Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Continuous dependency updates: Improving processes by front-loading pain
This is a story of bringing the pain forward, begging forgiveness, and continuous improvement. In the early days of Manifold — long before we joined Snyk — we were building an independent marketplace for developer services (like databases or transactional email senders). The structure of our code was typical: we had a React frontend app, and a collection of Go microservices talking to a database. A typical structure meant we had typical problems, too.
The biggest cyber risks for healthcare providers and how to tackle these security threats.
Security threats in healthcare relate to the safety of the clinical and administrative information systems of hospitals and healthcare service providers. Increasing cyber attacks on healthcare organisations in the last few years have been faster than the improvements in healthcare security practices. In this article, we discuss the cyber security threats and vulnerabilities of hospitals and healthcare providers, followed by best security practices aimed at improving security posture.
Detecting and Mitigating CVE-2021-25737: EndpointSlice validation enables host network hijack
The CVE-2021-25737 low-level vulnerability has been found in Kubernetes kube-apiserver where an authorized user could redirect pod traffic to private networks on a Node. The kube-apiserver affected are: By exploiting the vulnerability, adversaries could be able to redirect pod traffic even though Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range.
Securing the new AWS App Runner service
In its mission to simplify building and running cloud-native applications for users, Amazon has announced the GA of AWS App Runner, a new purpose-built container application service. With security top of mind for most organizations shifting to the cloud, Sysdig has collaborated with AWS to enable threat detection for the new platform.
OWASP Top 10: Insufficient Logging & Monitoring Security Vulnerability Practical Overview
Insufficient Logging and Monitoring differs somewhat from the previous 9 risks. While it cannot lead to a direct intrusion, this risk is that you fail to detect the intrusion in a timely manner, a failure that can cost millions.
OWASP Top 10 in 2021: Security Logging and Monitoring Failures Practical Overview
Security Logging and Monitoring Failures is #9 in the current OWASP top Ten Most Critical Web Application Security Risks.
EventSentry
EventSentry is an award-winning Hybrid SIEM which features real-time log, system health and network monitoring to proactively monitor networks and preemptively respond to threats.
DigitalOcean vs Linode
Chances are, if you’re shopping for a virtual private server, you already understand why they’re useful for web developers, app designers and everyone in between. You also probably know that the surge in popularity of hourly pricing means you can try most of the big players in this space for yourself for the cost of one Bazooka Joe comic (not even the gum, just the comic).
Veracode and Finite State Partner to Address Connected Device Security
Over the past decade, we have seen the rapid adoption and expansion of connected devices and embedded systems among businesses. This includes anything from the Internet of Things (IoT) to connected medical devices, building systems, Industrial Control Systems (ICS), and other devices that power our lives and our infrastructure.
Activeboard widgets - Defining query bounds
Devo Activeboards provide valuable visual insights from large amounts of data. With so much data available, it is sometimes desirable to hone in on specific data points or periods of data that may be particularly relevant. See how to achieve this by modifying the query supplying the Activeboard widgets.