Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

CVE-2022-36537 - Critical RCE Vulnerability & Supply Chain Risks in ConnectWise Recover and R1Soft Server Backup Manager

Nov 1, 2022 By Adrian Korn In Arctic Wolf
On October 28th, 2022, ConnectWise disclosed a critical remote code execution (RCE) vulnerability affecting ConnectWise Recover (version 2.9.7 and earlier) and R1Soft Server Backup Manager (version 6.16.3 and earlier). A threat actor could leverage an authentication bypass vulnerability in these products (CVE-2022-36537) to leak server private key files, software licenses, and system configuration files and ultimately achieve RCE as the system superuser.
Read Post
netskope

Cybersecurity Awareness Month: Adding Threat to Vulnerability Management

Nov 1, 2022 By John Khotsyphom In Netskope

Vulnerability management can be more than just running scans and sorting by Common Vulnerability Scoring System scores! Take your program to the next level by adding a threat-based approach to vulnerability management by combining the hacker mindset with cyber threat intelligence. With so many vulnerabilities published daily, having a team knowledgeable with the latest threats can help IT teams quickly identify assets that require expedited remediation.

Read Post
netskope

Cybersecurity Awareness Month: Recognizing Phishing and Using Multi-factor Authentication

Nov 1, 2022 By Allen Funkhouser In Netskope

Phishing is a well known threat that users are constantly being warned about, but as we are in Cybersercurity Awarenss Month though, some may still be wondering what exactly phishing is and how to prevent it. In this blog, I am going to dig into how you can recognize phishing and how enabling multi-factor authentication can help keep you safe.

Read Post
elastic

Elastic Security furthers unification of SIEM and on-host protection with XDR, cloud, and endpoint security

Nov 1, 2022 By Sneha Sachidananda, In Elastic
With Elastic 8.5, we are excited to announce that the Cloud Workload and Posture capabilities are now generally available with this release! As organizations move rapidly to adopt newer cloud technologies, security teams are tasked with protecting their organization’s assets and data across various platforms — including endpoints, cloud, and on-prem environments.
Read Post

Cybersecurity Expert Interview: Paul Caiazzo

Nov 1, 2022 By LimaCharlie In LimaCharlie
LimaCharlie sits down with Paul Caiazzo: Cyber security expert, entrepreneur and strategist, CISO and CPO. Paul has dedicated his career to advancing the field of global cyber security. In his current role as Chief Growth Officer at SnapAttack, Paul focuses on product/market fit, strategic partnerships, and business development.
View Video
Trustwave

Let's Look Back at Cybersecurity Awareness Month 2022

Nov 1, 2022 By Trustwave In Trustwave

Perhaps it’s fitting that 2022 Cybersecurity Awareness Month ended on Halloween as there are a few similarities that can be drawn between these two events. Cyberattacks are scary. Ransomware is kind of like to older kids threatening to egg your house unless you give them all your candy. And is there really a difference between a child dressed up as Buzz Lightyear or Captain Marvel and a well-crafted socially engineered phishing email? After all, neither are as they appear…..

Read Post
Snyk

Scaling your security team without hiring

Nov 1, 2022 By Drew Wright In Snyk

The cybersecurity industry’s current struggle — to close a significant gap between the numbers of job openings and qualified candidates — began years before the coronavirus pandemic sparked the Great Resignation. Today, (ISC)² reports a global cybersecurity workforce gap of 2.7 million people. The pandemic did compel enterprises to accelerate their migration of applications to the cloud, increasing the challenge for already-overwhelmed security teams.

Read Post

Supply Chain Security Intro Workshop

Nov 1, 2022 By JFrog In JFrog
More and more attacks are aimed at the entire supply chain, which means that we developers are increasingly targeted by the attackers. Attacks like the SolarWinds hack show us that making sure you don’t use vulnerable dependencies isn’t enough. The attackers have their sights set on the entire development process with its components. In this workshop, we will look at the first steps and try them out in practice which will enable you to integrate the topic of security into your everyday life as a developer.
View Video
sysdig

5 Steps to Stop the Latest OpenSSL Vulnerabilities: CVE-2022-3602, CVE-2022-3786

Nov 1, 2022 By Michael Clark In Sysdig

The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786) on October 25, which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7 which was released November 1. OpenSSL 1.X versions are unaffected by the vulnerabilities.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.