Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

teleport

Why Energy Infrastructure is National Security and How to Protect It

Dec 23, 2021 By Joseph Rodriguez In Teleport

I am writing this from my home office in Texas. Texas isn’t just my home. It is the home of the best brisket on the planet, some of the most iconic high tech brands in the world, and energy production that powers the global economy. In the morning, I might meet with one of the fastest growing SaaS companies in the country about achieving the rigorous FedRAMP certification so they can sell to federal agencies.

Read Post

How Black Duck Addresses the Log4j Zero-Day Open Source Vulnerability

Dec 23, 2021 By Synopsys In Synopsys
Synopsys experts will demonstrate how to use Black Duck to quickly discover and remediate open source security vulnerabilities like Log4j. Black Duck Software Composition Analysis (SCA) not only helps you address open source risk, but enables you to stay ahead of the next zero-day open source vulnerability with robust scanning, detailed and actionable security information and continuous monitoring and alerting.
View Video
tripwire

Europol IOCTA 2021 Report: The Key Takeaways

Dec 23, 2021 By Tripwire Guest Authors In Tripwire

Europol, the European Union’s law enforcement agency, recently published the 2021 Internet Organized Crime Threat Assessment (IOCTA) report. The report, which is Europol’s flagship strategic product that provides a law enforcement focused assessment of evolving threats and key developments in the area of cybercrime, highlights the expansion of the cyber threat landscape due to the impact of the COVID-19 pandemic and accelerated digitization.

Read Post
tripwire

Fulfilling Security Requirements for the Transportation Sector

Dec 23, 2021 By Ben Jackman In Tripwire

Protecting our critical infrastructure against the threat of ransomware remains a top priority for both the private sector and the federal government. In fact, a recent survey from Tripwire found that security professionals in both sectors still identify ransomware as a top security concern. More than half (53%) of respondents in that study said they were most concerned about ransomware, for instance.

Read Post
tigera

How network security policies can protect your environment from future vulnerabilities like Log4j

Dec 23, 2021 By Reza Ramezanpour In Tigera

If you have access to the internet, it’s likely that you have already heard of the critical vulnerability in the Log4j library. A zero-day vulnerability in the Java library Log4j, with the assigned CVE code of CVE-2021-44228, has been disclosed by Chen Zhaojun, a security researcher in the Alibaba Cloud Security team. It’s got people worried—and with good reason.

Read Post
devo

Devo's 2022 Cybersecurity Predictions: Part Two

Dec 23, 2021 By Sebastien Tricaud In Devo

In part one of our 2022 cybersecurity predictions series, Devo CSO Gunter Ollmann explained the rise of XDR, the detection-as-code and response-as-code movement, and the growing interest in security tools with built-in, on-demand expertise. In this second installment of our series, I share my take on how the cybersecurity landscape will evolve. Let’s dive into it.

Read Post
jfrog

Catching Log4j in the Wild: Find, Fix and Fortify

Dec 23, 2021 By Gianni Truzzi In JFrog

At many organizations, the surprise discovery that the widely used Apache log4j open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. “For cybercriminals this is Christmas come early,” explained Theresa Payton, former White House CIO and current CEO of Fortalice Solutions.

Read Post

Snyk Log4Shell Stranger Danger Live Hack

Dec 22, 2021 By Snyk In Snyk
In this recorded session, we present a live hack webinar on the Log4Shell exploit. We give a brief overview of the vulnerability and dive right into some examples of the exploit in action. We then show several real-world remediation approaches as well as other fixes outside code. We give a final round of fun demos, including container and IaC hacks as well as Java-based game hacks. We wrap up with a great list of takeaway resources and answer your questions.
View Video

Snyk Code Hands-on Workshop

Dec 22, 2021 By Snyk In Snyk
Snyk Code is developer-first: embedding SAST as part of the development process, enabling developers to build software securely during development, and not trying to find and fix problems after the code is compiled. Snyk Code works in the IDEs and SCMs developers use to build and review software and provides fast, actionable, meaningful results to fix issues in real-time.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.