Operations | Monitoring | ITSM | DevOps | Cloud

On January 26th, 2021, Qualys reported that many versions of SUDO (1.8.2 to 1.8.31p2 and 1.9.0 to 1.9.5p1) are vulnerable (CVE-2021-3156) to a buffer overflow attack dubbed Baron Samedit that can result in privilege escalations. Qualys was able to use this vulnerability to gain root on at least Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2), some of the most modern and widely used Linux operating systems.

SAN FRANCISCO — January 28, 2021 — InfluxData, creator of the time series database InfluxDB, today announced it has achieved Service Organization Control (SOC) 2 Type II compliance for InfluxDB Cloud, the fully managed and serverless time series platform. The certification demonstrates InfluxData’s ability to implement critical security policies and prove compliance over an extended period.

At InfluxData, we focus on our customers’ productivity — time to awesome, as we call it. Usually this is about product capabilities — InfluxDB’s features, speed, scalability, etc. But for some, your project will grow in size to the point where you need to purchase InfluxDB. And in some cases, you’ll need your compliance and/or security teams to sign off on the purchase.

As government agencies accelerate migrating their operations to the cloud, they need to adhere to strict compliance and security standards. The Federal Risk and Authorization Management Program (FedRAMP) provides the standard that these agencies—and their private-sector partners—must meet to work and manage federal data safely in the cloud.

Welcome to another monthly update on what’s new from Sysdig. Our team continues to work hard to bring great new features to all of our customers, automatically and for free!

Are you struggling to keep up with manual compliance across your infrastructure? In this 25-minute episode of the Pulling the Strings podcast, powered by Puppet, learn how Puppet Comply makes automating your configuration compliance easy -- with full view dashboards and the ability to assess, remediate and enforce all through the Puppet Enterprise solution. Listen in and discover:

Cloud environments are susceptible to security issues. A big contributor is misconfigured resources. Misconfigured S3 buckets are one example of a security risk that could expose your organization’s sensitive data to bad actors. Policies and regular enforcement of best practices are key to reducing this security risk. However, manually checking and enforcing security is time-consuming and can fall behind with all the demands a busy DevOps team faces every day.

When performing critical security investigations and threat hunts using Elastic Security, the Timeline feature is always by your side as a workspace for investigations and threat hunting. Drilling down into an event is as simple as dragging and dropping to create the query you need to investigate an alert or event.

Digital business transformation requires a fast-moving, collaborative culture. As companies on this fast track focus on innovation and speed to market, they inherently introduce more risk from the inside. Furthermore, in 2020, remote work became the norm, requiring increased adoption of cloud collaboration technologies. This shift caused a sudden acceleration of insider risk like we’ve never seen before.