Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

manageengine

Active Directory security: Exploiting certificate services

Nov 11, 2024 By AD360 In ManageEngine
Active Directory (AD) is crucial for an organization’s identity and access management strategy, but its complex architecture is also a prime zone for overlooked vulnerabilities. One such feature that’s often overlooked is Active Directory Certificate Services (ADCS). Active Directory Certificate Services ADCS is a service that provides a robust solution for managing digital certificates in a Windows Server environment. It leverages AD to manage certificates in a domain environment.
Read Post
lookout

Mastering the Mobile Vulnerability Management Process

Nov 8, 2024 By Lookout In Lookout
Smartphones and tablets can be invaluable tools in the workplace. They can also be tempting targets for cyber threats. Mobile attacks are on the rise, and outdated operating systems and misconfigured devices only exacerbate the issue. To protect your data, your users, and your organization’s digital integrity, you need a comprehensive mobile vulnerability management process.
Read Post
datadog

Protect your applications from zero-day attacks with Datadog Exploit Prevention

Nov 7, 2024 By Christophe Papazian In Datadog
Due to their numerous components and dependencies, web applications often have multiple vulnerabilities—many of them unknown and susceptible to zero-day attacks—that can be exploited by malicious HTTP requests. Determining whether a vulnerability exists is challenging without visibility into an application’s real-time data and event flows, which isn’t possible with existing firewall-based solutions.
Read Post
Arctic Wolf

CVE-2024-42509, CVE-2024-47460: Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

Nov 7, 2024 By Andres Ramos In Arctic Wolf
On November 5, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing two critical-severity vulnerabilities affecting Aruba Networks Access Points. These vulnerabilities, identified as CVE-2024-42509 and CVE-2024-47460, could allow unauthenticated command injection.
Read Post
Snyk

GitFlops: The Dangers of Terraform Automation Platforms

Nov 7, 2024 By Elliot Ward In Snyk
Terraform is today’s leading Infrastructure-as-Code platform, relied upon by organizations ranging from small startups to multinational corporations. It enables teams to declaratively manage their cloud or on-premises infrastructure, allowing them to provision or decommission infrastructure components simply, consistently, and with auditability.
Read Post

How to Avoid 3 Common Mistakes in Remediation Execution | Seemplicity

Nov 7, 2024 By Seemplicity In Seemplicity
Learn how to avoid common mistakes in remediation plan execution with Seemplicity's Director of Product Marketing, Megan Horner. Discover three critical missteps - lack of accountability, poor prioritization, and reliance on manual processes - and gain actionable tips to address them. By enhancing accountability, focusing on high-risk vulnerabilities, and automating workflows, your organization can improve remediation efficiency and reduce cybersecurity risks.
View Video
outpost 24

How to shield your attack surface from SSL misconfigurations

Nov 6, 2024 By Marcus White In Outpost 24
When we carry out an assessment of an organization’s attack surface, it’s often SSL (Secure Sockets Layer) misconfigurations (and other encryption-related issues) that get the worst average scores. Research has estimated that 95% of applications have some kind of misconfiguration or vulnerability. These issues are often overlooked, but they shouldn’t be – their visibility to attackers make them an attack route that’s likely to be exploited.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.