On January 30, 2022, , the Argo CD team was contacted by researchers at Apiiro regarding a vulnerability they had discovered in the popular continuous delivery platform that could allow bad actors to steal sensitive information from deployments. The Argo CD team was able to quickly develop fixes for all three of their currently supported releases and publish them to their users within 48 hours.
Most people are painfully aware that security breaches have increased in recent years, while at the same time becoming much more sophisticated in their approach. Additionally, ever-expanding application environments and continuously evolving workloads have created more opportunities than ever for attackers. What’s not so apparent to those outside of the tech bubble: The world is dangerously ill-equipped to handle the magnitude of these threats.
We have all heard of the term infrastructure as code (IaC), however code in this context is not really code in the sense of a programming language. IaC usually refers to the configuration of infrastructure via tools like Terraform, CloudFormation, Kubernetes YAML, or Azure Resource Manager templates, which is really the definition of how the infrastructure will be created.
What if there was a large, global event dedicated to finding and fixing security vulnerabilities in both open and closed-source software? An event that brings developers, DevOps, and security practitioners of all skill levels and backgrounds together to collectively make the software world more secure? Well, I’m excited to announce that Snyk has made this a reality by launching The Big Fix — a month-long event that’s running now!
Our Solution Engineering (SE) team is full of individuals who have vast real-world experience building and maintaining complex IT access systems with sophisticated audit layers through their work as DevOps engineers. The problems that we have all faced before joining Teleport are the exact problems that our customers face. So when it comes to our demos, we like to show real-world scenarios aligned to customer usage patterns, in environments similar to our customers.
With security now a critical “must have” for DevOps teams, JFrog significantly deepened and extended our platform’s already solid security capabilities in 2021. In this post, we’ll look back at our major advances last year – and look forward at what’s to come in 2022.
In 2021, the WhiteSource Diffend automated malware detection platform detected and reported more than 1,200 malicious npm packages that were responsible for stealing credentials and crypto, as well as for running botnets and collecting host information from machines on which they were installed.
Recently, a critical out-of-bounds vulnerability, assigned to CVE-2021-44142, was disclosed in Samba versions prior to 4.13.17. The Samba vulnerability carries a critical CVSS of 9.9 and allows attackers to remotely execute code on machines running a Samba server with a vulnerable configuration. The vulnerability was disclosed as part of the Pwn2Own Austin competition where researchers are challenged to exploit widely-used software and devices with unknown vulnerabilities.
