Very recently, the JFrog security research team has disclosed an issue in the H2 database console which was issued a critical CVE – CVE-2021-42392. This issue has the same root cause as the infamous Log4Shell vulnerability in Apache Log4j (JNDI remote class loading). H2 is a very popular open-source Java SQL database offering a lightweight in-memory solution that doesn’t require data to be stored on disk.
The CloudCasa elves has been busy in their workshop for the past few months, and in December we delivered a stocking full of brand-new Kubernetes data protection goodies just in time for the holidays!
No-one wants to feel burned out at work. Battling physical or emotional exhaustion can quickly impact your health, happiness, and any sense of professional fulfillment. That in turn can affect your productivity and the likelihood that you’ll make an honest mistake that puts your company’s data at risk.
Whether organizations call it digital transformation or just using technology to create opportunities for new, easier ways to work, one thing is certain. Businesses increasingly need to find simpler ways to securely build and manage new kinds of connections that support an era of: This is exactly the drive behind the latest collaboration between the cybersecurity and networking experts at AT&T and Cisco.
Microsoft Azure is a great choice for enterprises looking to quickly build and deploy apps to the cloud. However, cloud teams must simultaneously consider how to implement DevSecOps practices to reduce, manage and avoid risks. Sysdig is collaborating with Microsoft to simplify cloud and container security and deliver robust SaaS-based solutions for the Azure ecosystem.
As 2022 begins, it’s a great time to set resolutions for the coming year. Don’t worry, we don’t expect you to become a CrossFit guru or break world records on your Peloton. Instead, how about you set goals to improve your abilities as a secure developer? All too often, we choose resolutions that set ourselves up for failure. A better approach is to set realistic goals.
The 2022 new year is here! That means it’s time to bid farewell to the winter of 2021. At the same time, looking at security trends can give us insight into the future. Last year was a record-breaking year for data breaches. According to the Identity Theft Resource Center (ITRC), the number of publicly reported 2021 breaches in the first three quarters of this year exceeded the total number of incidents in the entirety of 2020.
Mobile application security testing (MAST) covers a wide range of topics, including authentication, authorization, data security, session management, and vulnerabilities for hacking. The mobile AST market is made up of buyers and sellers of products that identify vulnerabilities and apps used with mobile platforms during or post-development.
If you attended SnykCon 2021, you may remember our inaugural CTF: Fetch the Flag. In this CTF, TopLang was a web challenge of medium difficulty that we received a lot of positive feedback about. So for those of you that loved it, this write-up explains how our team internally approached tackling and solving this challenge. This challenge was a pretty typical example of what is known as an “oracle attack” using blind SQL injection.
Strictly following security best practices is the first step to cybersecurity. Although SSH is the industry standard for both security and efficacy for remote server access, as with any software, SSH is only as secure as configurations applied to the server and client configurations. In this article, we’ll explore five SSH best practices you should observe to boost the security of your infrastructure.
