Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

Snyk

Fun with ciphers in copycat Wordles

Feb 2, 2022 By Micah Silverman In Snyk

Here at Snyk, we spend a lot of time researching vulnerabilities. We do that because there are a lot of other folks out there researching new ways to break into apps and systems. We’re often putting on our “grey hats” to think like a malicious hacker. I regularly view-source, look at network traffic and eyeball query strings. One such delicious little query string caught my attention this week on one of the many copycat Wordle sites.

Read Post
SecurityScorecard

What is a Botnet Attack? 5 Ways to Prevent It

Feb 2, 2022 By SecurityScorecard In SecurityScorecard

A botnet is a cluster of machines that are infected with malware, enabling hackers to control them and unleash a string of attacks. Most commonly, botnets come in the form of distributed denial of service (DDoS) attacks, and recently the Microsoft Azure DDoS Protection team reported a 25% increase in these attacks when compared to the first half of 2021. Recent advances in technology have opened up a world of new opportunities for both consumers and businesses.

Read Post
mend

A Malicious Package Found Stealing AWS AIM data on npm has Similarities To Capital One Hack

Feb 2, 2022 By Patricia Johnson In Mend

In the latter part of December 2021, WhiteSource Diffend detected the new release of a package called @maui-mf/app-auth. This package used a vector of attack that was similar to the server side request forgery (SSRF) attack against Capital One in 2019, in which a server was tricked into executing commands on behalf of a remote user, thereby enabling the user to treat the server as a proxy for requests and gain access to non-public endpoints.

Read Post

Log4Shell Live Hack: A Hands-on, Actionable Fix Guide

Feb 2, 2022 By Snyk In Snyk
In this live hack webinar on the Log4Shell exploit we give a brief overview of the vulnerability and dive right into some examples of the exploit in action. We then show several real-world remediation approaches as well as other fixes outside of code. We feature a final round of fun demos, including container and IaC hacks and Java-based game hacks. We wrap up with a great list of takeaway resources and answer your questions.
View Video

Forward Fix: Minimize Downtime with ServiceNow Integration

Feb 2, 2022 By Forward Networks In Forward Networks
Not enough detailed information in your ServiceNow ticket causing headaches and delays? Forward's ServiceNow integration can help you save time by automatically providing network data in incident tickets or automatically create tickets based on intent or reachability. Learn more at forwardnetworks.com/integrations
View Video
netskope

NewEdge, You've Come a Long Way Baby

Feb 2, 2022 By Jeff Brainard In Netskope

Just over three years ago, Joe DePalo joined Netskope as Senior Vice President of Platform Engineering. He had most recently led the infrastructure design and build-out at AWS, the world’s largest public cloud, and prior to that, engineering and operations for one of the largest content delivery networks (CDNs) at Limelight Networks.

Read Post
netskope

Cloud Threats Memo: New Malicious Campaign Using GitHub for Command and Control

Feb 2, 2022 By Paolo Passeri In Netskope

State-sponsored threat actors continue to exploit legitimate cloud services. In their latest campaign, uncovered by Malwarebytes during January 2022, the North Korean group Lazarus (AKA HIDDEN COBRA) has been carrying out spear phishing attacks, delivering a malicious document masquerading as a job opportunity from Lockheed Martin (37% of malware is now delivered via Office documents).

Read Post

Securosis Webinar New Age Network Detection

Feb 2, 2022 By Corelight In Corelight
New Age Network Detection: Keeping pace with the Evolution of Tech Infrastructure New approaches to network detection and response to address increasing attacker sophistication and cloud-based resources. How advances in analytics help organizations detect attacks in encrypted traffic and identify command and control traffic. The advantage of an open data approach is to integrate with existing detection capabilities.
View Video

XDR: The Importance of Network Technology

Feb 2, 2022 By Corelight In Corelight
XDR is new to the marketplace, and there remains confusion about what it is - and is not. Alex Kirk of Corelight likes to dispel the myth that it's about endpoint security. "You've got to have the N," he says - network technology. In this interview, he dispels myths and expounds on possibilities. In this video interview with Information Security Media Group, Kirk discusses.
View Video
Corelight

Government gets serious: deadlines for Zero Trust Architectures

Feb 2, 2022 By Jean Schaffer In Corelight

Since the 1990s, the federal government has been issuing guidelines and recommendations for security via their 800-Series Special Publications. While some of those guidelines became mandates, things have largely inched forward, instead of making any dramatic leaps. OMB’s new memorandum M-22-09, “Moving the U.S. Government Towards Zero Trust Cybersecurity Principles,” is changing this pattern, and setting deadlines for implementation across the government.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.