Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Cross-Account and Cross-Cluster Restore of Kubernetes Demonstrated on Amazon EKS

Mar 21, 2022 By CloudCasa In CloudCasa
Cross-Account and Cross-Cluster Restore of Kubernetes Applications Using CloudCasa on Amazon EKS. Users can now browse and map the available storage classes in the source and destination cluster across different AWS accounts and different Cloud Providers such as AKS, GKE, DO, IBM Cloud etc.
View Video

How to Secure Containers and Eliminate Noise from Code to Production with Sysdig and Snyk

Mar 21, 2022 By Snyk In Snyk
This webinar recording presented by Snyk and our partner Sysdig shows how we are helping developers and security teams pinpoint must-fix open source and container vulnerabilities in development while effectively protecting workloads in production. Implementing a continuous feedback loop using runtime intelligence helps you save time by focusing remediation efforts on packages executed at runtime.
View Video
CalCom

Russian Hackers Exploit MFA protocols and Print Spooler "PrintNightmare" vulnerability

Mar 20, 2022 By John Gates In CalCom
A joint Cybersecurity Advisory (CSA) was issued by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) recently warning organizations about a Russian state-sponsored cyber-attack. The cyber actors ran arbitrary code using system privileges by exploiting a Windows Print Spooler vulnerability, “PrintNightmare.”
Read Post

Balancing Security and Agility While Scaling Your Company with Michael Coates

Mar 19, 2022 By Teleport In Teleport
Fast-growth companies are some of the richest targets for hackers because that’s where the user data is. How do you balance the security you need to protect your customers/users with the agility you need to build a business? This talk provides practical tips drawn from Michael Coates' experience as CISO of an iconic brand with hundreds of millions of users. The talk will also explore current threats, data breaches, and the new reality of risk to identify what security controls are actually needed for enterprises that are moving fast, leaning into new technology, and want effective security defenses.
View Video
snyk

node-ipc sabotages JavaScript developers

Mar 18, 2022 By Snyk In Snyk
On March 15, in an apparent act of protest against the Ukraine crisis, a supply chain attack was created which affects users of the popular JavaScript front-end development framework Vue.js and the Unity Hub. The attack creates a file with an antiwar message and introduces security vulnerabilities, with an earlier version corrupting user files on machines with Russian and Belorussian geolocations, replacing characters with heart emoji.
Read Post
armo

NSA & CISA Kubernetes Hardening Guide - what is new with version 1.1

Mar 18, 2022 By Leonid Sandler In ARMO
In March 2022, NSA & CISA has issued a new version of the Kubernetes Hardening Guide – version 1.1. It updates the previous version that was released in August 2021. Kubernetes evolves fast, and Kubernetes adoption grows even quicker. Kubernetes has become a very popular target and therefore requires continuous enhancement of the protection measures.
Read Post
teleport

How to Stop Container Escape and Prevent Privilege Escalation

Mar 18, 2022 By Sadequl Hussain In Teleport

Container escape is a security risk in which malicious players can leverage a containerized application’s vulnerabilities to breach its isolation boundary, gaining access to the host system’s resources. Once an attacker accesses the host system, they can escalate their privilege to access other containers running in the machine or run harmful code on the host. Depending on how vulnerable the host is, the actor could also access other hosts in the network.

Read Post
Snyk

dompdf security alert: RCE vulnerability found in popular PHP PDF library

Mar 18, 2022 By DeveloperSteve In Snyk

Recently, researchers from Positive Security published findings identifying a major remote code execution (RCE) vulnerability in dompdf, a popular PDF generation library. In their reporting, they outlined a way that code could be loaded into an application and then remotely executed during a PDF being generated. Dompdf is used quite extensively within the PHP ecosystem, and is used within over 59,000 open sourced platforms and projects.

Read Post
snyk

Linux 'Dirty Pipe' vulnerability: Snyk explains the risk and what you can do to protect your systems

Mar 17, 2022 By Snyk In Snyk
Last week, a critical vulnerability was discovered in Linux. Developer-first security company, Snyk, warns Linux users of the flaw in the Linux kernel that can be exploited by attackers allowing any process to modify files regardless of their permission settings or ownership.
Read Post
Snyk

How to do password encryption in Java applications the right way!

Mar 17, 2022 By Brian Vermeer In Snyk

There are multiple types of encryption and most ecosystems and languages come with many libraries to help you encrypt the data. The question nowadays is, what type of encryption should I pick for the problem. This article will focus on encrypting passwords for Java applications specifically. While we can apply the main principles to any ecosystem, we will explore examples and libraries in Java that are useful for your daily job.

Read Post
Subscribe to DevOps

Copyright © 2024 OpsMatters™. All rights reserved.