%term

SSH Keys are Passwords Too

Dec 29, 2021 By Gabrielle Coleman In Teleport

Use of misused or stolen credentials is the number one cause of data breaches. Using Password123 is worthy of a good laugh, but there are other passwords that are used everyday: SSH keys and other tokens used to access critical infrastructure. Teleport recently commissioned a survey of 1000 IT, DevOps and Security professionals and found that passwords are the number one way of managing access to infrastructure.

Read Post

Teleport

Read more about SSH Keys are Passwords Too

New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution but it's not as bad as it sounds

Dec 28, 2021 By Liran Tal, Benji Catabi-Kalman In Snyk

As previously predicted to unfold, at approximately 7:35 PM GMT, 28th of December 2021, another security vulnerability impacting the Log4j logging library was published as CVE-2021-44832. This new CVE-2021-44832 security vulnerability is affecting versions up to 2.17.0, which was previously thought to be fixed. This vulnerability is similar in nature to CVE-2021-4104 which affected the 1.x branch of Log4j.

Read Post

Snyk

Read more about New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution but it's not as bad as it sounds

5 Tips for a Successful Teleport Proof of Value Evaluation

Dec 28, 2021 By Colin Wood In Teleport

Most car purchases start with a test drive. Increasingly, enterprise software purchases (including security software) are made the same way. These evaluations are often called a Proof of Concept or PoC. This term is a great fit for lots of situations, especially when the solution evolves a novel way of combining established tools or a hard-to-define use case that can only be judged in practice.

Read Post

Teleport

Read more about 5 Tips for a Successful Teleport Proof of Value Evaluation

Enable Hardened UNC Paths - What Why and How?

Dec 28, 2021 By Keren Pollack In CalCom

UNC (Universal Naming Convention) identifies servers, printers, and other resources in the UNIX/Windows Community. The name of a computer is anteceded in a UNC path by double slashes or backslashes. Local disk or directories UNC paths are separated by a single slash or backslash.

Read Post

CalCom

Read more about Enable Hardened UNC Paths - What Why and How?

Log4j Detection with JFrog OSS Scanning Tools

Dec 28, 2021 By Ilya Khivrich In JFrog

The discovery of the Log4Shell vulnerability in the ubiquitous Apache Log4j package is a singular event in terms of both its impact and severity. Over 1 million attack attempts exploiting the Log4Shell vulnerability were detected within days after it was exposed, and it may take years before we see its full impact.

Read Post

JFrog

Read more about Log4j Detection with JFrog OSS Scanning Tools

MFA everything!

Dec 27, 2021 By Teleport In Teleport

This session will discuss what MFA is, why it is critical to use it for all access, and strategies for implementing MFA across an organization. This presentation will also include a brief demo showing how open source software can be used to help enforce MFA when accessing servers, databases, web applications, and Kubernetes clusters. Speaker: Jonathon Canada.

View Video

Teleport

Read more about MFA everything!

Kubernetes posture management - no time to waste time

Dec 27, 2021 By Amir Kaushansky In ARMO

Five months ago, we decided to release a posture management solution for K8s and make it open source for everyone to enjoy it.

Read Post

ARMO

Read more about Kubernetes posture management - no time to waste time

Log4Shell PoC exploit and mitigation demo on Kubernetes

Dec 23, 2021 By Snyk In Snyk

Demonstration of an RCE against the Log4Shell / CVE-2021-44228 vulnerability on a PoC Java EE app running on Kubernetes. I also go over a few mitigation steps you can take to reduce your exposure to this and other such exploits. References mentioned in the video: Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Log4Shell PoC exploit and mitigation demo on Kubernetes

It takes a community: Responding to open source criticism post-Log4Shell

Dec 23, 2021 By Randall Degges In Snyk

The last week has been a wild ride for just about everyone in the technology world due to the public disclosure of the Log4Shell vulnerability. As a developer security company, Snyk has built our business around proactive automation to identify and fix security issues in applications. To say we’ve been busy this week would be an understatement.

Read Post

Snyk

Read more about It takes a community: Responding to open source criticism post-Log4Shell

Why Energy Infrastructure is National Security and How to Protect It

Dec 23, 2021 By Joseph Rodriguez In Teleport

I am writing this from my home office in Texas. Texas isn’t just my home. It is the home of the best brisket on the planet, some of the most iconic high tech brands in the world, and energy production that powers the global economy. In the morning, I might meet with one of the fastest growing SaaS companies in the country about achieving the rigorous FedRAMP certification so they can sell to federal agencies.

Read Post

Teleport

Read more about Why Energy Infrastructure is National Security and How to Protect It

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SSH Keys are Passwords Too

New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution but it's not as bad as it sounds

5 Tips for a Successful Teleport Proof of Value Evaluation

Enable Hardened UNC Paths - What Why and How?

Log4j Detection with JFrog OSS Scanning Tools

MFA everything!

Kubernetes posture management - no time to waste time

Log4Shell PoC exploit and mitigation demo on Kubernetes

It takes a community: Responding to open source criticism post-Log4Shell

Why Energy Infrastructure is National Security and How to Protect It

Monthly Archive

Follow Us