Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

cyberark

Cookies Beyond Browsers: How Session-Based Attacks Are Evolving

Apr 9, 2024 By Shay Nahari In CyberArk
In the past few years, we have witnessed a significant shift in the attack landscape, from stealing clear text credentials to targeting session-based authentication. This trend is driven by the proliferation of multi-factor authentication (MFA), which makes it harder for attackers to compromise accounts with just passwords.
Read Post
teramind

Data Exfiltration: Risks, Detection & Prevention Strategies

Apr 9, 2024 By Taran Soodan In Teramind
Companies today face a wide range of potential threats to digital security. From cyber attacks with malicious intent to internal threats from negligent employees, IT and security teams face remarkable challenges in the modern enterprise environment. Add to the equation that many companies now operate under a hybrid model in which some employees may use personal devices for work purposes, and it’s exceedingly complicated to establish ironclad security policies and incident response plans.
Read Post
teramind

The Top 5 File Activity Monitoring Tools in 2024

Apr 9, 2024 By Taran Soodan In Teramind
Organizations must maintain control over sensitive data and prevent unauthorized access or file modifications. File activity monitoring software gives organizations the visibility and control they need to mitigate the risks of data breaches, insider threats, and compliance violations. These solutions provide valuable insights into who is accessing files, their actions, and when these activities are taking place.
Read Post

Security at the Speed of Cloud

Apr 9, 2024 By Datadog In Datadog
Cloud native technologies have empowered engineering teams to innovate rapidly: from releasing a few times a year to several times a day. This means security assessment have to be done continuously. To achieve this, developer, operation, and security teams have to collaborate in novel ways. Instead of communicating through backlogs, they need to work towards shared objectives. From processes to tooling, teams have to rethink the way they approach security, share context, and improve the security posture of their organization.
View Video
sentrium

An introduction to password security: How to crack a password

Apr 9, 2024 By Adam King In Sentrium
Have you ever thought about how and why passwords are cracked? This article introduces password cracking, focusing on common strategies and tools used by security professionals and malicious users. We also discuss the composition of secure passwords, and why certain approaches are more effective than others. Cracking passwords can be done very easily in certain situations. The time taken and likelihood to successfully crack a password often depends on the password strength.
Read Post
code intelligence

Protocol Fuzzing vs. Code Fuzzing

Apr 9, 2024 By Natalia Kazankova In Code Intelligence
In the domain of software testing and security analysis, fuzzing has emerged as a powerful technique for uncovering vulnerabilities and enhancing the resilience of software systems. Microsoft and Google have been using fuzzing for ages. They were early adopters of fuzzing technologies to test their own systems. Since launching in 2016, Google's OSS-Fuzz, a free fuzzing platform for critical open-source projects, has helped fix over 8,800 vulnerabilities and 28,000 bugs across 850 projects.
Read Post
Arctic Wolf

CVE-2024-3094: Backdoor Found in XZ Utils Compression Tool Used by Linux Distributions

Apr 9, 2024 By Andres Ramos In Arctic Wolf
On March 29, 2024, a security researcher disclosed the discovery of malicious code in the most recent versions of XZ Utils data compression tools and libraries. The code contained a backdoor, which a remote threat actor can leverage to break sshd authentication (the service for SSH access) and gain unauthorized access to the system, potentially leading to Remote Code Execution (RCE).
Read Post
ThreatQuotient

Leveraging Threat Intelligence for Regulatory Compliance

Apr 9, 2024 By Guest Blog In ThreatQuotient
The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organisations’ IT networks in the US and is preparing “disruptive or destructive cyber attacks” against communications, energy, transport, water and waste water systems.
Read Post
Internxt

How To Prevent SIM Swap Fraud: 7 Tips to Prevent SIM Swapping

Apr 9, 2024 By Natalie Zhu In Internxt
Today, consumers can shop, sell, research, and work using their smartphones. Advancements in technology have made it possible for users to complete countless transactions through their phones anywhere and anytime. One of the most common phone scams targeting modern consumers is subscriber identity module (SIM) swapping. This short guide will outline the dangers of this subtle attack on devices and how consumers can protect themselves.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.