Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

What is the Log4j 2 Vulnerability?

Over the last few days, there have been a tremendous amount of posts about the Log4j 2 vulnerability, with Wired going so far as claiming that, “the internet is on fire.” Tl;dr: LogDNA is not exposed to risk from the Log4Shell vulnerability in Log4j 2 at this time. If that’s all you came for, you can stop reading here. If you want to learn more about the vulnerability and how LogDNA protects you from risks like these, grab a cup of coffee and read on.

CFEngine 3.19 released - Collaboration

Today, we are pleased to announce the release of CFEngine 3.19.0! In 2021, for this release, and the launch of CFEngine Build, our focus has been on collaboration. We want to deliver a lot of value to our users through modules, and enable you to share and cooperate on policy, promise types, compliance reports, etc.

Cloudsmith is ISO27001:2013 Certified

When planning our 2021 roadmap this time last year, one of the most prominent themes was security. Although we’re not solely in the security category, as a fully managed service in the heart of our customers’ software supply chains, it was always paramount for what we do and still is. Ensuring the integrity and privacy of customer data is our top priority.

Static checking of CFEngine code

Software quality has been a topic and an area of interest since the dawn of software itself. And as software evolved so did the techniques and approaches to assuring its high quality. Better computers providing more computing power, bigger storage and faster communication have allowed software developers to detect issues in their code sooner and faster.

Getting the Memo: Breaking Down the OMB's M-21-31

If you read my last blog post, you’re already ahead of the game. You know that in May of 2021, the Biden Administration announced Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, which mandates each federal agency to adapt to today’s continuously changing threat environment. Well, folks, the saga continues.

Secure HashiCorp Vault with Datadog Cloud SIEM

HashiCorp Vault provides centralized storage and management of passwords, API keys, tokens, and other secrets that distributed applications can use to operate securely. Vault clients—services and applications that access secrets programmatically, as well as users who interact with a Vault server—can create, update, and read secrets based on the permissions you grant them.

Helping You Benefit from our Pluggable eBPF Data Plane - Introducing the New Calico eBPF Data Plane Certification

Calico is the industry standard for Kubernetes networking and security. It offers a proven platform for your workloads across a huge range of environments, including cloud, hybrid, and on-premises. Calico has had a high-quality, production-ready, performant, eBPF data plane option for some time! However, although many users are deploying it in production and benefitting, we still sometimes see users who don’t know that Calico has an eBPF data plane or feel confident deploying it, and.

Malicious npm Packages Are After Your Discord Tokens - 17 New Packages Disclosed

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 11 malicious packages in the PyPI repository, a discovery that shows attacks are getting more sophisticated in their approach.

On AI Adoption, IT Teams Lag Far Behind Security Teams. AIOps Can Help

Security operations teams and IT operations teams share a lot in common. They have both spent the past decade grappling with systems that grow more complex every year and figuring out ways to handle ever-larger volumes of data. They also both face pressure to identify and remediate problems as quickly as possible – ideally, in real time. And they are supposed to do it all without breaking the bank.