Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Apono - Okta Integration: Requesting temporary access to Okta groups

Oct 31, 2023 By Apono In Apono
ICYMI: In the last video demo of @Okta + Apono, we showed you how to integrate your Okta resources with Apono through SCIM. (It’s super simple!) Once the integration is done, Okta users or group members can easily request temporary access to different cloud resources using our just-in-time capability. That includes temporary access to Okta group membership If you're managing your developer-on-duty, customer data access, or any other use case with Okta groups, you don’t want to miss out on this one.
View Video
Arctic Wolf

7 Types of Social Engineering Attacks

Oct 30, 2023 By Sule Tatar In Arctic Wolf
When a ransomware group launched twin cyber attacks on casino giants MGM and Caesars, they only needed the accidental participation of the organizations’ outsourced IT help desk to get started. It was social engineering — in this case impersonation over the phone, or vishing— that gave the hackers the information they needed to launch a ransomware attack that cost both casinos millions.
Read Post
kroll

Rise in MFA Bypass Leads to Account Compromise

Oct 30, 2023 By Marc Brawner In Kroll

In Q2 and Q3 of this year, Kroll observed an increase in large-scale AiTM phishing and BEC attacks targeting organizations within the professional services, banking and financial industries. In 90% of Kroll's recent BEC investigations, MFA was in place at the time of unauthorized access, but attackers can obtain authentication tokens and/or session cookies to easily evade defenses.

Read Post
upguard

How to Resolve SSL Configuration Risks

Oct 30, 2023 By Caitlin Postal In UpGuard
Transport Layer Security (TLS) provides security for internet communications. TLS is the successor to the now-deprecated Secure Sockets Layer (SSL), but it is common for TLS and SSL to be used as synonyms for the current cryptographic protocols that encrypt digital communications through public key infrastructure (PKI).
Read Post
bitsight

Top 3 Vendor Cybersecurity IT Risk Assessment Templates

Oct 30, 2023 By Brian Thomas In BitSight
If you’re developing a vendor risk management (VRM) plan from scratch or looking to scale your existing program, a cybersecurity IT risk assessment template can help you get started. Fortunately, you have options. In this blog, we’ve listed several templates, frameworks, and checklists that can help you create a personalized vendor cybersecurity IT risk assessment questionnaire.
Read Post
bitsight

SEC's Cybersecurity Regulations, Part III: The Relationship Between the CISO & The Board

Oct 30, 2023 By Jake Olcott & Nicole Matusek In BitSight
Cybersecurity is a top risk for corporate directors to understand and navigate. The implications of cyber events for a company are many and growing: instantly damaged reputations that erode years of credibility and trust with customers and investors, impaired profitability from customer attrition and increased operating costs, lost intellectual property, fines and litigation, and harm to a company’s people and culture.
Read Post
splunk

SOARing High for M-21-31

Oct 30, 2023 By Derrick Lawson In Splunk
As most folks who work in the US Federal Civilian space are aware, we are now past the August 2023 date to meet Enterprise Logging Level 3 (EL3) in support of the M-21-31 OMB Mandate. As part of the Advanced Requirements in EL3, Logging Orchestration, Automation, & Response enters Finalizing Implementation, meaning agencies should be completing and rolling out automated incident response playbooks.
Read Post
tripwire

A Scary Story of Group Policy Gone Wrong: Accidental Misconfigurations

Oct 30, 2023 By Chris Hudson In Tripwire

In the world of cybersecurity, insider threats remain a potent and often underestimated danger. These threats can emanate not only from malicious actors within an organization but also from well-intentioned employees who inadvertently compromise security with a mis-click or other unwitting action.

Read Post
indusface

DDoS Traffic Analysis Techniques for SOC Teams

Oct 30, 2023 By Phani Deepak Akella In Indusface
A 60-minute DDoS attack could be launched with just $5 as per pricing on the Dark Web, and this was reduced from $15 in 2021. Unlike advanced attacks such as bot or zero-day attacks, these could be launched by hiring bandwidth on any of the ‘DDoS as a service’ websites. No wonder even Gartner calls out DDoS as one of the biggest threat vectors for security teams worldwide.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.