%term

Whitesource and CircleCI Orbs: Secure your CI/CD Pipelines from Start to Finish

Apr 16, 2020 By Mend In Mend

Open source software components play an important role by providing us with the building blocks of our products. However, even as we enjoy the benefits of open source components, they are not without their challenges, especially when it comes to security vulnerabilities.

View Video

Mend

Read more about Whitesource and CircleCI Orbs: Secure your CI/CD Pipelines from Start to Finish

Performing Image Scanning on Admission Controller with OPA

Apr 16, 2020 By Víctor Jiménez In Sysdig

In this post we will talk about using image scanning on admission controller to scan your container images on-demand, right before your workloads are scheduled in the cluster. Ensuring that all the runtime workloads have been scanned and have no serious vulnerabilities is not an easy task. Let’s see how we can block any pod that doesn’t pass the scanning policies before it even runs in your cluster.

Read Post

Sysdig

Read more about Performing Image Scanning on Admission Controller with OPA

Detectify security updates for 16 April

Apr 16, 2020 By Detectify In Detectify

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

Read Post

Detectify

Read more about Detectify security updates for 16 April

Creating a BYOD Policies

Apr 16, 2020 By Appknox In Appknox

Employees are continually expected to be continuously accessible and to interact in today's work environment. If the corporation approves, workers will be using their personal computers for work. Rather of overlooking the inevitable, companies should establish and enforce a BYOD policy that safeguards the company and combines profitability with protection.

View Video

Appknox

Read more about Creating a BYOD Policies

The MITRE ATT&CK Framework: Privilege Escalation

Apr 16, 2020 By Travis Smith In Tripwire

Anyone who has had any experience on the offensive side of security has had fun with privilege escalation. There’s something exciting about exploiting a system to the point of getting root-level access. Since I have spent most of my time on the defensive side of the fence, the magic of escalating privileges rested in Exploiting for Privilege Escalation or stealing an administrator’s credentials.

Read Post

Tripwire

Read more about The MITRE ATT&CK Framework: Privilege Escalation

A Zoom zero-day exploit is up for sale for $500,000

Apr 16, 2020 By Graham Cluley In Tripwire

Millions of people have moved onto the Zoom video-conferencing platform as the coronavirus pandemic has forced them to work from their homes. According to Zoom’s own statistics, its daily usage has soared from approximately 10 million daily users in December to over 200 million today.

Read Post

Tripwire

Read more about A Zoom zero-day exploit is up for sale for $500,000

PCI Compliance for Containers and Kubernetes

Apr 16, 2020 By Sysdig In Sysdig

Attend our webinar about PCI compliance in containers & Kubernetes: Download our PCI Guide: More info in our blog: Many of your applications are now starting to run on containers in the cloud. If your applications are at all dealing with credit card data, you may be wondering how to validate PCI compliance, a well known regulation for handling this data securely. PCI is also a must have requirement to check off before your code gets to production.

View Video

Sysdig

Read more about PCI Compliance for Containers and Kubernetes

Open Source Analysis Extends Your Visibility

Apr 16, 2020 By Julie Peterson In Mend

When we think of open source analysis, security is often the first thing that comes to mind. But open source analysis is so much more than just security. It gives you visibility into your codebase to help you understand and manage your open source components. In this blog, we’ll define open source analysis, look at why it’s important to your business, and describe the characteristics of an effective open source analysis framework.

Read Post

Mend

Read more about Open Source Analysis Extends Your Visibility

Kubernetes Threat Intelligence: Detecting Domain Generation Algorithms (DGA)

Apr 16, 2020 By Tigera In Tigera

Malicious actors often use Domain Generation Algorithms (DGA) to exploit the DNS protocol and execute command-and-control (C & C) malware attacks. In this webinar, threat researchers Manoj Ajuhe and Chris Gong from Tigera’s Threat Detection Team will be sharing the latest insights into DGAs, the risks they present, along with best practices to speed detection and mitigation.

View Video

Tigera

Read more about Kubernetes Threat Intelligence: Detecting Domain Generation Algorithms (DGA)

The origin of Open Policy Agent and Rego

Apr 16, 2020 By Tim Hinrichs In Styra

Why the cloud-native architecture required a new policy language I recently started a new series on the Open Policy Agent (OPA) blog on why Rego, OPA’s policy language, looks and behaves the way it does. The blog post dives into the core design principles for Rego, why they’re important, and how they’ve influenced the language. I hope it will help OPA users better understand the language, so they can more easily jump into creating policy of their own.

Read Post