Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Why Risk-Based Vulnerability Management (RBVM) Increases Your Security Debt, and How You Can Fix It

Oct 30, 2024 By Nucleus In Nucleus
In this Nucleus webinar, we take a deep dive into the practical challenges and strategies for managing security debt in the context of Risk-Based Vulnerability Management (RBVM). Scott Kuffer, co-founder of Nucleus Security and veteran in vulnerability management, explains how RBVM has shifted from a holistic risk reduction approach to a prioritization-heavy process that often falls short. He discusses why traditional methods lead to excessive security debt and demonstrates how aligning VM processes with product management principles can create more efficient, business-centric remediation.
View Video
securitysenses

Best Practices for Protecting Drone Data in Commercial Applications

Oct 30, 2024 By SecuritySenses In SecuritySenses
Hey there, tech enthusiasts and masters of the skies! With the soaring ascent of drones in commercial applications, it's not just about nailing the perfect aerial shot anymore-it's also about locking down that precious data. Drones are busy bees, collecting loads of info that need protection just as much as any ground-based data trove. We've all heard the horror stories of data breaches resulting in hefty fines and reputational damage. That's why I'm here to guide you through the labyrinth of drone data security, helping your business keep its digital treasures under a virtual lock and key.
Read Post
upguard

Understanding CVE-2024-47176: Mitigating CUPS Vulnerabilities

Oct 29, 2024 By UpGuard Team In UpGuard
The Common UNIX Printing System (CUPS) is a widely used printing system on Unix-like operating systems, but recent vulnerabilities have exposed significant risks. The most critical is CVE-2024-47176, which affects the cups-browsed service by binding to the IP address INADDR_ANY:631. This configuration flaw causes it to trust all incoming packets, leading to potential remote code execution when interacting with malicious printers. This vulnerability is part of a chain of exploits, including.
Read Post
SecurityScorecard

Inside a North Korean Phishing Operation Targeting DevOps Employees

Oct 29, 2024 By SecurityScorecard In SecurityScorecard
Sophisticated threat actors are increasingly targeting organizations with tailored phishing campaigns. Recently, SecurityScorecard detected a similar attempt against our team—and stopped it in its tracks. We’re sharing our findings to support the InfoSec community and strengthen collective defenses against continually evolving threats.
Read Post
SecurityScorecard

The Job Offer That Wasn't: How We Stopped an Espionage Plot

Oct 29, 2024 By SecurityScorecard In SecurityScorecard
In cybersecurity, transparency matters—because none of us are immune. Increasingly, we’re seeing threat actors hone in on specific organizations. When we detected the recent “Contagious Interview” campaign targeting one of our own, our team acted fast to stop it in its tracks. We’re sharing this story so others can see how easily these attacks unfold—and how quickly they need to be stopped to protect the community.
Read Post
securitysenses

Cost of Ignoring Data Replication: Risks for Modern Businesses

Oct 28, 2024 By SecuritySenses In SecuritySenses
Data replication allows businesses to operate efficiently. The process involves copying data files across multiple systems or locations. At its core, replication prevents downtime and ensures data is synchronized in case of accidental deletion. However, this move could expose your business to risks like data inconsistencies, data loss, limited scalability, and compliance issues. This article will discuss the cost of ignoring data replication for modern businesses.
Read Post
Razorthorn

Unlocking the Potential of GRC Tools: A Path to Strategic Risk Management

Oct 25, 2024 By Razorthorn In Razorthorn
By James Rees, MD, Razorthorn Security In today’s complex cybersecurity landscape, Governance, Risk and Compliance (GRC) tools have become essential for organisations managing intricate security ecosystems. These tools are designed to centralise information, streamline processes and offer crucial insights into an organisation’s risk posture. However, as cybersecurity expert Jack Jones revealed when he joined me on a recent podcast, the reality often falls short of these ambitious claims.
Read Post

Introducing the Risk Management Dashboard

Oct 25, 2024 By Keeper In Keeper
The Keeper Risk Management Dashboard is a powerful feature of the Keeper Admin Console that provides comprehensive security posture information covering end-user deployment, utilization, cloud configuration, and event monitoring. This critical data helps administrators ensure that risks are remediated and compliance is enforced effectively.
View Video
Featured Post
cycognito

What Security Teams Need to Know About the EU's NIS 2 Directive

Oct 24, 2024 By Graham Rance, VP Global Pre-Sales In CyCognito
The deadline to get compliant with the EU's NIS 2 Directive is here. And this isn't just a minor update from its NIS 1 predecessor-it's a major expansion that carries with it new challenges and obligations. The directive now covers a whopping 300,000 organizations, up from just 20,000 under NIS 1. Sectors like aerospace, public administration, digital services, postal and courier services, and food production are now included. Organizations are classified into "essential" or "important" entities based on size and criticality to the economy.
Read Post
nucleus

New from Nucleus: Automating POA&M Management for Federal Compliance

Oct 24, 2024 By Scott Kuffer In Nucleus
Managing compliance in federal IT is a critical and complex task, especially when it comes to addressing findings from security assessments. One of the key tools to bridge the gap between requirements and the current state is the Plan of Action and Milestones (POA&M). Required by federal security frameworks like the Federal Information Security Modernization Act (FISMA) and NIST 800-53, POA&Ms are used to document security weaknesses, outline mitigation plans, and track their resolution.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.