Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

It's Official: Cyber Insurance is No Longer Seen as a 'Safety Net'

Mar 26, 2024 By Stu Sjouwerman In KnowBe4
A new report on the state of email security sheds some light on how organizations are viewing and approaching cyber insurance as they shift strategy toward being cyber resilient. The topic of cyber insurance has been covered quite a bit here on this blog. From when cyber insurance first began as a concept, to the challenges it poses for organizations looking as their last resort after an attack, to changes in insurance policy and law.
Read Post
cyberark

Enterprise Browsers Need to Secure Identities Without Compromise

Mar 26, 2024 By Gil Rapaport In CyberArk
Now is the time. It’s been over 30 years since the introduction of the first web browser. Since then, the browser has evolved into an application that allows us to stream entertainment, work and interact through social media. It’s the most widely used application among consumers … and now the enterprise. Unfortunately, there’s little separation between work and personal life when you use a browser designed for consumer use.
Read Post
veracode

Resolving Simple Cross-Site Scripting Flaws with Veracode Fix

Mar 26, 2024 By Robert Haynes In Veracode
In the last blog on fixing vulnerabilities with Veracode Fix, we looked at SQL Injection remediation in a Java application. Since then, we have released Fix support for Python (and PHP) and launched a new VS Code plugin that includes support for Fix. It seems appropriate, therefore, to look at resolving a problem in a Python app using Veracode Fix in the VS Code IDE. This time let’s examine a simple cross-site scripting (XSS) weakness.
Read Post
jfrog

NPM Manifest Confusion: Six Months Later

Mar 26, 2024 By Andrey Polkovnichenko In JFrog
Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a large threat, allowing malicious actors to deceive developers and hide harmful code from detection.
Read Post
graylog

Selecting SIEM Tools - Questions to Consider

Mar 26, 2024 By Graylog Security In Graylog
So, you’ve done your homework. You’ve clearly defined business requirements, and you think you want to implement a Security Information and Event Management (SIEM) solution into your organization. Cloud migration and remote work have changed the way threat actors attack, and it feels like every day you read about a new methodology. While a lot of companies added a SIEM to their cybersecurity technology stack, you’re not sure whether you can afford one.
Read Post

The 443 Podcast - Episode 283 - Trucking Worms

Mar 26, 2024 By WatchGuard In WatchGuard
This week on the podcast we discuss a vulnerability in required commercial truck hardware that could enable an automatically propagating worm across the entire US. Before that, we cover Apple's "un-patchable" vulnerability in their M-series processors as well as a vulnerability that could let attackers unlock hotel room doors at will. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
View Video

Unraveling Cyber Intrigue: Decoding the Complexities of State-Sponsored Hacking Groups

Mar 26, 2024 By Razorthorn In Razorthorn
Join us as we uncover the intricate web of state-sponsored hacking groups and the hidden motivations driving their actions. Explore insights from recent revelations, including examples from China dating back to 2012-2013, where various government agencies sponsored competing hacking groups. In this eye-opening discussion, we delve into the financial motivations behind these operations and shed light on the key players pulling the strings. From government agencies vying for dominance to clandestine funding sources, the landscape of cyber intrigue is more complex than meets the eye.
View Video

Securing the Future: Cybersecurity Meets Physical Access Control

Mar 26, 2024 By Brivo In Brivo
In today's digital age, the lines between cybersecurity and physical access control are increasingly blurring. At Brivo, we're at the forefront of this revolution, ensuring your information and facilities are safeguarded against emerging threats. Dive into our latest video where Matt Graham, a visionary in the field, explores the intricate dance of integrating cybersecurity measures with physical access management. Discover how these two realms converge to fortify security like never before.
View Video
jit

7 Steps to Implement an Effective Vulnerability Management Program

Mar 26, 2024 By Ariel Beck In Jit
When a new vulnerability is found, the race is on to either solve it or exploit it (depending on which side you’re on). But while attackers are getting faster, companies not so much. Dev teams take around 215 days to resolve a security vulnerability. The numbers are only marginally shorter when dealing with critical vulnerabilities. This delay is particularly concerning given the rise in zero-day exploits, where hackers take advantage of a security flaw before the organization even knows it exists.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.