Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

Cleo Releases Patches for Cleo MFT Zero-day Vulnerability

Dec 12, 2024 By Andres Ramos In Arctic Wolf
On December 11, 2024, Cleo released patches addressing the zero-day vulnerability recently observed in attacks targeting Cleo Managed File Transfer (MFT) products. This vulnerability allowed unauthenticated threat actors to import and execute arbitrary shell commands on Windows and Linux on affected devices by exploiting default settings of the Autorun directory. The fix is included in version 5.8.0.24, and is now available for Cleo Harmony, VLTrader, and Lexicom.
Read Post
fidelis security

Defending Your Active Directory Against Ransomware: Essential Strategies for Protection

Dec 12, 2024 By Fidelis Security In Fidelis Security
Did you know that 59% of organizations have been hit by ransomware, with Active Directory (AD) often being the primary target for attackers seeking credential theft and privilege escalation? With AD being basically the heart of enterprise IT from the permissions management and granting view, these ransomware threats automatically go against it and hence protecting them is pretty much important so to keep the organization safe.
Read Post
knowbe4

Be Careful of Malicious Ads

Dec 12, 2024 By Roger Grimes In KnowBe4
For decades, we have all been warned to be appropriately skeptical of internet search engine results. Sadly, most people are not. Most people think that what Google, Bing, or Duck Duck Go brings back is heaven sent and can be trusted. It cannot. Results often include malicious links from search engine optimization (SEO) poisoning, where the attacker has been able to trick the search engine into returning its URL when a user searches for something.
Read Post
tripwire

27 DDoS-For-Hire Services Disrupted In Run-Up To Holiday Season

Dec 12, 2024 By Graham Cluley In Tripwire
In a co-ordinated international effort, the law enforcement agencies of 15 countries have made the holiday season a little less stressful for companies and consumers - by seizing control of some of the internet's most popular DDoS-for-hire services. Operation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by taking over two dozen "booter" or "stresser" websites offline.
Read Post
bitsight

Web Application Security for DevOps: Anti-CSRF and Cookie SameSite Options

Dec 12, 2024 By Chris Poulin In BitSight
This is a continuation of our series on web application security. If you haven't already read through parts 1 and 2, this is a good time to go back. If not, let's move on and answer the question left hanging during our last installment: what are request methods, including the POST request method, and how does logging out of a website work when it comes to cookies and session IDs? Let's also tackle the more important issue of how to combat cross-site request forgery (CSRF) attacks.
Read Post
sysdig

How to secure every stage of the CI/CD pipeline with Sysdig

Dec 12, 2024 By Marla Rosner In Sysdig
Securing operations in the cloud can seem daunting. To protect your organization, you need to have the proper preventative and reactive safeguards in place at every step of the software development cycle. But it doesn’t have to be as complex as it sounds. This blog outlines how to secure the entire software development lifecycle, emphasizing the “shift left” approach, which aims to catch vulnerabilities and issues early in the development process to reduce both risks and costs.
Read Post
sysdig

Bedrock Slip: Sysdig TRT Discovers CloudTrail Logging Missteps

Dec 12, 2024 By Alessandro Brucato In Sysdig
While working on Amazon Bedrock APIs and developing detection mechanisms for Sysdig customers, the Sysdig Threat Research Team (TRT) discovered an unusual behavior in the way some of these APIs were logged in CloudTrail. Specifically, failed Bedrock API calls were logged in the same manner as successful calls, without providing any specific error codes. The lack of error information in API responses may hinder detection efforts by generating false positives in CloudTrail logs.
Read Post
fireblocks

Ethereum ETF & Staking: Should Investors Buy Spot or ETF?

Dec 12, 2024 By Fireblocks In Fireblocks
In 2019, only 1 of the top 20 blockchains by market capitalization was a Proof of Stake blockchain (Tezos), with a total value staked of around $50 million. Today, 16 of the top 20 blockchains are Proof of Stake (excl. Bitcoin, Dogecoin, Bitcoin Classic, and Litecoin), with a total market cap of around $850 billion; representing about 22% of the total market cap of all cryptocurrencies. Without BTC, PoS would represent 50%.
Read Post
securitysenses

Essential Cloud Security Tactics for Securing Complex Environments

Dec 12, 2024 By SecuritySenses In SecuritySenses
In the rapidly expanding world of cloud computing, organizations are increasingly adopting multi-cloud and hybrid cloud strategies to leverage the benefits of flexibility, scalability, and cost-efficiency. However, these complex environments also introduce unique security challenges that must be addressed to protect sensitive data and maintain business continuity. This article explores the essential cloud security tactics that businesses can employ to secure their complex cloud environments effectively.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.