Identity-Based Access for SSH
Lack of access accountability and unmonitored access create a considerable security risk for organizations, and the best way to mitigate this challenge is by implementing identity-based access.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
What is URL Confusion?!
We talk with the Claroty team and Daniel Stenberg, creator of curl, about URL Confusion Vulnerabilities.
Running Kubernetes on AWS Fargate
For the last decade, AWS has dominated the cloud computing space with a plethora of cloud services. One of AWS’ great innovations was AWS Fargate, their first containers as a service (CaaS) offering. Prior to the introduction of Fargate, those building in the cloud were forced to choose between IaaS paradigm-focused containers or FaaS-focused serverless functions.
SSH Hardening Tips to Prevent Brute-Force Attacks
SSH servers are a common target for brute-force attacks. This is even more true if your infrastructure sits behind an SSH bastion because attackers have no choice but to compromise the bastion host either by exploitation or denial of service. In this article, we will list a few controls which will help you harden your SSH servers from brute- force attacks.
Styra 2021 Year in Review
It’s been a whirlwind year for Styra — from going fully remote as a company to raising $40 million in Series B Funding to more than doubling our workforce. We have a lot to be thankful for as a company, and before we say “goodbye” to 2021 and “hello'' to 2022, I wanted to take a moment to recap some of my favorite moments and initiatives of this past year.
SSH Bastion Host Best Practices
SSH bastion hosts are an indispensable security enforcement stack for secure infrastructure access. Every security compliance standard that deals with remote infrastructure access (e.g., FedRAMP AC-17 - Remote Access, HIPAA §164.312(a)(1) - Access control, SOC2 CC6.1 - Manage Points of Access) mandates preventing direct network access to the servers and APIs.
Chatting with the Log4JShell Bytecode Detector Creators
Brian and Kyle chat with Johannes about the project!
Welcoming Samantha Wessels: Snyk's New Vice President, EMEA Sales
Snyk announces the appointment of Samantha Wessels as New Vice President, EMEA Sales.
What You Should Know About npm Packages 'colors' and 'faker'
On January 8, 2022, the open source maintainer of the wildly popular npm package colors, published colors@1.4.1 and colors@1.4.44-liberty-2 in which they intentionally introduced an offending commit that adds an infinite loop to the source code. The infinite loop is triggered and executed immediately upon initialization of the package’s source code, and would result in a Denial of Service (DoS) to any Node.js server using it.
Why Financial Services Companies That Value Agility & Security Pick Teleport
2022 feels a little different, doesn’t it? Every day I’m prepared to hear something new, something scary, or something exciting. These last couple of years have made it seem like we just never know what is coming next. It’s no different for financial services companies who have to be prepared for the unexpected, including disruptive technologies that can challenge their core businesses.