Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Kubernetes Quick Hits: SecurityContext and why not to run as root

Apr 15, 2021 By Snyk In Snyk
In this, the first of our series of our Kubernetes Quick Hits videos, Eric Smalling–Sr. In less than five minutes, you understand why you need to *not* run your containers as root and what to do about it if you are. Snyk helps software-driven businesses develop fast and stay secure. In addition to container security scans, Snyk can continuously monitor to find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
View Video

Secure Coding with IntelliJ

Apr 15, 2021 By Snyk In Snyk
How can I do security in IntelliJ? Is there a security code scanner for IntelliJ? How can I test for security in Java? Is there a Snyk plug-in for IntelliJ? Make sure to subscribe so you don't miss new content! We know that IntelliJ IDEA is the most favorite and commonly used IDE in the Java landscape and a lot of developers practically live in their integrated development environment (IDE). A good IDE is like a swiss army knife; it is your go-to tool to do almost everything. Let’s see how we can integrate security and secure development into IntelliJ IDEA using this new Snyk plugin.
View Video
teleport

What I Wish I Knew About U2F and Other Hardware MFA Protocols

Apr 15, 2021 By Andrew Lytvynov In Teleport

Teleport has supported multi-factor authentication (MFA) for a while now, via Authenticator Apps (TOTP) and Hardware Tokens (U2F) such as YubiKeys. But this support was pretty limited: you could only choose one MFA protocol and users could only register one device. If a user lost their device, they would be locked out and need an account reset by the administrator. So, for Teleport 6.0, we’ve reimplemented the MFA support to make it more flexible.

Read Post
lookout

The Zero Trust lesson behind mobile phishing against Australian officials

Apr 15, 2021 By Hank Schless In Lookout

Australia recently confirmed that a series of mobile phishing attacks were successfully executed on senior officials. According to The Sydney Morning Herald, the targets – which included Australia’s finance minister, health minister and ambassador to the U.S. – were sent messages asking them to validate new WhatsApp or Telegram accounts.

Read Post
tripwire

White House launches plan to protect US critical infrastructure against cyber attacks

Apr 15, 2021 By Graham Cluley In Tripwire

The White House is reportedly moving swiftly forward with a plan to harden the security of the US power grid against hacking attacks. According to Bloomberg, the Biden administration has a plan to dramatically improve how power utilities defend themselves against attacks from countries considered to be adversaries in cyberspace – such as Russia, Iran, North Korea, and China.

Read Post
tripwire

A quick round up of privacy highlights for Q1 of 2021

Apr 15, 2021 By Tripwire Guest Authors In Tripwire

As expected, the start of 2021 has seen unprecedented movement in the U.S. with 22 states introducing comprehensive privacy legislation and even more introducing specific-use legislation. To date, hundreds of privacy bills were introduced across the states; to give some perspective, more than 50 privacy bills were introduced in New York alone. Undoubtedly a hot topic, it seemed anyone with an idea for a privacy bill put it in writing and introduced it to their legislature.

Read Post
chaossearch

6 Data Cleansing Strategies For Your Organization

Apr 15, 2021 By Dave Armlin In ChaosSearch
The success of data-driven initiatives for enterprise organizations depends largely on the quality of data available for analysis. This axiom can be summarized simply as garbage in, garbage out: low-quality data that is inaccurate, inconsistent, or incomplete often results in low-validity data analytics that can lead to poor business decision-making.
Read Post
datadog

Detect anomalous activity in your environment with new term-based Detection Rules

Apr 14, 2021 By Justin Massey In Datadog

When it comes to securing your production environment, it’s essential that your security teams are able to detect any suspicious activity before it becomes a more serious threat. While detecting clear-cut attacker techniques is essential, being able to spot unknowns is vital for full security coverage.

Read Post
alienvault

Phishing towards failed trust

Apr 14, 2021 By Bob Covello In AT&T Cybersecurity

Phishing exercises are an important tool towards promoting security awareness in an organization. Phishing is effective, simply because it works. However, any social engineer can devise a marvelously deceptive message with an irresistible link that only the most tech-savvy person would spot as a phishing test. Sometimes, the phish can be sent at a time of day that catches the recipient off-guard, which causes a person to click the malicious link.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.