Operations | Monitoring | ITSM | DevOps | Cloud

Yesterday, Jan. 14, 2020, on the first “patch tuesday” of the year, Microsoft released patches for critical vulnerabilities in Microsoft Windows client and server operating systems.

In this blog post, you will learn how to setup image scanning with Github Actions using Sysdig Secure DevOps Platform. We will create a basic workflow to perform a local scan to detect vulnerabilities and bad practices before the image is pushed to any registry. We will also customize scanning policies to stop the build according to a set of defined rules.

In the previous post, we covered some of the frameworks accessible by kernel extensions that provide information about file system, process, and network events. These frameworks included the Mandatory Access Control Framework, the KAuth framework, and the IP/socket filter frameworks. In this post, we will go into the various tips and tricks that can be used in order to obtain even more information regarding system events.

This year at BSidesDFW, my local security conference, I highlighted a continuing trend of adversaries using open source offensive tools. The talk reviewed one of these post-exploitation frameworks named Koadic and walked through different ways defenders can build behavioral detections through the use of Event Query Language (EQL).

Tomcat servers are widely used application servers for today’s development architectures, popular for hosting Java based applications. Below is a guide on best security practices for security your Tomcat Server environment. Banner grabbing is the process of gaining information from computer systems including services, open ports, version, etc. When sending a server host request via telnet command, you pass along the server name, port, and version.

Last month, we ran a webinar on role-based access control (RBAC) in Sensu Go. In this post, we’ll capture some of the key points from the presentation and show you how RBAC can help you lock down access for increased security and team efficiency.

During research into Magecart attacks, I recently uncovered malicious code from two hacking groups attempting to steal credit card information on the European e-commerce websites for the science-backed skincare brand Perricone MD (affecting perriconemd.co.uk, perriconemd.it and perriconemd.de). Founded by U.S. celebrity dermatologist Nicholas Perricone, the company generated sales of $86 million in 2014 and are looking to fetch more than $200 million in a rumoured upcoming sale.

In part 1 of the GitOps blog series, we discussed the value of using GitOps for Calico policies, and how to roll out such a framework. In this second part of the series, we will expand the scope to include decentralized deployment and GitOps.

When it comes to having visibility and detecting threats on macOS, one of the best sources of information for file system events, process events, and network events is the kernel. MacOS kernel extensions provide the ability to receive data about these events in real time with great detail. This is good for providing quick visibility into detecting anomalies and identifying possible threats.