Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Anatomy of a Supply Chain Attack Detection and Response

In today's world of global supply chains, a breach never stops at a supplier level but cascades all the way up the chain. So being able to detect and stop a supply chain attack at an early stage before an attacker exfiltrates confidential company data or damages company operations and reputation is critical to your organization's survival. Luckily, hackers always leave a trace, so proper detection can help you stop breaches at an early stage before hackers achieve their goals.
Sponsored Post

How much could software errors be costing your company?

Errors are an inevitable part of building software. But while you can't eradicate them, you can definitely mitigate them. If you don't measure, track or resolve errors, you're ignoring a loss in revenue. It's time to pay attention to how much software errors are costing your company and take action, catching them early with methods like smarter testing and crash reporting. Using a few industry averages, you can put a number to the real cost of software errors in your company and start to plug cash leaks like wasted developer time and lost customers.

Follina Zero-Day Vulnerability: Overview and Alert Upon Detection for CVE-2022-30190

On May 27, 2022, an interesting Microsoft Word doc was uploaded to VirusTotal by an independent security research team called nao_sec. The Word doc contains built-in code that calls an HTML file from a remote source that in-turn executes more (malicious) code and Microsoft Defender for Endpoint misses detection. Two days later, May 29, Kevin Beaumont publishes an article describing the behavior of this Word doc, and deems this a new 0-day vulnerability in Office/Windows products.

What's new in Calico Enterprise 3.14: WAF, Calico CNI on AKS, and support for RKE2

At Tigera, we strive to innovate at every opportunity thrown at us and deliver what you need! We have listened to what users ask and today we are excited to announce the early preview of Calico Enterprise 3.14. From new capabilities to product supportability and extending partnerships with our trusted partners, let’s take a look at some of the new features in this release.

Kubernetes Security 101 For Developers - More Than Locking You Out Of Kubectl

Security can certainly be a broad brush topic. As a software engineer, you design and build to the best of your ability. In delivery methodologies of years gone by, sometimes security can be viewed as an afterthought e.g running security testing last before deploying. Today with the DevSecOps movement, one more set of concerns moves left towards the developer which is now security.

Puppet and Government: DevSecOps in government environments

This blog is the second in a four-part series about how Puppet can help government agencies meet compliance and security requirements. Read the first post here. Zero Trust is a strategy created to combat system intrusions through a “never trust, always verify” model. DevSecOps is a collaborative software development strategy that integrates development, security, and operations practices into a continuously evolving lifecycle.

Auditing Capabilities in IT Monitoring Tools for Security and Compliance

It is critical that access to any configuration changes or management actions made to monitoring platforms are logged and traceably audited. In this article, I will help you learn how to discover the auditing capabilities in IT monitoring tools. You will learn how to audit and manage the monitoring platform itself and make sure that it is being used appropriately.

Sponsored Post

4 Database Access-Control Methods to Automate

Regardless of which role a person has in an organization, they will always need access to one or more databases to be able to perform the functions of their job. Whether that person is a cashier at McDonald's or a technical account manager supporting a Fortune 500 company, data entry and retrieval is core to the services they provide.

48,285+ Vulnerabilities Beyond the NVD: An Ivanti Research Update

Organizations cannot rely on a single source of data on which to base their entire cybersecurity strategy – particularly their vulnerability management programs. Case in point: The National Vulnerability Database, or NVD. This publicly available database of known vulnerabilities covers an enormous array of all the different vulnerabilities that currently affect applications, software and hardware applications.