Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CalCom

All you need to know about CIS Benchmarks

May 22, 2023 By John Gates In CalCom
In the ever-evolving landscape of cybersecurity, organizations strive to safeguard their systems and data against emerging threats. Amidst this pursuit, CIS Benchmarks emerge as an indispensable resource, offering a wealth of knowledge and practical recommendations. But what exactly are CIS Benchmarks, and why are they highly regarded across industries?
Read Post
idstrong

Health Services Giant PharMerica Loses Millions of Patient Details in Recent Breach

May 22, 2023 By Steven In IDStrong

PharMerica is a huge service provider that works with many of the pharmacies and medical facilities in the United States today. The company offers its services to more than 2,500 facilities and over 3,100 pharmacies, and providing the data services to all those companies requires storing massive amounts of HIPAA-protected information. Unfortunately, this pharmaceutical services giant suffered a recent data breach compromising data for millions of different patients.

Read Post
upguard

The Cybersecurity Risks of Unmanaged Internet-facing Assets

May 21, 2023 By Edward Kost In UpGuard
Because unmanaged assets are not continuously monitored for security risks, they likely contain cybersecurity exposures, like software vulnerabilities and cloud security misconfigurations. When these assets are connected to the internet, they become active attack vectors heightening your risk of suffering a data breach. If you’re looking for ideas for reducing your organization’s attack surface, start by locating and decommissioning unmanaged internet-facing assets.
Read Post
upguard

18 Attack Surface Reduction Examples for Improved Cybersecurity

May 21, 2023 By Edward Kost In UpGuard
A large attack surface poses significant security risks for organizations. It provides hackers with numerous opportunities to access your sensitive data. The process of attack surface reduction involves reducing all possible entry points to your sensitive resources. This is a fundamental cybersecurity practice that's critical for data breach mitigation.
Read Post
upguard

Free PCI DSS Vendor Questionnaire Template (2023 Edition)

May 21, 2023 By Edward Kost In UpGuard
PCI DSS compliance is mandatory for all entities processing cardholder data, including your third-party vendors. Security reports provide a window into a vendor’s information security program, uncovering their security controls strategy and its alignment with regulations like the PCI DSS. The following template will give you a high-level understanding of each vendor’s degree of compliance with PCI DSS and uncover potential compliance gaps requiring deeper investigation.
Read Post
netwrix

RID Hijacking: How Guests Become Admins

May 20, 2023 By Kevin Joyce In Netwrix

RID hijacking is a persistence technique used by adversaries who have compromised a Windows machine. In a nutshell, attackers use the RID (relative identifier) of the local Administrator account to grant admin privileges to the Guest account (or another local account). That way, they can take actions using the Guest account, which is normally not under the same level of surveillance as the Administrator account, to expand their attack while remaining undetected.

Read Post
Featured Post
safebreach

Cyber Warfare and Government Attitudes To Cybersecurity

May 19, 2023 By Avishai Avivi, CISO In SafeBreach
The cybersecurity landscape has changed almost beyond recognition. Cyber attacks, have grown into an inescapable facet of our daily lives. Everyone, from the world's most powerful people to general consumers, live under the spectre of cyberattacks. Cyberattacks also creep into the military sphere, with the threat of all-out cyber warfare looming large over conflicts across the globe.
Read Post
Featured Post
ThreatQuotient

Understand how Cyber Threat Intelligence can best leverage the capabilities of network detection and response

May 19, 2023 By Jay Allmond, Threat Intelligence Engineer In ThreatQuotient
Intelligence is now considered essential to the process of identifying, understanding and acting upon threats. According to the "Global Perspectives on Threat Intelligence" study conducted by Mandiant, 96% of decision-makers interviewed for the research believe that it is important to understand which cyber threat actors could be targeting their organisation. Consequently, threat Intelligence should be fully integrated into the internal mechanisms linked to threat detection and response.
Read Post
manageengine

Latitude data breach: How one click could cost you everything

May 19, 2023 By General In ManageEngine

Imagine clicking on a seemingly harmless link and unknowingly giving away your personal and financial information to cybercriminals. Sounds like a nightmare, right? This nightmare became a reality for thousands of people in Australia and New Zealand when Latitude Financial Services suffered a massive data breach in March of 2023. Let’s take a look at the implications of the Latitude data breach and what you can do to protect yourself from falling victim to a similar attack.

Read Post
manageengine

Threat hunting 101: Leveraging MITRE ATT&CK framework for extended threat detection

May 19, 2023 By General In ManageEngine

Threat detection and mitigation is one of the core responsibilities of a SOC. With cyberattacks becoming more sophisticated, it has become arduous for security analysts to secure their network from threats. Hybrid work and BYOD policies are making it more difficult for SOCs to keep track of network activities. Attackers continue to improvise new tactics and techniques to compromise an organization’s network.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.