Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

sentrium

Enumerating Users and Mailboxes in Microsoft Outlook 365 Web

Dec 11, 2025 By James Drew In Sentrium
During our research into Microsoft 365 security, we discovered a flaw in Outlook on the web (OWA) that exposed information about users and their mailboxes. By manipulating certain request headers against the “/owa/service.svc” endpoint, an attacker could not only confirm whether a user account existed, but also determine if that account had a mailbox associated with it.
Read Post
splunk

When Your Fraud Detection Tool Doubles as a Wellness Check: The Unexpected Intersection of Security and HR

Dec 11, 2025 By Matthew J Joseff, CFE In Splunk
Let’s face it: humans are creatures of habit, and nothing rattles us quite like the prospect of change. (Just ask anyone who’s dared to swap out the office coffee brand—revolutions have started over less.) According to SHRM's research on change fatigue, today’s relentless pace of disruption is exhausting employees faster than a budget ergonomic chair. But here’s where it gets fascinating—where security, HR, and fraud analysis converge in ways you might not expect.
Read Post
miniorange

Why Choose Active Directory Management Over Manual Scripts

Dec 11, 2025 By Puja More In miniOrange
A mid-sized company once tried to handle all its AD updates with a set of PowerShell scripts. Things worked fine while the user count was small, but trouble showed up once they crossed a thousand accounts. A script missed a group update, a disabled user stayed active for two extra days, and a bulk change took almost an entire afternoon to fix. None of this was a technical failure. It was the natural limit of manual scripting.
Read Post
levelblue

Extortion-as-a-Service: The Latest Threat Actor Criminal Ecosystem

Dec 11, 2025 By Serhii Melnyk In LevelBlue
For centuries, threat actors, both cyber and physical, have understood the benefits of using extortion to further their criminal activities. This has led some cyber threat groups to create Extortion-as-a-Service (EaaS) businesses. These are a formalized way for cybercriminals to offer extortion services to others for a fee or profit share. And, as we shall see, it is just one of many newer -as-a-service models that threat actors are applying.
Read Post
Risk, Reward, and Reality: How to Decide the Right Amount to Invest in Crypto

Risk, Reward, and Reality: How to Decide the Right Amount to Invest in Crypto

Dec 11, 2025 By SecuritySenses In SecuritySenses
Entering the world of crypto can feel exhilarating. Stories of rapid gains and high-profile success can make even cautious investors consider dipping their toes into digital assets. Yet, alongside the potential for reward comes significant risk. Understanding how much to invest in crypto is less about chasing opportunity and more about aligning investments with your financial reality, goals, and tolerance for volatility.
Read Post
The Security Blind Spots Most Operators Miss - According to Igor Finkelshtein

The Security Blind Spots Most Operators Miss - According to Igor Finkelshtein

Dec 11, 2025 By SecuritySenses In SecuritySenses
In the cybersecurity world, it's easy to focus on the latest breach or high-profile vulnerability. But according to multi-industry operator Igor Finkelshtein, most security incidents don't begin with sophisticated attacks - they begin with overlooked operational weaknesses. From transportation to real estate to SaaS platforms, Finkelshtein's experience shows that cybersecurity is ultimately an operational discipline. The vulnerabilities that quietly accumulate inside a business often pose a greater risk than anything happening outside it.
Read Post
apono

Better Together: Apono and 1Password Join Forces to Deliver Secure, Just-in-Time Access to Secrets

Dec 10, 2025 By Ben Avner In Apono
We’re excited to announce Apono integration with 1Password to help organizations control, automate, and audit access to sensitive credentials and secrets bringing stronger security and smoother operations to teams everywhere. This new integration enables customers to enforce Zero Standing Privileges (ZSP) and provision Just-in-Time (JIT) and just-enough access (JEA) to secrets stored in 1Password Enterprise Password Manager through Apono’s automated access flows.
Read Post
knowbe4

Report: Phishing Has Surged 400% Year-Over-Year

Dec 10, 2025 By KnowBe4 Team In KnowBe4
Researchers at SpyCloud have observed a 400% year-over-year increase in successful phishing attacks, with a disproportionate number of attacks targeting corporate accounts. “The company tracked a 400% year-over-year increase in successfully phished identities, with nearly 40% of the 28+ million recaptured phished records containing a business email address – compared to just 11.5% in recaptured malware data,” the researchers write.
Read Post
cato networks

Mitigating Credential Phishing in the Age of AI and Cloud Convergence

Dec 10, 2025 By Dr. Guy Waizel In Cato Networks
Phishing remains one of the most effective methods for stealing credentials and breaching enterprise environments. Despite advanced email and browser protections, attackers now leverage AI, and automation to outpace traditional defenses. The Verizon 2024 Data Breach Investigations Report found that 68% of breaches involve the human element, often triggered within seconds of a phishing lure, just 21 seconds to click and 28 seconds to submit credentials.
Read Post
bitsight

Unsubscribed Doesn't Mean Disconnected: The Persistent Risk of Calendar Domains

Dec 10, 2025 By Emma Stevens In BitSight
We trust our devices to keep our lives organized, from reminders and appointments to birthdays and holidays. But behind that convenience lies an invisible risk. Every time you subscribe to an external calendar, you may be granting an unknown third party the ability to send events directly to your device for as long as the subscription remains active.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.