Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Chimera: Painless OAuth for Plugin Frameworks

Plugins can help teams unlock the full potential of Mattermost, but they aren’t always ready to go out of the box. Learn how Chimera streamlines plugin configuration via an OAuth2 Proxy. One of the best aspects of any software offered in the Cloud is the ability to start using it in just a matter of minutes. The same is true for the Mattermost Cloud offering.

Identity Access Management (IAM) Automation - Intro to Torq Webinar

Security teams are struggling to keep up with the increasing number of attack surfaces and the demands on remediating those attack surfaces in real-time. Security automation is the key to unlocking your security team’s productive potential, but traditional SOAR platforms (Security Orchestration, Automation, and Response) are complex and can take months of development to implement your first automation response sequence.

Introducing bodies with custom promise types

Last year we had a look at managing local groups with the custom groups promise type. As you may or may not recall, we used JSON-strings to imitate CFEngine bodies. This was due to the fact that the promise module protocol did not support bodies at that time. Today, on the other hand, we’re happy to announce that as of CFEngine 3.20, this will no longer be the case. In this blog post we’ll introduce the long awaited feature; custom bodies.

The Observability Lake: Total Recall of an Organization's Observability and Security Data

Enterprises are dealing with a deluge of observability data for both IT and security. Worldwide, data is increasing at a 23% CAGR, per IDC. In 5 years, organizations will be dealing with nearly three times the amount of data they have today. There is a fundamental tension between enterprise budgets, growing significantly less than 23% a year, and the staggering growth of data.

CVE-2021-44142: Critical Samba Vulnerability Allows Remote Code Execution

Recently, a critical out-of-bounds vulnerability, assigned to CVE-2021-44142, was disclosed in Samba versions prior to 4.13.17. The Samba vulnerability carries a critical CVSS of 9.9 and allows attackers to remotely execute code on machines running a Samba server with a vulnerable configuration. The vulnerability was disclosed as part of the Pwn2Own Austin competition where researchers are challenged to exploit widely-used software and devices with unknown vulnerabilities.

What is a Supply Chain Attack (and What Can You Do About It)?

Any cybersecurity breach is damaging to individual companies. But when it becomes a supply chain attack, the results can be chaotic and widespread. While most businesses overlook the dangers of supply chain cyber attacks, hackers have not. Malicious actors are continuously looking for, and finding, new ways to invade company networks. With these looming threats, companies must know how to prevent supply chain attacks and find new means of securing against cybersecurity breaches.

Five Ways To Reduce Your Cloud Security Blast Radius

It takes only a glance at the daily headlines to see that cybercriminals are using increasingly sophisticated methods to breach cloud defenses and access sensitive data. The complexity of cloud frameworks makes it extraordinarily difficult to detect nefarious activities. In many cases, attackers lurk in systems for weeks or months before pulling the trigger.

Introducing Datadog Application Security

Securing modern-day production systems is expensive and complex. Teams often need to implement extensive measures, such as secure coding practices, security testing, periodic vulnerability scans and penetration tests, and protections at the network edge. Even when organizations have the resources to deploy these solutions, they still struggle to keep pace with software teams, especially as they accelerate their release cycles and migrate to distributed systems and microservices.

CFEngine bootstrap with Ansible

CFEngine and Ansible are two complementary infrastructure management tools. Findings from our analysis show that they can be combined and used side by side with joint forces to handle all areas in the best possible way. Part of infrastructure management is hosts deployment, either when building a brand new infrastructure or when growing one by adding new hosts.