Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trustwave

Storm-0558 and the Dangers of Cross-Tenant Token Forgery

May 21, 2025 By Damian Archer In Trustwave
Modern cloud ecosystems often place a single identity provider in charge of handling logins and tokens for a wide range of customers. This approach certainly streamlines single sign-on (SSO) for end users, but it also places enormous trust in a single set of signing keys. If those private keys are compromised, attackers can create tokens that appear valid to any service that relies on them.
Read Post
levelblue

DDoS Protection: Insurance Policy or Proactive Defense?

May 20, 2025 By Tawnya Lancaster In LevelBlue
Historically, smaller organizations or those outside highly targeted industries for distributed-denial-of-service (DDoS) attacks have thought of DDoS protection more akin to an insurance policy than proactive cyber defense, i.e. we’ll put some reactive processes in place “in case we get hit,” but not much more.
Read Post
ssl2buy

What Is Scattered Spider? Inside the Rise of Identity-Based Attacks

May 20, 2025 By Ann-Anica Christian In SSL2BUY
If you’ve been following major cybersecurity incidents over the past couple of years, chances are you’ve come across the name Scattered Spider. From massive casino breaches to healthcare system outages, this threat actor has become a name that CISOs don’t take lightly. But what is Scattered Spider, really? And why is this group of cybercriminals getting so much attention? Scattered Spider is a financially motivated group that came into focus around 2022.
Read Post
fidelis security

The Rise of Identity-Based Attacks and How Deception Can Help

May 19, 2025 By Fidelis Security In Fidelis Security
Identity-based attacks have become the predominant vector for sophisticated threat actors targeting enterprise networks, particularly those using Microsoft Active Directory. Active Directory (AD), which serves as the authentication and authorization framework in over 90% of organizations, represents a critical attack surface that, when compromised, provides adversaries with extensive capabilities for lateral movement, privilege escalation, and data exfiltration.
Read Post
Featured Post
Improving Cyber and Mental Resilience with Threat Information Sharing

Improving Cyber and Mental Resilience with Threat Information Sharing

May 17, 2025 By Chris Jacob, VP, Global Field Operations In ThreatQuotient
In a world where data provides companies with a competitive advantage, sharing it amongst other businesses, especially in the same industry, may seem counterproductive. However, in cybersecurity, where every company is a potential target for threat actors and organizations are increasingly interconnected through supply chains, sharing information can significantly enhance a company's security posture and overall resilience.
Read Post
Trustwave

Guarding Against Dependency Attacks: Essential Strategies for Modern Application Development

May 16, 2025 By Damian Archer In Trustwave
Dependency management is one of the biggest challenges in modern software development. Large projects often rely on dozens or even hundreds of libraries. Each one can introduce new vulnerabilities or even malicious code. Attackers sometimes upload fake packages to popular open-source repositories, hoping that build systems will download these packages automatically. This problem is made worse by transitive dependencies, where a single library might include several other libraries under the hood.
Read Post

How to Use the LevelBlue DDoS Defense Portal | Video Overview

May 15, 2025 By LevelBlue In LevelBlue
Get up to speed with the essentials of the LevelBlue DDoS Defense Portal in this video tutorial. Learn how to analyze network traffic, monitor threats, and customize your security settings—all in one place. Whether you're managing alerts, viewing mitigations, or generating reports, this step-by-step guide ensures you're prepared. In this video, you’ll learn how to.
View Video

Understanding LevelBlue DDoS Alert Emails & Investigation Process | What to Expect

May 15, 2025 By LevelBlue In LevelBlue
This video explains how LevelBlue DDoS Defense Service alert emails work and provides a clear overview of the investigation and escalation process triggered by high severity alerts. You’ll learn: When and why DDoS alert emails are sent The role of the LevelBlue Threat Management Team How investigations determine malicious vs. legitimate traffic Differences between pre-authorized and manual mitigation What each type of alert email means.
View Video

How to Manage DDoS Contacts in the LevelBlue Portal | Add, Edit & Notify Admins

May 15, 2025 By LevelBlue In LevelBlue
Learn how to add and manage contacts in the LevelBlue DDoS Defense Portal, including how to ensure the right users receive DDoS mitigation alerts and notifications. This step-by-step guide walks company administrators through: Accessing the DDoS Defense Portal Adding contacts with Business Direct IDs Enabling email alerts for DDoS mitigation events Managing contact updates to keep your incident response team informed.
View Video
veracode

Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2

May 15, 2025 By Veracode Threat Research In Veracode
Our security monitoring systems recently flagged a suspicious npm package, os-info-checker-es6, which represents a sophisticated and evolving threat within the npm ecosystem. What initially appeared as a simple OS information utility quickly unraveled into a sophisticated multi-stage malware attack. This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final payload.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.