Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

Breaking down the 'critical' OpenSSL vulnerability

Nov 4, 2022 By Elliot Ward, Raul Onitza-Klugman In Snyk

On November 1st 2022, the OpenSSL team released an advisory detailing two high severity vulnerabilities — CVE-2022-3602 and CVE-2022-3786. This was pre-announced as a critical bug, but later downgraded to high for the actual release. This could still be problematic though, OpenSSL is one of the predominant encryption libraries and is underpinning a significant portion of the internet’s TLS protected communications.

Read Post

How to Protect Against Domain Impersonation with Falcon Intelligence Recon Typosquatting

Nov 4, 2022 By CrowdStrike In CrowdStrike
Malicious actors leverage a technique called typosquatting to trick users into believing a falsified domain is legitimate. The fake domain can be used to trick users into visiting malicious site or trusting an email that they have received. CrowdStrike Falcon Intelligence Recon provides the ability to monitor for when key terms are identified in newly created or changed domains. This can be used to monitor brands or identify when a fraudulent domain is being used.
View Video

How to Defend Against Threats with Falcon Intelligence

Nov 4, 2022 By CrowdStrike In CrowdStrike
In this video, we will demonstrate the power of the automated threat intelligence available with Falcon Intelligence. Having sandbox analysis available directly in the CrowdStrike UI provides security teams with more context to make security decisions while also making them more efficient and effective given their limited time and resources.
View Video
splunk

Vulnerability Management: The Beginner's Guide

Nov 4, 2022 By Stephen Watts In Splunk

As available software on the market increases, so do vulnerabilities. When a company's system is weak due to vulnerabilities in the software it uses, attackers take advantage of the situation to: This, in turn, causes the company to lose customers, reputation and money. To reduce threats, network personnel and system administrators are always on the front line, constantly patching the organization's software and operating systems. But to what end?

Read Post
tripwire

Privacy Updates in Q2 2022: Major Developments Across the Globe

Nov 4, 2022 By Tripwire Guest Authors In Tripwire

The third quarter saw some major developments across the privacy space. In the U.S., we saw a federal bill for comprehensive privacy achieve more than ever before, children’s privacy proved to remain a top concern, and the Federal Trade Commission formally began its heavily criticized “Magnuson-Moss rulemaking” process.

Read Post
mend

DevSecOps - All You Need To Know

Nov 4, 2022 By Adam Murray In Mend

DevSecOps has become one of the hottest buzzwords in the DevOps ecosystem over the past few years. In the abstract, it’s easy to understand what DevSecOps means and why people care about it: it’s a strategy that extends DevOps efficiencies to software security. But when you sit down and actually start implementing DevSecOps, things can get trickier. There is no switch you can flip to go from DevOps to DevSecOps. Implementation requires a set of tools and practices.

Read Post
devo

Russian Cyberwar Attacks Against U.S. Put Added Pressure on SOC Teams

Nov 4, 2022 By Gunter Ollmann In Devo

The Russian cyberattacks against the U.S. are ramping up in scope and volume. Last month, a hacking group claimed credit for cyberattacks hitting more than a dozen U.S. airports’ websites, temporarily rendering parts of the sites inaccessible to the public. State-sponsored actives in non-war conditions expend exorbitant efforts to disguise themselves to prevent attribution. They also purposefully limit the scope of their attacks.

Read Post
Internxt

How Do Hidden Web Trackers Put My Privacy at Risk?

Nov 4, 2022 By Internxt Contributor In Internxt
Digital safety is a buzzword these days due to the ubiquity of our devices and how much we use them. As we go about our lives, whether we're on our laptops at home or out and about on our phones, we're constantly leaving digital breadcrumbs behind us in the form of data. This data is then collected and used by businesses and potentially even malicious actors to track our movements, better target us with ads or other content, or even for fraud.
Read Post

[Webinar] Software Supply Chain Security & Attacks: The True, the False, and the Most Lethal

Nov 4, 2022 By GitGuardian In GitGuardian
What do high-profile incidents like SolarWinds SUNBURST, Codecov bash uploader, Log4Shell, ua-parser-js, or the more recent IconBurst all have in common? They’re all supply chain attacks... except one. Exploding interest in the security of the software development lifecycle from the media, industry analysts, vendors, and agencies, has left the rest of us, developers and security engineers, with many confusing definitions for supply chain attacks.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.