Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

veracode

Resolving Simple Cross-Site Scripting Flaws with Veracode Fix

Mar 26, 2024 By Robert Haynes In Veracode
In the last blog on fixing vulnerabilities with Veracode Fix, we looked at SQL Injection remediation in a Java application. Since then, we have released Fix support for Python (and PHP) and launched a new VS Code plugin that includes support for Fix. It seems appropriate, therefore, to look at resolving a problem in a Python app using Veracode Fix in the VS Code IDE. This time let’s examine a simple cross-site scripting (XSS) weakness.
Read Post
jfrog

NPM Manifest Confusion: Six Months Later

Mar 26, 2024 By Andrey Polkovnichenko In JFrog
Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a large threat, allowing malicious actors to deceive developers and hide harmful code from detection.
Read Post
graylog

Selecting SIEM Tools - Questions to Consider

Mar 26, 2024 By Graylog Security In Graylog
So, you’ve done your homework. You’ve clearly defined business requirements, and you think you want to implement a Security Information and Event Management (SIEM) solution into your organization. Cloud migration and remote work have changed the way threat actors attack, and it feels like every day you read about a new methodology. While a lot of companies added a SIEM to their cybersecurity technology stack, you’re not sure whether you can afford one.
Read Post

The 443 Podcast - Episode 283 - Trucking Worms

Mar 26, 2024 By WatchGuard In WatchGuard
This week on the podcast we discuss a vulnerability in required commercial truck hardware that could enable an automatically propagating worm across the entire US. Before that, we cover Apple's "un-patchable" vulnerability in their M-series processors as well as a vulnerability that could let attackers unlock hotel room doors at will. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
View Video

Unraveling Cyber Intrigue: Decoding the Complexities of State-Sponsored Hacking Groups

Mar 26, 2024 By Razorthorn In Razorthorn
Join us as we uncover the intricate web of state-sponsored hacking groups and the hidden motivations driving their actions. Explore insights from recent revelations, including examples from China dating back to 2012-2013, where various government agencies sponsored competing hacking groups. In this eye-opening discussion, we delve into the financial motivations behind these operations and shed light on the key players pulling the strings. From government agencies vying for dominance to clandestine funding sources, the landscape of cyber intrigue is more complex than meets the eye.
View Video

Securing the Future: Cybersecurity Meets Physical Access Control

Mar 26, 2024 By Brivo In Brivo
In today's digital age, the lines between cybersecurity and physical access control are increasingly blurring. At Brivo, we're at the forefront of this revolution, ensuring your information and facilities are safeguarded against emerging threats. Dive into our latest video where Matt Graham, a visionary in the field, explores the intricate dance of integrating cybersecurity measures with physical access management. Discover how these two realms converge to fortify security like never before.
View Video
jit

7 Steps to Implement an Effective Vulnerability Management Program

Mar 26, 2024 By Ariel Beck In Jit
When a new vulnerability is found, the race is on to either solve it or exploit it (depending on which side you’re on). But while attackers are getting faster, companies not so much. Dev teams take around 215 days to resolve a security vulnerability. The numbers are only marginally shorter when dealing with critical vulnerabilities. This delay is particularly concerning given the rise in zero-day exploits, where hackers take advantage of a security flaw before the organization even knows it exists.
Read Post
jit

The Essential Components of a DevSecOps Pipeline

Mar 26, 2024 By Aviram Shmueli In Jit
DevSecOps pipelines arose in response to DevOps and CI/CD, which made it possible for developers to iteratively and continuously deliver small code changes, rather than massive deployments periodically. In theory, by integrating security into DevOps processes that enable continuous integration and delivery, developers could find and resolve security issues early in the software development lifecycle (SDLC), which is much faster than fixing security issues in production.
Read Post
jit

The Developer's Guide to DevSecOps Tools and Processes

Mar 26, 2024 By Aviram Shmueli In Jit
How many security tools do you use daily? If you’re like 35% of developers, it’s probably too many for your liking. Building a DevSecOps toolchain is key to making DevSecOps a success and reaping all of its benefits. However, knowing where to start with so many different tools and processes can be overwhelming. This article will explain the key DevSecOps tools and processes, while providing a guidance for building a software security program that works for you.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.