Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

jfrog

CVE-2021-44142: Critical Samba Vulnerability Allows Remote Code Execution

Feb 8, 2022 By Itay Vaknin, Brian Moussalli In JFrog

Recently, a critical out-of-bounds vulnerability, assigned to CVE-2021-44142, was disclosed in Samba versions prior to 4.13.17. The Samba vulnerability carries a critical CVSS of 9.9 and allows attackers to remotely execute code on machines running a Samba server with a vulnerable configuration. The vulnerability was disclosed as part of the Pwn2Own Austin competition where researchers are challenged to exploit widely-used software and devices with unknown vulnerabilities.

Read Post

New Year, New Features in Xray

Feb 8, 2022 By JFrog In JFrog
Let’s start 2022 off the right with new features and updates that will extend JFrog Xray’s power and reach in addressing challenges with securing your binaries from development to production. Join Sarit Tager, VP Product Security as she discusses how Xray provides intelligent supply chain security and compliance at DevOps speed. JFrog Xray is a software composition analysis (SCA) solution that scans your open source software (OSS) dependencies for security vulnerabilities and license compliance issues.
View Video

Triaging vulnerabilities - the way it ought to be

Feb 7, 2022 By Snyk In Snyk
We all know that shifting security left is the right approach for securing our apps. We also know that it isn’t enough - developers also need to be empowered to own security. They require tools that integrate into the way they are already working and they need guidance and assistance from the security team. This is especially true for the most challenging vulnerabilities of all: those that are not so easy to fix, but too important to ignore.
View Video
armo

CVE 2022-24348 - Argo CD High Severity Vulnerability and its impact on Kubernetes

Feb 6, 2022 By Amir Kaushansky In ARMO

Researcher Moshe Zioni from Apiiro, discovered a major software supply chain critical vulnerability - CVE-2022-24348 - in the popular open-source CD platform Argo CD. Exploiting it enables attackers to obtain sensitive information like credentials, secrets, API keys from other applications. This in turn can lead to privilege escalation, lateral movements, and information disclosure.

Read Post
Snyk

Log4Shell remediation with Snyk by the numbers

Feb 4, 2022 By Jason Lane In Snyk

We’re almost two months from the disclosure of Log4Shell, and we here at Snyk couldn’t be more excited with the role we’ve gotten to play in finding and fixing this critical vulnerability that’s impacted so many Java shops. For starters, we’ve been able to help our customers remediate Log4Shell 100x faster than the industry average! How have we been able to achieve that?

Read Post

How to Protect Your CI/CD Pipeline

Feb 4, 2022 By Teleport In Teleport
Application Architecture Summit, January 2021 How to protect your CI/CD pipeline so it doesn’t turn into a vulnerability superspreader. CI/CD pipelines bring so much application security good to the development process. They help increase test coverage and reduce human error by automating away toil. But without proper controls, an over-privileged and insufficiently monitored CI/CD pipeline can turn into a vulnerability superspreader. This talk will show you how to manage identity-based access so your CI/CD pipeline stays secure using the open-source solution Teleport and Github Actions.
View Video
Spectral

The Essential Guide to Understanding the DevOps Lifecycle

Feb 4, 2022 By Eyal Katz In Spectral

DevOps has revolutionized how software is developed and deployed by introducing a more collaborative environment for development and bridging the gap between developers and operations. All the while ensuring flexibility to meet any consumer or market demands. However, it would be best if you implemented a proper DevOps lifecycle in your organization to take full advantage of all the benefits offered by DevOps.

Read Post
Spectral

The Essential Guide to Understanding the DevOps Lifecycle

Feb 4, 2022 By Eyal Katz In Spectral

DevOps has revolutionized how software is developed and deployed by introducing a more collaborative environment for development and bridging the gap between developers and operations. All the while ensuring flexibility to meet any consumer or market demands. However, it would be best if you implemented a proper DevOps lifecycle in your organization to take full advantage of all the benefits offered by DevOps.

Read Post
datadog

Introducing Datadog Application Security

Feb 3, 2022 By Lucas Masson In Datadog

Securing modern-day production systems is expensive and complex. Teams often need to implement extensive measures, such as secure coding practices, security testing, periodic vulnerability scans and penetration tests, and protections at the network edge. Even when organizations have the resources to deploy these solutions, they still struggle to keep pace with software teams, especially as they accelerate their release cycles and migrate to distributed systems and microservices.

Read Post
Subscribe to DevOps

Copyright © 2024 OpsMatters™. All rights reserved.