Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trusting your Software Supply Chain Security with DevOps Agility

May 18, 2023 By JFrog In JFrog
At RSA 2023, JFrog spoke with security experts about their current challenges and focus areas. With increasing scrutiny on the vulnerability of open-source, and blindspots in their Software Supply Chain (SSC) it was no surprise to hear that SSC attacks have become a top concern. But with so many vulnerabilities to fix, the need for heavy manual efforts, and a plethora of complex AST security tools to navigate, security experts say that securing the SSC can feel like an overwhelming task.
View Video
tripwire

Risk Tolerance: Understanding the Risks to your Organization

May 18, 2023 By Rita Nygren In Tripwire

‘A ship in port is safe, but that's not what ships are built for,’ said Dr. Grace Hopper, Rear Admiral of the US Navy and a computer pioneer. As soon as the ship leaves the harbor, or even the dock, there are risks. Depending on conditions and purposes, the ship's crew might decide they are negligible, that they can be recovered from, or that the potential rewards are worth the risk. The same ideas can be applied to computers.

Read Post
vanta

Fitting incident management into the SOC 2 puzzle

May 18, 2023 By Vanta In Vanta

In today’s business landscape, security and compliance mean everything. ‍ Because of this, many modern businesses look towards solutions that will provide customers and prospects with the most confidence and trust. One of these is SOC 2 compliance and attestation. SOC 2 is a marker of solid and consumer-minded companies that want to protect customer data.

Read Post

Stopping API attacks with Salt Security and AWS WAF

May 18, 2023 By Salt Security In Salt Security
Every company’s APIs are unique and so are its security gaps. Bad actors will poke and prod to learn your APIs and find mistakes in business logic they can exploit. Catching these attacks requires context and deep behavioral analysis over time. With its recent AWS WAF Ready designation, Salt Security makes it easier and faster for businesses to protect the APIs running in their AWS environments. Salt provides the visibility, intelligence, and context over time to identify and block attacks using tools you already rely on such as Amazon API Gateway, AWS WAF, and other inline enforcement points.
View Video
knowbe4

Phishing Tops the List Globally as Both Initial Attack Vector and as part of Cyberattacks

May 18, 2023 By Stu Sjouwerman In KnowBe4

A new report covering 13 global markets highlights phishing prevalence and its role in cyber attacks when compared to other types of attacks. It’s difficult for me not to stand on my “phishing is a problem” soapbox when there exists stories and reports demonstrating that phishing continues to dominate as a security problem that isn’t being properly addressed.

Read Post
knowbe4

New "Greatness" Phishing-as-a-Service Tool Aids in Attacks Against Microsoft 365 Customers

May 18, 2023 By Stu Sjouwerman In KnowBe4

This new phishing toolkit is rising in popularity for its effective realism in impersonating not just Microsoft 365, but the victim organization as well. Security researchers at Cisco Talos have identified a new Microsoft 365 toolkit that actually creates a realistic login experience for the victim user, making it more dangerous to organizations.

Read Post
Arctic Wolf

Phishing Threat From New .zip Top-Level Domain

May 18, 2023 By James Liolios In Arctic Wolf
On Wednesday, May 3, 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses. From these eight new TLD’s, one that stands out as a potential security risk is.zip. The.zip TLD is concerning since it is also used as an extension of files commonly shared over the internet. With the inclusion of.zip as a domain, email clients and web platforms will now accept URLs disguised as filenames with.zip extensions.
Read Post
Arctic Wolf

Four Critical RCE Vulnerabilities in Cisco Small Business Series Switches

May 18, 2023 By James Liolios In Arctic Wolf
On Wednesday, May 17, 2023, Cisco disclosed four critical remote code execution vulnerabilities affecting the web-based user interface of Cisco Small Business Series Switches. Cisco’s Product Security Incident Response Team (PSIRT) is aware of PoC exploit code being available for these vulnerabilities, however, they have not identified a publicly available PoC exploit.
Read Post
upguard

The Impact of Cybercrime on the Economy

May 18, 2023 By Kyle Chin In UpGuard
IBM’s former executive chairman and CEO, Ginni Rometty — who created a 6000-strong Security Business Unit at IBM to counter cybercrime in 2015 — described data as a game-changing source of competitive advantage for the 21st century. Rometty noted that cybercrime is and should be the biggest threat to every industry and organization.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.