Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

sumologic

SIEM isn't dead. It's reborn and finally worth using.

Aug 14, 2025 By Christopher Beier In Sumo Logic
The question isn’t whether security information and event management (SIEM) is dead. The real question is whether the traditional model of SIEM still serves today’s defenders. Spoiler alert: it doesn’t. Born from compliance needs and static rules, first-generation SIEMs provided log collection and correlation but not context. They buried analysts in noise and left threat detection slow, brittle, and expensive. But that’s changing.
Read Post
Trustwave

Trustwave's FedRAMP Authorization: A Game-Changer for Your Security Strategy

Aug 14, 2025 By Trustwave In Trustwave
The importance of a cybersecurity vendor being Federal Risk and Authorization Management Program (FedRAMP) authorized cannot be understated. In February 2025, after a multi-year process, Trustwave achieved full FedRAMP authorization for its Government Fusion platform, becoming the first pure-play Managed Detection and Response (MDR) provider to do so.
Read Post
Trustwave

How Researchers Collect Indicators of Compromise

Aug 14, 2025 By Messiah Dela Cruz In Trustwave
As security researchers, we actively monitor the latest CVEs and their publicly available exploits to create signatures. Beyond CVEs, we also hunt for malware on platforms such as MalwareBazaar, which enhances our visibility into attacks occurring across networks. Today, we'll demonstrate a simple workflow showing how researchers use various tools to collect indicators of compromise (IOCs) and develop appropriate signatures from detonated malware.
Read Post
wallarm

IBM 2025 Cost of a Data Breach Report: Lessons for API and AI Security

Aug 14, 2025 By Wallarm In Wallarm
IBM’s 2025 Cost of a Data Breach Report offers one of the clearest and most comprehensive views yet of how AI adoption is shaping the security landscape. While breach numbers are relatively low – only 13% of organizations reported breaches involving AI models or applications – the report reveals a troubling pattern: APIs and integrations are often the real entry point, and they’re frequently under-secured. At Wallarm, we’ve been banging this drum for a while.
Read Post

The MemcycoFM Show: Episode 12 - How The 5 Biggest Bank ATO Attacks Could've Been Stopped

Aug 14, 2025 By Memcyco In Memcyco
Bank account takeover fraud is a growing global threat, costing financial institutions and customers billions each year. Attackers are refining their tactics, blending phishing, credential stuffing, and mobile malware to bypass traditional defenses. For banks, the stakes are high: a single breach can erode customer trust and regulatory standing overnight. We break down five of the most impactful account takeover attacks in recent years, examining what happened, how it happened, and how Memcyco’s real-time, browser-level, and mobile-layer protections could have mitigated the damage.
View Video
kroll

Kroll Conversations: Meet the Offensive Security Experts

Aug 14, 2025 By Kroll In Kroll
Organizations are under constant threat from vulnerabilities hidden deep within their own systems and applications. Uncovering these types of weaknesses before they lead to security issues such as malware, ransomware attacks and social engineering is a challenge that Jugal Bhatt and Jonathan Hosick take on every day.
Read Post
riscosity

COPPA Compliance - Now!

Aug 14, 2025 By Anirban Banerjee In Riscosity
On June 23, 2025, the Federal Trade Commission’s sweeping amendments to the Children’s Online Privacy Protection Rule (COPPA) took effect, ushering in more stringent duties for any operator collecting or using children’s data—whether via websites, services, or AI‑powered agents. Companies must achieve full compliance by April 22, 2026 (Finnegan | Leading IP+ Law Firm, Bass, Berry & Sims PLC).
Read Post
salt security

Beyond the Prompt: Securing the "Brain" of Your AI Agents

Aug 14, 2025 By Eric Schwake In Salt Security
Imagine an autonomous AI agent tasked with a simple job: generating a weekly sales report. It does this reliably every Monday. But one week, it doesn't just create the report. It also queries the customer database, exports every single record, and sends the file to an unknown external server. Your firewalls saw nothing wrong. Your API gateway logged a series of seemingly valid calls. So, what happened? The agent wasn't hacked. Its mind was changed.
Read Post
Tines

MCP security is non-negotiable for AI-driven organizations

Aug 14, 2025 By Thomas Kinsella In Tines
Model Context Protocol (MCP) is gaining traction because it enables LLMs to interact with live systems and enhance context by retrieving and managing relevant real-time information. LLMs can’t query Salesforce, trigger an Okta password reset, or fetch context from your SIEM, for example. MCP bridges that gap by connecting AI models to real-world APIs, powering AI applications like retrieval-augmented generation and multi-step agent workflows. They’re fast to deploy.
Read Post
Feroot

Beyond PCI and HIPAA: How Feroot Powers California Invasion of Privacy Act (CIPA) Compliance

Aug 14, 2025 By Feroot In Feroot
Yes—if your website, app, or other online platform interacts with users located in California, CIPA may apply, even if your business is not physically based there. Enforced under California Penal Code §§ 631, 632, 632.7, and 637.2, CIPA was originally designed to stop wiretapping and unauthorized call recording. Courts are increasingly applying it to digital communications, including web chats, form submissions, and user behavior tracking. The challenge?
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.