Operations | Monitoring | ITSM | DevOps | Cloud

Vulnerability

Understanding Zero-Day Vulnerabilities in Software Supply Chain

Nov 15, 2023 By Cloudsmith In Cloudsmith
A Node.js module with nearly two million downloads a week was compromised after the library was injected with malicious code programmed to steal bitcoins in wallet apps. Join us as we delve into a real-world zero-day supply chain attack. Understand the response that followed, and how attacks like this can be mitigated. Learn from David Gonzalez, Principal Engineer at Cloudsmith and Member of the Node.js security working group, as he walks us through the incident.
View Video
gremlin

Treat reliability risks like security vulnerabilities by scanning and testing for them

Nov 13, 2023 By Gavin Cahill In Gremlin

Finding, prioritizing, and mitigating security vulnerabilities is an essential part of running software. We’ve all recognized that vulnerabilities exist and that new ones are introduced on a regular basis, so we make sure that we check for and remediate them on a regular basis. Even if the code passed all the security checks before being deployed, you still perform regular security tests to make sure everything’s secure.

Read Post
NinjaOne

Zero-Day Vulnerabilities: How to Address and Mitigate Them

Nov 10, 2023 By Lauren Ballejos In NinjaOne

No internet-connected code is truly secure. Today’s development process is deeply iterative, and this ever-shifting landscape of code can sometimes expose critical vulnerabilities. When these flaws are discovered by attackers first, zero-day exploits threaten not just your own integrity – but that of business partners and team members across the organization.

Read Post
NinjaOne

What Is a Vulnerability Assessment & Why Is It Important?

Nov 9, 2023 By NinjaOne In NinjaOne

While cloud computing has ushered in a new era of connectivity and convenience, it has also exposed organizations to a myriad of vulnerabilities. Cyberattacks, data breaches, and security incidents have become all too common, leaving no room for complacency. The need for proactive cybersecurity measures has never been greater. It's in this context that vulnerability assessments play a vital role in safeguarding organizations against malicious threat actors.

Read Post
canonical

Zenbleed vulnerability fix for Ubuntu

Oct 3, 2023 By Lech Sandecki In Canonical
On 24 July 2023, security researchers from Google’s Information Security Engineering team disclosed a hardware vulnerability affecting AMD’s Zen 2 family of microprocessors. They dubbed this vulnerability “Zenbleed” (CVE-2023-20593), evoking memories of previous vulnerabilities like HeartBleed and hinting at its possible impact.
Read Post
websitepulse

Small Business Cybersecurity: Uncovering the Vulnerabilities That Make Them Prime Targets

Sep 29, 2023 By Simon Rodgers In WebSitePulse

According to a 2021 report by Verizon, almost half of all cyberattacks target businesses with under 1,000 employees. This figure is steadily rising as small businesses seem to be an easy target for cybercriminals. 61% of SMBs (small and medium-sized businesses) were targeted in 2021. But why are small businesses highly vulnerable to cyberattacks? We are looking into where the vulnerabilities are and what small businesses can do to protect themselves.

Read Post
graylog

An Introduction to the OWASP API Security Top 10

Sep 7, 2023 By Jeff Darrington In Graylog
If you ever watched Stargate, then you have some understanding of how application programming interfaces (APIs) work. While APIs don’t give you the ability to traverse the galaxy using an alien wormhole, they do act as digital portals that allow data to travel between applications. However, as sensitive data moves from one application to another, each API becomes a potential access point that threat actors can exploit.
Read Post

This VideoGame Vulnerability was a Huge Headache: Unpacking Log4j Ep.22 | Security Insights Podcast

Aug 10, 2023 By Ivanti In Ivanti
Ivanti finds, heals, and protects every device, everywhere – automatically. Whether your team is down the hall or spread around the globe, Ivanti makes it easy and secure for them to do what they do best. Ivanti is IT for the way we work now. Integrated solutions for everything IT touches. So, employees can work better, anywhere, and everywhere.
View Video
solarwinds

Common API Vulnerabilities and How to Secure Them

Aug 7, 2023 By Papertrail Team In SolarWinds
Application programming interfaces (APIs) have become a critical part of almost every business. APIs are responsible for transferring information between systems within a company or to external companies. For example, when you log in to a website like Google or Facebook, an API processes your login credentials to verify they are correct.
Read Post
onpage

The DevSecOps Toolchain: Vulnerability Scanning, Security as Code, DAST & More

Jul 28, 2023 By Gilad Maayan In OnPage

DevSecOps is a philosophy that integrates security practices within the DevOps process. DevSecOps involves creating a ‘security as code’ culture with ongoing, flexible collaboration between release engineers and security teams. The main aim of DevSecOps is to make everyone accountable for security in the process of delivering high-quality, secure applications. This culture promotes shorter, more controlled iterations, making it easier to spot code defects and tackle security issues.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.