Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

How to Encrypt S3 Buckets Automatically with Torq

S3 buckets without encryption can leave sensitive data exposed and at risk. As a best practice and to meet a number of industry and governmental regulations, it’s important to ensure that S3 server side bucket encryption has been properly applied at all times. To do this, many security teams rely on their Cloud Posture Security Management (CSPM) platform and/or AWS GuardDuty to monitor their AWS resources and provide alerts when an S3 bucket is found unencrypted.

How secure is your Grafana instance? What you need to know

One of Grafana’s most powerful features is the ability to funnel data from hundreds of different data sources (i.e., services or databases) into a single dashboard without migrating the data from where it lives. You can connect and correlate data from Grafana’s curated observability stack for metrics, logs, and traces, or third-party services, such as Splunk, Elasticsearch, Github, Jira, and many more.

Malware Civil War - Malicious npm Packages Targeting Malware Authors

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 25 malicious packages in the npm repository that were picked up by our automated scanning tools.

How We Used Our Own Platform Capabilities to Prevent Log4j Attacks and Protect Customers

In December, information security researchers discovered a serious vulnerability in the popular open-source logging library, Log4j. If exploited, this vulnerability, known as Log4Shell, could allow malicious attackers to execute code remotely on any targeted computer. Millions of computers use Log4j. According to one study, 93% of all cloud environments are affected by the vulnerability.

Fran Villalba Segarra, Internxt: "We need an internet that respects the user"

With the introduction of Cloud computing services, let it be the Family photo sharing feature on iPhone or documents on Google Drive, sharing and keeping up-to-date information became easier than ever before. All Cloud-based products require no direct resource management from the user and ultimately create one of the most popular ways to store data whether you’re a scholar writing an essay or a new business owner trying to build an online shop

What is SSE vs SASE, and is SASE Dead?

Gartner introduced a new security architecture called Security Service Edge, or SSE, back in March 2021. Now finally, after a long wait, they’ve just published their first Magic Quadrant for SSE in February 2022. This begs the question, is SASE dead? To answer, we need to look at what is SSE vs SASE, and what are the challenges SSE addresses. For easy reference, Gartner created the following SSE definition.

How to secure your CI pipeline

Many enterprises still struggle to get security right. To protect their business, it is critical they focus on security during the entire infrastructure and application lifecycle, including continuous integration (CI). Developers are becoming more autonomous as they transition to a DevOps way of working, with more people requiring access to production systems.