Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

detectify

How tech managers can make sure security isn't left off the list this holiday season

Dec 15, 2021 By Detectify In Detectify

The holidays are coming up quickly and while many of us are looking forward to getting some human downtime (not technical), some may be feeling the pressure and some stress to make sure everything that needs to be done by the end of the year is in fact done by then, especially with the ongoing log4j aka log4shell security fires happening.

Read Post
1Password

Small Talk: security considerations for your startup

Dec 15, 2021 By Andrew Zangre In 1Password

As a startup, you might have branded swag well before a cybersecurity strategy. And it’s not hard to understand why. Printing stickers is easy. Knowing where to start with security – the who, what, how, and why – can feel a bit more daunting. But it doesn’t have to, and is far more important to your company’s future.

Read Post
Snyk

Log4Shell in a nutshell (for non-developers & non-Java developers)

Dec 15, 2021 By Micah Silverman In Snyk

If you’re in tech at all, you’ve likely heard of the Log4Shell exploit taking over the Intertubes. If you’re not a Java developer (or developer of any sort), you may be left scratching your head as to just what’s going on. This post is split into two parts: an explanation of Log4Shell for non-developers and an overview of the Log4Shell vulnerability for non-Java developers.

Read Post
sysdig

Exploiting, Mitigating, and Detecting CVE-2021-44228: Log4j Remote Code Execution (RCE)

Dec 15, 2021 By Stefano Chierici In Sysdig

A new critical vulnerability has been found in log4j, a widely-used open-source utility used to generate logs inside java applications. The vulnerability CVE-2021-44228, also known as Log4Shell, permits a Remote Code Execution (RCE) allowing the attackers to execute arbitrary code on the host. The log4j utility is popular and used by a huge number of applications and companies, including the famous game Minecraft.

Read Post

Log4Shell: What You Need to Know About the Log4j Vulnerability

Dec 15, 2021 By Snyk In Snyk
A new critical vulnerability, Log4Shell, was publicly disclosed on December 10th and is making global headlines. It impacts a wide amount of applications on the internet, allowing attackers to remotely execute code within vulnerable applications worldwide. In this webinar recording, Snyk technical experts provide an in-depth technical review of the Log4Shell vulnerability, what caused it, how it can be exploited, and most importantly, how it can be mitigated through upgrades, or defended against in WAF configurations and more. We cover.
View Video
SecurityScorecard

7 Security Operations Center (SOC) Best Practices for Analysts

Dec 15, 2021 By SecurityScorecard In SecurityScorecard

Security ratings are becoming a crucial component of every security operations center (SOC). Security analysts must learn how to read, analyze and report security ratings to the CISO effectively in order to help build an enterprise-wide culture of security. Here we outline how analysts can develop a successful security operations center that leverages ratings to evaluate and mitigate cyber risk.

Read Post
Arctic Wolf

Survey Underscores Challenges Companies Face in Managing Vulnerabilities

Dec 15, 2021 By Arctic Wolf In Arctic Wolf
Vulnerability management remains a struggle for many companies and is still only an aspiration for many others. But with digital and cloud transformation rewriting the way many firms do business, the attack surface keeps expanding and becomes more difficult for organizations to protect their environments from growing threats.
Read Post

Fireside Chat: Log4j and Injection Flaws

Dec 15, 2021 By Snyk In Snyk
Join us for a fireside chat with Micah Silverman, Snyk's Director of DevSecOps Acceleration, and Vandana Verma, Security Relations Leader at Snyk, as we answer your #Log4Shell questions: What is it and how does it affect us? How do I find and fix the #Log4J vulnerability? What can other language ecosystems learn from this? We'll also talk about the OWASP Top 10 and injection flaws.
View Video

Information Security Controls | Different Types and Purpose Explained

Dec 15, 2021 By Cyphere In Cyphere
Information security controls are a critical aspect of information technology and an integral part of safeguarding your company’s data. This video provides an overview of the types and purposes of different security controls, including firewalls, intrusion detection systems (IDS), and encryption.
View Video
detectify

Press information: Crowdsource hacker first to find Zero-Day CVE-2021-43798 in Grafana

Dec 15, 2021 By Detectify In Detectify

The vulnerability, dubbed CVE-2021-43798 impacted the Grafana dashboard, which is used by companies around the world to monitor and aggregate logs and other parameters from across their local or remote networks. The privately reported bug became a leaked zero-day but was first spotted by Detectify Crowdsource hacker Jordy Versmissen on December 2, after which Grafana was notified by Detectify about the bug.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.