Vulnerability

Outpost24 webinar - Securing DevOps in Cloud Environments

The Covid-19 crisis has wreaked havoc on software development, with businesses being forced to adapt and ensure DevOps can carry on to the same production levels and speed as before. As IT and development infrastructure move to the public cloud at an unprecedented rate, the shared responsibility of cloud can create severe security challenges in terms of visibility, control and compliance.

Outpost24 webinar - Risk based vulnerability management: What's in a risk score?

In this webinar we’ll provide expert insights into the limitation of CVSS and what goes into a vulnerability risk score, including vendor by vendor and what we look at to determine the risk of a vulnerability to help security managers prioritize and make better informed decisions for remediation. We will identify the benefits of a risk-based approach, highlighting how this can make vulnerabilities more manageable and streamlining remediation through automation and orchestration.

Outpost24 webinar - Cloud security controls best practice

Watch our recorded webinar to discover the critical cloud security controls when migrating to IaaS and PaaS, plus how to build a rich cloud transformation experience and deliver long term operational benefits. As we strive to have greater controls on cloud risk, how can we spend our time more efficiently to focus on what we don’t own and building a more robust cloud operating model? Cloud Security remains a big challenge and whilst the Cloud Security Alliance (CSA) is celebrating its 11th anniversary in 2020 are we any closer to fully understanding the techniques to ensure complete cloud security coverage.
sqreen

A vulnerability in Sqreen: the attacker's point of view

When Charles reached out to me to disclose this issue, we reacted with one goal in mind: protecting our customers. As such, we built a disclosure schedule and reported the issue privately to our impacted users. After a month, we officially created the CVE and shared details about how we fixed this issue in this article.

tripwire

N-Day Vulnerabilities: How They Threaten Your ICS Systems' Security

In the last quarter of 2019, researchers at ClearSky uncovered an attack operation that they dubbed the “Fox Kitten Campaign.” Iranian actors used this offensive to gain persistent access into the networks of dozens of companies operating in Israel and around the world across the IT, telecommunication, oil and gas, aviation, government and security sectors. These individuals were successful in their efforts because they employed a variety of attack vectors.

saltstack

Active SaltStack CVE Announced 10/30/20

Three related critical vulnerabilities have been discovered in Salt versions 3002 and earlier. Two of these vulnerabilities are expected to be rated as high/critical and the other is expected to be low based on the Common Vulnerability Scoring System (CVSS). Once SaltStack became aware of the vulnerabilities, we quickly took actions to remediate them. We are preparing a CVE release to be available on Tuesday, November 3rd at 10:00 MST.