of attacks. It’s difficult for me not to stand on my “phishing is a problem” soapbox when there exists stories and reports demonstrating that phishing continues to dominate as a security problem that isn’t being properly addressed.

Read Post
knowbe4

New "Greatness" Phishing-as-a-Service Tool Aids in Attacks Against Microsoft 365 Customers

May 18, 2023 By Stu Sjouwerman In KnowBe4

This new phishing toolkit is rising in popularity for its effective realism in impersonating not just Microsoft 365, but the victim organization as well. Security researchers at Cisco Talos have identified a new Microsoft 365 toolkit that actually creates a realistic login experience for the victim user, making it more dangerous to organizations.

Read Post
Arctic Wolf

Phishing Threat From New .zip Top-Level Domain

May 18, 2023 By James Liolios In Arctic Wolf
On Wednesday, May 3, 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses. From these eight new TLD’s, one that stands out as a potential security risk is.zip. The.zip TLD is concerning since it is also used as an extension of files commonly shared over the internet. With the inclusion of.zip as a domain, email clients and web platforms will now accept URLs disguised as filenames with.zip extensions.
Read Post
Arctic Wolf

Four Critical RCE Vulnerabilities in Cisco Small Business Series Switches

May 18, 2023 By James Liolios In Arctic Wolf
On Wednesday, May 17, 2023, Cisco disclosed four critical remote code execution vulnerabilities affecting the web-based user interface of Cisco Small Business Series Switches. Cisco’s Product Security Incident Response Team (PSIRT) is aware of PoC exploit code being available for these vulnerabilities, however, they have not identified a publicly available PoC exploit.
Read Post
upguard

The Impact of Cybercrime on the Economy

May 18, 2023 By Kyle Chin In UpGuard
IBM’s former executive chairman and CEO, Ginni Rometty — who created a 6000-strong Security Business Unit at IBM to counter cybercrime in 2015 — described data as a game-changing source of competitive advantage for the 21st century. Rometty noted that cybercrime is and should be the biggest threat to every industry and organization.
Read Post
riskoptics

How to Monitor Your Risk Management Plan

May 18, 2023 By RiskOptics In RiskOptics
As ever more business operations rely on software systems and online platforms, the range of cybersecurity risks they face become ever more complex. A strong risk management process can help, enabling organizations to detect potential threats, gauge the potential disruption, and implement mitigation plans to minimize the risk of harm. That said, merely implementing a risk management plan is not enough to ensure optimal cybersecurity.
Read Post
mend

What You Should Know About Open Source License Compliance for M&A Activity

May 18, 2023 By Sam Quakenbush In Mend

Companies are increasingly concerned about the security of applications built on open source components, especially when they’re involved in mergers and acquisitions. Just like copyright for works of art, each piece of open source software has a license that states legally binding conditions for its use.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.