Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

Arctic Wolf

Cyber Insurance: New Coverage Restrictions Expected in 2022

Nov 19, 2021 By Arctic Wolf In Arctic Wolf
Get ready for upcoming changes to cyber insurance policies. Due to risk associated with the increase in remote work, insurers are more likely to initiate in-depth cybersecurity risk analyses of companies seeking to purchase or renew policies, the Wall Street Journal reports. The adoption of stringent privacy regulations in the United States and abroad could also justify additional scrutiny by insurance companies during the initial underwriting and renewal process.
Read Post
ioncube24

Weekly Cyber Security News 19/11/2021

Nov 19, 2021 By Kevin In ionCube24

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. WordPress is wonderful – it has transformed web site development for those without a good developer and a budget. However plugins continue to remain a problem and rather than actually going through with a serious attack, a spate of faked attacks via flaky plugins are on the rise once again.

Read Post

10 Essential Cyber Security Controls for Increased Resilience and Better Insurance Coverage

Nov 19, 2021 By Kroll In Kroll
While threat actors continue to vary attack methods, these 10 essential cyber security controls can significantly improve your security posture, therefore making it harder for cybercriminals to compromise your network and increasing your opportunities for cyber insurance coverage. Validated by our seasoned cyber security experts based on frontline expertise and with a thorough review of the expanded questionnaires now requested by most cyber insurance carriers, this session presents key takeaways for each of the controls and their real-life effectiveness.
View Video

Cloud Applications: A Zero Trust Approach To Security For Healthcare

Nov 19, 2021 By Lookout In Lookout
Accelerated adoption of the cloud has driven healthcare organizations to rely more heavily on cloud-based productivity suites and apps that enable both employees and patients to access data from anywhere. Compound this use of managed and unmanaged mobile devices in a world where the network perimeter is being eroded and you have a real challenge at hand. AGENDA: Zero Trust - How to apply a dynamic and contextual approach to applications and data access in the cloud.
View Video
netskope

Malicious Office Documents: Multiple Ways to Deliver Payloads

Nov 19, 2021 By Gustavo Palazolo In Netskope

Several malware families are distributed via Microsoft Office documents infected with malicious VBA code, such as Emotet, IceID, Dridex, and BazarLoader. We have also seen many techniques employed by attackers when it comes to infected documents, such as the usage of PowerShell and WMI to evade signature-based threat detection. In this blog post, we will show three additional techniques attackers use to craft malicious Office documents.

Read Post
teleport

It's Time to Get Rid of Passwords in Our Infrastructure

Nov 19, 2021 By Alexander Klizhentas In Teleport

Passwords are everywhere. Sometimes they are obvious — hardcoded in the code or laying flat in the file. Other times, they take the form of API keys, tokens, cookies or even second factors. Devs pass them in environment variables, vaults mount them on disk, teams share them over links, copy to CI/CD systems and code linters. Eventually someone leaks, intercepts or steals them. Because they pose a security risk, there is no other way to say it: passwords in our infrastructure have to go.

Read Post

Create an API Specification Scan

Nov 19, 2021 By Veracode In Veracode
Traditionally Veracode Dynamic Analysis has targeted applications with a Web user interface. But increasingly, web applications are composed of many small microservices, many of which have Representational State Transfer (REST) interfaces with which the UI layer communicates. With API scanning, you can now scan the APIs of your microservices earlier in the software development process, before they are integrated into a web application.
View Video
nightfall

PCI Data Discovery Tools: Keeping Sensitive Data Protected Within Your Organization

Nov 19, 2021 By Emily Heaslip In Nightfall

The rules set forth by PCI-DSS can seem complicated. Four levels, 12 requirements, multiple credit card brands: it’s easy to get lost in the details of PCI-DSS requirements. However, merchants who fail to meet the PCI compliance standard face heavy consequences. Not only do these companies put their customer data at risk, they also may face hefty fines that can range from $5,000 to $100,000 per month.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.