%term

Veracode State of Software Security Vol. 11: Key Findings

Jul 21, 2021 By Veracode In Veracode

For the 11th version of the State of Software Security report, Veracode analyzed the security scan results from 130,000 applications. This short video gives a snapshot of what the data shows about the state of software security today.

View Video

Veracode

Read more about Veracode State of Software Security Vol. 11: Key Findings

New! Introducing the AT&T Cybersecurity Training (ACT) learning portal

Jul 21, 2021 By Brandi Timmerman In AT&T Cybersecurity

We are pleased to announce that we have expanded our training offerings with the addition of a brand-new AT&T Cybersecurity Training (ACT) learning portal, which is part of AT&T Cybersecurity Training-as-a-Service.

Read Post

AT&T Cybersecurity

Read more about New! Introducing the AT&T Cybersecurity Training (ACT) learning portal

New Bill Could Force U.S. Businesses to Report Data Breaches Quicker

Jul 21, 2021 By Tripwire Guest Authors In Tripwire

A bipartisan Senate bill would require some businesses to report data breaches to law enforcement within 24 hours or face financial penalties and the loss of government contracts. The legislation from Senate Intelligence Chair and Democratic Senator Mark Warner with Republican Senators Marco Rubio and Susan Collins is just one of several new cybersecurity bills that will likely be debated this year. If passed, the bill could require certain U.S.

Read Post

Tripwire

Read more about New Bill Could Force U.S. Businesses to Report Data Breaches Quicker

Four steps for hardening Amazon EKS security

Jul 21, 2021 By Kamil Potrec In Snyk

In the first part of this blog series, we explored deploying Amazon EKS with Terraform, and looked at how to secure the initial RBAC implementation along with securing the Instance Metadata Service. In this second post, we’ll look at more best practices to harden Amazon EKS security, including the importance of dedicated continuous delivery IAM roles, multi-account architecture for Amazon EKS cluster isolation, and how to encrypt your secrets in the control plane.

Read Post

Snyk

Read more about Four steps for hardening Amazon EKS security

IT/OT Convergence or IT/OT Integration?

Jul 21, 2021 By Tripwire Guest Authors In Tripwire

IT/OT convergence is an oft-repeated term, and maybe it’s the wrong term. From a technology standpoint, IT/OT convergence has been occurring since at least the 1990s when HMI/Operator Stations began running on Windows and when Ethernet began displacing deterministic custom LAN protocols in the OT realm. This technology convergence has continued with networking, cybersecurity, virtualization, edge, zero trust, etc.

Read Post

Tripwire

Read more about IT/OT Convergence or IT/OT Integration?

What is Wireshark? The Free Network Sniffing Tool

Jul 21, 2021 By Edward Kost In UpGuard

Wireshark is a free open source tool that analyzes network traffic in real-time for Windows, Mac, Unix, and Linux systems. It captures data packets passing through a network interface (such as Ethernet, LAN, or SDRs) and translates that data into valuable information for IT professionals and cybersecurity teams. Wireshark is a type of packet sniffer (also known as a network protocol analyzer, protocol analyzer, and network analyzer).

Read Post

UpGuard

Read more about What is Wireshark? The Free Network Sniffing Tool

Teleport Demo

Jul 21, 2021 By Teleport In Teleport

Teleport enables engineers to quickly access any computing resource anywhere. A day in the life of Joe.

View Video

Teleport

Read more about Teleport Demo

Deep-dive into Open Policy Agent + Conftest + GateKeeper - Shimon Tolts & Noaa Barki

Jul 21, 2021 By JFrog In JFrog

Yalla! DevOps 2021 -- The first, in-person DevOps conference of the year! Driven by the DevOps community. All about the DevOps community. Deep-dive into Open Policy Agent + Conftest + GateKeeper: Kubernetes Policy in action In this session, we will do a deep-dive session into: Open Policy Agent, Conftest, and GateKeeper. We will show real-life use cases of how to use those technologies in production in order to configure and enforce a centralized policy for Kubernetes Shimon and Noaa will present both sides of the dev stack, DevOps and Developers.

View Video

JFrog

Read more about Deep-dive into Open Policy Agent + Conftest + GateKeeper - Shimon Tolts & Noaa Barki

What is a Right-to-Left Override Attack?

Jul 21, 2021 By Cybriant In Cybriant

The right-to-left override attack may be unassuming but incredibly malicious. Most people have heard about phishing attacks, but they think that opening a file with the ".txt" extension is harmless.

Read Post

Cybriant

Read more about What is a Right-to-Left Override Attack?

Compromising a Network Using an "Info" Level Finding

Jul 21, 2021 By Trustwave In Trustwave

Anyone who has ever read a vulnerability scan report will know that scanners often include a large number of findings they classify as "Info". Typically this is meant to convey general information about the target systems which does not pose any risk. Many people who read such reports will generally ignore all of the "Info" findings, and focus only on anything labeled "Critical" or "High". However, this can be dangerous for a number of reasons.

Read Post