Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trustwave

CVE-2024-55591: Fortinet FortiOS/FortiProxy Zero Day

Jan 14, 2025 By Trustwave In Trustwave
In late November and December 2024, Arctic Wolf observed evidence of a mass compromise of Fortinet FortiGate. While the initial attack vector was unknown at the time, evidence of compromise (with new users and SSL profiles) was consistent across compromised devices. On January 14, Fortinet released a formal statement and patch. The vulnerability is an Authentication Bypass via crafted requests to Node.js websocket module and issued CVE-2024-55591. The CVSSv3 score is 9.6.
Read Post
Trustwave

Navigating DORA Compliance: A Roadmap to Operational Resilience with Trustwave

Jan 14, 2025 By Trustwave In Trustwave
The Digital Operational Resilience Act (DORA) is poised to reshape the European financial landscape, demanding a robust defense against cyber threats and operational disruptions and Trustwave is putting the pedal to the metal to prepare clients with our DORA Readiness Accelerator service. The Trustwave DORA Readiness Accelerator, which joins Trustwave’s CMMC readiness and Microsoft Security accelerators, provides a structured approach to achieving compliance and bolstering operational resilience.
Read Post
Tines

AI on your terms: introducing preferred AI providers in Tines

Jan 14, 2025 By Hannah Roy In Tines
Leveraging AI is incredibly useful when orchestrating and automating your most important workflows. And it’s essential that you have the right AI model for your organization to handle those workflows as expected. Today, we’re excited to announce that you can select your preferred AI model when using AI in Tines products and features.
Read Post

How Yahoo Scaled Application Security & Saved Millions with Mend.io

Jan 14, 2025 By Mend In Mend
Join Chris Madden, Distinguished Technical Security Engineer at Yahoo, as he shares how Yahoo scaled its application security program with Mend.io. In this insightful video, Chris details the challenges Yahoo faced in managing open source security and compliance risks, and how Mend.io's AppSec platform helped them: Discover how Mend.io enabled Yahoo to address critical vulnerabilities like Log4Shell, codify security policies, and achieve quantifiable benefits across their organization. If you're looking to improve your AppSec posture, especially at enterprise scale, this video is a must-watch!
View Video

Neo4j: Building a Secure Future with Sysdig CNAPP

Jan 14, 2025 By Sysdig In Sysdig
Discover how Neo4j, the world’s leading graph database company, collaborates with Sysdig to reduce its risk in the cloud. From streamlining vulnerability management to building a trusted partnership, this video explores the transformative impact of Sysdig on Neo4j’s security operations. Speakers featured in this video: David Fox, CISO Fredrik Clementson, Senior Director of Engineering Preeti Preeti, Security Analyst.
View Video
Internxt

The Five Best Cloud Storage for Business Providers in 2025

Jan 14, 2025 By Internxt In Internxt
Businesses are generating more data than ever, with 60% of company data being stored in the cloud, and businesses are storing 48% of their most important and sensitive data using some form of cloud storage. Even though businesses are using cloud storage, the risk of data breaches or attacks on company data is at the highest it's ever been, with 24% of breaches involving personal data and costing companies, on average, $4.88 million.
Read Post
Arctic Wolf

Ransomware Campaign Encrypting Amazon S3 Buckets using SSE-C

Jan 14, 2025 By Julian Tuin In Arctic Wolf
On January 13, 2025, Halcyon released a research blog about the Codefinger group conducting a ransomware campaign targeting Amazon S3 buckets. The attacks leverage AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data. The threat actors then demand ransom payments for the symmetric AES-256 keys required to decrypt it.
Read Post
Torq

Impossible Travel Detection with Torq: Defend Against the Most Prominent and Expensive Breach

Jan 14, 2025 By Brian Higgins In Torq
With widespread remote work and global access, organizations face mounting challenges in securing user identities against sophisticated threats. One critical identity risk signal is impossible travel, where a user appears to log in from two unrecognized, geographically distant locations within an unrealistic timeframe, indicating the possibility of compromised credentials or session hijacking.
Read Post
teleport

Teleport 17

Jan 14, 2025 By Ben Arent In Teleport
Teleport 17 marks our final major release of the year, bringing significant enhancements to our platform. In the six months since Teleport 16, we've not only developed this major release but also introduced several valuable features through minor and patch updates. A core theme for this release is scalable, secure, and resilient infrastructure access. This starts with our expanded focus on AWS Access. Teleport 17 includes preview support for AWS IAM Identity Center.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.