Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Arctic Wolf

Understanding Multi-Factor Authentication

Apr 2, 2024 By Arctic Wolf In Arctic Wolf
When 23andMe, the popular genetic data gathering and sharing organization, was breached in November of 2023, the threat actors responsible gained initial access by launching a credential stuffing attack. The attack, which involved hackers using credential stuffing, or entering known passwords and emails to see if a combination would work, only succeeded due to a lack of multi-factor authentication (MFA) in place in the compromised account.
Read Post
Tines

Reddit's Matt Johansen on renouncing superhero culture and what comes next after "shift left"

Apr 2, 2024 By Thomas Kinsella In Tines
In this week’s episode of The Future of Security Operations podcast, I'm joined by Matt Johansen. Matt is a security veteran who has helped defend startups, the biggest financial companies in the world, and everything in between. Alongside his day job as Head of Software Security at Reddit, he teaches companies how to protect against cyber attacks, and coaches entrepreneurs and CISOs that need help with infrastructure, application, cloud, and security policies.
Read Post
CrowdStrike

CVE-2024-3094 and the XZ Upstream Supply Chain Attack: What You Need to Know

Apr 2, 2024 By Dumitra Dragos - Amit Serper - Suraj Sahu In CrowdStrike
CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified vulnerability in XZ Utils.
Read Post
obrela

What is the NIST cyber security framework?

Apr 2, 2024 By Obrela In Obrela
The NIST Cybersecurity Framework is a set of guidelines and best practices designed to help organisations better manage and reduce cybersecurity risk. It stands for the National Institute of Standards and Technology Cybersecurity Framework (CSF). The Framework was developed by NIST, part of the U.S. Department of Commerce, and first published in 2014, following an executive order by then President, Barack Obama which focused on improving the cybersecurity of critical infrastructure in the United States.
Read Post
signmycode

What Is Privilege Escalation? How to Detect and Prevent Privilege Escalation Attacks in Windows

Apr 2, 2024 By SignMyCode In SignMyCode
Organizations usually rely on remote work capabilities, leading them to use cloud systems. But with increased use of cloud infrastructure, the vulnerability to cyberattacks increases. One such is the Privilege Escalation attack, a complex threat to any network. Multiple defense strategies are required to detect and prevent privilege escalation attacks, but understanding what this attack means is important even before that.
Read Post
keeper

How KeeperFill Protects You From Spoofing Attacks

Apr 2, 2024 By Tim Tran In Keeper
Spoofing attacks are a common cyber attack that tricks people into revealing their login credentials by pretending to be a legitimate business website. Password managers, like Keeper Password Manager, have an autofill feature that can help protect against this type of attack. If you land on a spoofed website, Keeper’s autofill feature, KeeperFill®, will not fill in your login credentials if the URL stored in your password vault does not match the website you’re on.
Read Post
securitysenses

How to Create Emergency Response Plans for Schools

Apr 1, 2024 By SecuritySenses In SecuritySenses
Security is crucial in daily life. It is the responsibility of the school management to develop reliable security measures for the children of their school. It includes laying down adequate emergency response plans for potential scenarios threatening the institution. Schools will safeguard lives by following emergency response plans. Explore each idea to help you make more informed decisions and be fully prepared. Remember that everyone needs to know the plan at their fingertips and practice it when required.
Read Post
veracode

Veracode Advances Cloud-Native Application Security with Longbow Acquisition

Apr 1, 2024 By Brian Roche In Veracode
As I travel around the world meeting with customers and prospects, we often discuss the tectonic shifts happening in the industry. At the heart of their strategic initiatives, organizations are striving to innovate rapidly and deliver customer value with uncompromising quality and security, while gaining a competitive edge in the market.
Read Post
panoptica

Walking the Risky Path: The Threat of hostPath to Your Kubernetes Cluster

Apr 1, 2024 By Reem Rotenberg In Panoptica
In today's cloud technology landscape, Kubernetes is widely used to orchestrate containerized applications, enabling deployment, scaling, and management. Applications in a Kubernetes environment benefit from high availability and resource efficiency, making them ideal for cloud-native development. However, challenges with filesystem consistency due to the ephemeral nature of containers can lead to discrepancies when they are restarted or modified.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.