DevOps

Kerberos Attacks - All You Need to Know

Mar 15, 2022 By John Gates In CalCom

Privileged account exploitation remains at the core of targeted cyber attacks. An insight into some of the most high-profile breaches reveals a highly predictable pattern. Attackers are capable of crashing through hijack credentials, network perimeter, and utilize the same for moving laterally across the entire network. They also undertake additional credentials and enhance privileges towards achieving their goals.

Read Post

CalCom

Read more about Kerberos Attacks - All You Need to Know

Build a software bill of materials (SBOM) for open source supply chain security

Mar 14, 2022 By Liran Tal In Snyk

More than ever, developers are building web applications on the foundations of open source software libraries. However, while those libraries make up the software bill of materials (SBOM) components inventory, not all developers and business stakeholders understand the significant impact on open source supply chain security that stems from including 3rd party libraries.

Read Post

Snyk

Read more about Build a software bill of materials (SBOM) for open source supply chain security

SSH into Docker Container or Use Docker Exec?

Mar 14, 2022 By TK Walsh In Teleport

SSH has always been the default mechanism to get remote shell access into a running Unix or Linux operating system from a terminal client to execute commands. While SSH is familiar, Docker provides more lightweight and easier-to-use methods that don’t require running your container with an SSH server. This post will explore two methods to get shell access into a Docker container using OpenSSH and the docker exec command.

Read Post

Teleport

Read more about SSH into Docker Container or Use Docker Exec?

Identifying and Avoiding Malicious Packages

Mar 14, 2022 By JFrog In JFrog

Securing your software supply chain is absolutely critical as attackers are getting more sophisticated in their ability to infect software at all stages of the development lifecycle. This webinar, hosted by JFrog Director of Threat Research Jonathan Sar Shalom, will be a technical showcase of the different types of malicious packages that are prevalent today in the PyPI (Python) and npm (Node.js) package repositories. All examples shown in the webinar will be based on real data and malicious packages that were identified and disclosed by the JFrog security research team.

View Video

JFrog

Read more about Identifying and Avoiding Malicious Packages

Artifactory Integration - Plugin Upgrade

Mar 14, 2022 By Mend In Mend

This is a short tutorial on migrating the WhiteSource JFrog Artifactory plugin from any version before 21.12.1 to version 21.12.1

View Video

Mend

Read more about Artifactory Integration - Plugin Upgrade

Announcing Snyk free security for open source projects

Mar 14, 2022 By Snyk In Snyk

Snyk announces expanded free offerings for open source project maintainers including unlimited scans across our platform and additional features. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Announcing Snyk free security for open source projects

DevSecOps Automation: How Does it Help?

Mar 14, 2022 By Rezilion In Rezilion

DevSecOps is a key component in companies’ efforts to build strong security into the software products they create. The methodology brings together security and development teams in a joint mission to deliver high-quality, reliable and secure software.

Read Post

Rezilion

Read more about DevSecOps Automation: How Does it Help?

Log4j Webinar Recap: What Your Scanner is Missing

Mar 14, 2022 By Rezilion In Rezilion

Log4j continues to be a thorn in the side of security leaders, who have spent the last several months battling the recently discovered flaw in Apache’s Log4j software. In a recent webinar, Yotam Perkal, director of vulnerability research at Rezilion, said the implications of the bug are far-reaching and will likely be exploited for years to come. Apache Log4j is an open source Java logging library used in millions of Java applications worldwide.

Read Post

Rezilion

Read more about Log4j Webinar Recap: What Your Scanner is Missing

Dirty Pipe - What You Need to Know

Mar 11, 2022 By Rezilion In Rezilion

The new serious Linux Kernel vulnerability dubbed ‘Dirty Pipe’, due to its similarity to the 2016 high severity and easy to exploit DirtyCow vulnerability, was originally disclosed on March 7th by Max Kellermann. Kellermann found the bug accidently while researching corrupted log files on a log server.

Read Post

Rezilion

Read more about Dirty Pipe - What You Need to Know

Why Single Sign On Sucks

Mar 11, 2022 By Ben Arent In Teleport

A month ago I tweeted about my annoyance with SSO or Single Sign On. While single is in the name, I’m required to “single sign on” multiple times a day. I’m not the only one; the tweet went viral with over 25k likes and 2 Million impressions. The tongue-in-check tweet created a lot of fun responses and more rage against SSO user experience than I expected. SSO was meant to solve password fatigue but we got something worse.

Read Post

Teleport

Read more about Why Single Sign On Sucks

Subscribe to DevOps

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Kerberos Attacks - All You Need to Know

Build a software bill of materials (SBOM) for open source supply chain security

SSH into Docker Container or Use Docker Exec?

Identifying and Avoiding Malicious Packages

Artifactory Integration - Plugin Upgrade

Announcing Snyk free security for open source projects

DevSecOps Automation: How Does it Help?

Log4j Webinar Recap: What Your Scanner is Missing

Dirty Pipe - What You Need to Know

Why Single Sign On Sucks

Monthly Archive

Follow Us