Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

Capital One Customers Targeted By Credential Harvesting Phishing Campaign

May 29, 2025 By KnowBe4 Threat Lab In KnowBe4
The KnowBe4 Threat Lab has identified an active phishing campaign impersonating Capital One. The attacks are sent from compromised email accounts to help them evade reputation-based detection by native security and secure email gateways (SEGs). Once delivered, the attacks use stylized HTML templates and brand impersonation to trick the recipient into believing the communications are legitimate. Recipients who fall victim are directed to credential-harvesting websites.
Read Post
Arctic Wolf

Understanding the Risks of Remote Monitoring and Management Tools

May 29, 2025 By Arctic Wolf In Arctic Wolf
The IT environment is evolving. Organizations have embraced hybrid work models, expanded their operations and personnel footprints, and digitalized their processes and capabilities. And those in charge of these now sprawling environments must deal with the increasingly complicated task of keeping endpoints, users, and more both operational and secure.
Read Post
How NIS2 Is Forcing Companies to Rethink Their Security Architecture

How NIS2 Is Forcing Companies to Rethink Their Security Architecture

May 29, 2025 By SecuritySenses In SecuritySenses
The NIS2 Directive is raising the bar for cybersecurity compliance across the EU, pushing companies to reevaluate and strengthen their entire security architecture. With stricter requirements, broader sector coverage, and hefty penalties for non-compliance, many organizations are feeling unprepared for the level of transparency and resilience now expected. This shift is creating urgent challenges-especially for businesses with fragmented systems, limited incident response plans, or outdated infrastructure.
Read Post
How to Implement Single Sign-On (SSO): A Non-Technical Guide

How to Implement Single Sign-On (SSO): A Non-Technical Guide

May 29, 2025 By SecuritySenses In SecuritySenses
In today's digital world, users interact with a wide variety of platforms-email systems, project management tools, online portals, and internal company software. With every new service comes another set of login credentials, which leads to password fatigue, security risks, and poor user experiences.
Read Post
Make Your Business More Resilient with Proven Continuity Strategies

Make Your Business More Resilient with Proven Continuity Strategies

May 29, 2025 By SecuritySenses In SecuritySenses
Possessing a resilient business allows for easy maneuvering around competitors during cyberattacks or supply-chain ordeal. In modern business, agility is paramount. New technologies and shifting markets have the potential to rapidly catalyze change. Still, external factors such as cyber attacks and natural disasters can disrupt the flow of even the most nimble businesses.
Read Post
Trustwave

PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations

May 28, 2025 By Cris Tomboc and King Orande In Trustwave
Since September 2023, Trustwave’s Threat Intelligence Team has been tracking a large-scale phishing campaign distributed via email, attributed to "Storm-1575". Storm-1575 is known for developing and distributing a PhaaS platform with adversary-in-the-middle (AiTM) capabilities, known as "Dadsec". The team’s recent investigations have revealed that the infrastructure used by Dadsec is also connected to a new campaign leveraging the "Tycoon2FA" Phishing-as-a-Service (PhaaS) platform.
Read Post
elastic

How the MOD can achieve decision superiority against cyber threats

May 28, 2025 By Crossley McEwen In Elastic
AI as a force multiplier for cyber resilience in defence Military leaders are well-acquainted with the expansion of conventional warfare into digital battlefields. The recent attack and breach of a UK Ministry of Defence (MoD) supplier exposed data of 270,000 service personnel,1 representing not an isolated incident but a pattern in an escalating cyber conflict.
Read Post
CrowdStrike

CrowdStrike Elevates XIoT Security with AI-Powered Insights

May 28, 2025 By Adam Roeckl In CrowdStrike
As organizations increasingly rely on connected devices to drive efficiency and innovation, the Extended Internet of Things (XIoT) — covering industrial control systems (ICS), operational technology (OT), Internet of Things (IoT), and Internet of Medical Things (IoMT) — has rapidly expanded. This greater connectivity often drives increased vulnerability as critical assets are exposed to sophisticated threats.
Read Post
lookout

Navigating FedRAMP Compliance: Why It's Crucial for Mobile Security

May 28, 2025 By Lookout In Lookout
If your organization handles United States federal government data in cloud environments, it’s often a requirement to use FedRAMP-authorized solutions. The Federal Risk and Authorization Management Program (FedRAMP) provides consistent standards for protecting unclassified data that passes between the federal government and privately owned third parties.
Read Post
fidelis security

Understanding Common Vulnerabilities and Exposures (CVEs) and Their Role in Deceptive Threat Detection

May 28, 2025 By Fidelis Security In Fidelis Security
Cyber threats are becoming more advanced, with attackers creating ways to bypass traditional security. That’s why organizations need a stronger, multi-layered approach to protect their systems. To handle cyber threats effectively, security teams need clear, consistent information. That’s where CVEs help—by making it easier to manage hidden risks. And how can organizations enhance their cybersecurity capabilities with CVE data along with deception technology?
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.