Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

jit

How to Add Log4J Dependencies to Maven Projects

Jun 17, 2024 By Liron Biam In Jit
Logging was once just a best practice to help you understand what's happening inside your applications. Now, any security expert worth their salt will tell you that you can’t build a security plan without it. As a result, organizations have turned to specialized logging tools like Log4J to strengthen their application security. This move has proven highly effective, with cyberattack risks on businesses dropping from 44% in 2022 to 34% in 2023.
Read Post
devo

Credential Stuffing: How Cybercriminals Exploit Stolen Credentials

Jun 17, 2024 By Devo In Devo
Credential stuffing is shaping up to be one of the most predominant hacking methods of 2024. In early June, Ticketmaster fell victim to a data breach via credential stuffing, exposing information from 560 million customers. Credential stuffing attacks involve using stolen usernames and passwords to access accounts. In these attacks, threat actors also often use automation to try different combinations of credentials until they find a successful match.
Read Post
LimaCharlie

Platformization in cybersecurity: Dueling visions for the future of security

Jun 17, 2024 By Maxime Lamothe-Brassard In LimaCharlie
The platform approach in cybersecurity is gaining traction. However, it’s becoming clear that two very different models of platformization are in play. In this piece, we’ll talk about platformization in cybersecurity, the two major approaches to security platforms, and what it all means for the future of cybersecurity.
Read Post

The 443 Podcast - Episode 294 - Q1 2024 Internet Security Report

Jun 17, 2024 By WatchGuard In WatchGuard
This week on the podcast we cover the WatchGuard Threat Lab's Internet Security Report from Q1. In this episode, we discuss the latest trends in malware detections at the network and the endpoint, network attack trends, and malicious domains that targeted WatchGuard customers around the world. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
View Video
ekran

Industrial & Corporate Espionage: What Is It? Cases & Best Prevention Practices

Jun 17, 2024 By Ekran In Ekran
Knowledge is power. Especially in the hands of your competitors. Information about your company, its products and services, finances, sales, and marketing strategy is a weapon in the ruthless world of espionage in business. That’s why it’s important to ensure that your organization’s data is well-protected. In this article, we reveal the meaning of corporate espionage and explain how to prevent industrial espionage.
Read Post
Arctic Wolf

How To Defend Against the Rise of BEC Attacks

Jun 17, 2024 By Arctic Wolf In Arctic Wolf
In 2023, the FBI’s Internet Crime Complaint Center (IC3) received 21,489 BEC complaints with adjusted losses over $2.9 billion USD, according to their 2023 Internet Crime Report. By way of comparison, ransomware, the cyber attack that grabs all the headlines and keeps IT and security teams up at night, accounted for only 2,825 complaints, with adjusted losses of less than $60 million USD.
Read Post
jit

7 Essential Steps to Correctly Calculate Change Failure Rate

Jun 17, 2024 By Ariel Beck In Jit
Let’s be honest: some software development changes are bound to fail. The increasing reliance on software systems means that the frequency and complexity of changes are constantly increasing. While you can’t always have pitch-perfect processes, you can bounce back quickly- and, thankfully, there’s a way to measure that. Change Failure Rate (CFR) is one of the four key metrics of DORA Metrics.
Read Post
outpost 24

TicketMaster breach: Leaked credentials are the golden ticket once again

Jun 17, 2024 By KrakenLabs In Outpost 24
It had already been a challenging few weeks for Live Nation Entertainment, Inc. as they faced down a lawsuit from The Justice Department regarding anti-competitive practices. Things got worse at the end of May when a cybercriminal known as “SpidermanData” claimed to have breached a huge database of 560 million records (including personal and financial data) belonging to TicketMaster Entertainment, LLC – a Live Nation company.
Read Post
splunk

LNK or Swim: Analysis & Simulation of Recent LNK Phishing

Jun 17, 2024 By Splunk Threat Research Team In Splunk
LNK (shortcut) files are a common starting point for many phishing campaigns. Threat actors abuse the unique properties of LNK files to deceive users and evade detection and prevention countermeasures, making them potent tools for compromising systems and networks. In this blog, we'll provide an in-depth analysis of recent LNK phishing campaigns, examining the tactics, techniques, and procedures (TTPs) employed by threat actors.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.