Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today we’re pleased to announce an update to our popular Docker and Snyk vulnerability cheat sheet. Since 2020, millions of MacOS and Windows developers have been able to use docker scan to analyze their containers in their local environments as part of their day-to-day development. This capability gives teams feedback at the time of active development for faster cycles.

The widespread popularity of the containerized infrastructure backed by the advancement in technology, has made Linux the top priority as a host of the enterprise production environment. Red Hat Enterprise Linux default configuration settings which are more functionality-focused than being security-oriented, are often faced with the risk of infrastructure breaches.

Authorization vulnerabilities allow malicious users to perform unwanted actions or access resources that are deemed protected otherwise. Authorization vulnerabilities are one of the most widely found vulnerabilities in web applications. The OWASP top 10 list of web application security risks listed broken access control vulnerabilities as the number one risk in 2021, so understanding authorization vulnerabilities is an important topic for application security engineers.

On March 15, 2022, users of the popular Vue.js frontend JavaScript framework started experiencing what can only be described as a supply chain attack impacting the npm ecosystem. This was the result of the nested dependencies node-ipc and peacenotwar being sabotaged as an act of protest by the maintainer of the node-ipc package.

Predicting infrastructure drift is like predicting snowfall in winter… you know it will happen at some point but you can’t predict exactly when. And just like snowfall, having a way to detect it as early as possible is what will make you the most prepared and your infrastructure more secure! In this article, we’ll explore the principles of drift detection, the different kinds of drift and why they happen, and tools to help detect drift with a simple example.

For security and DevOps teams, staying a step ahead of the competition comes down to staying in lockstep with each other. Whether that competition takes the form of a threat actor lurking on a network or a rival company taking new products to market, collaboration can help security and DevOps teams better protect their organizations and develop innovative technology solutions.

Privileged account exploitation remains at the core of targeted cyber attacks. An insight into some of the most high-profile breaches reveals a highly predictable pattern. Attackers are capable of crashing through hijack credentials, network perimeter, and utilize the same for moving laterally across the entire network. They also undertake additional credentials and enhance privileges towards achieving their goals.

More than ever, developers are building web applications on the foundations of open source software libraries. However, while those libraries make up the software bill of materials (SBOM) components inventory, not all developers and business stakeholders understand the significant impact on open source supply chain security that stems from including 3rd party libraries.