Blog

ioncube24

Weekly Cyber Security News 19/04/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. While not as main stream as Skype, Matrix has certainly gained a good following (one I’ve been personally watching for a few years myself). The announcement of a major breach via vulnerabilities in it’s Jenkins CI system do highlight that any door in will be taken and used to pivot into where the jewels really are.

tigera

7 Key Considerations for Kubernetes in Production

Today Enterprise IT does not question the value of containerized applications anymore. Given the move to adopting DevOps and cloud native architectures, it is critical to leverage container capabilities in order to enable digital transformation. Google’s Kubernetes (K8s), an open source container orchestration system, has become the de facto standard — and the key enabler — for cloud native applications, and the way they are architected, composed, deployed, and managed.

victorops

Kubernetes vs. Docker Swarm

Today, most organizations are rearchitecting their applications and moving them to the cloud. Use of microservices architecture and containers has completely transformed the way organizations develop and deploy new applications in the cloud. These technologies, alongside container orchestration tools like Kubernetes and Docker Swarm, allow organizations to develop small, independently deployable components of code that require minimal resources.

logsign

The Importance of Threat Intelligence Feeds

Threat Intelligence Feeds, in fact, are an actionable threat data related to artifacts or indicators collected from any third-party vendors in order to learn from other company’s visibility and access to enhance your own cyber threat response and awareness. The example of these third-party vendors includes Kaspersky Threat Intelligence and Alient Vault OTX. Threat Intelligence Feeds concentrate on a single area of interest and they are delivered online.

How to Measure Internal Audit Performance

Ever-increasing cybersecurity threats have made data security a staple in all businesses that transmit, manage, or store sensitive data. However, many companies struggle with security when it is time to carry out IT audits. To determine the effectiveness of your risk management program, it is crucial to measure your organization’s internal policies against the recommended industry standards and regulatory requirements.
reciprocity

Workflow Automation For Compliance

The time-consuming, administratively burdensome compliance process is riddled with potential human errors that can lead to violations. As securing data increasingly relies on proving controls’ effectiveness, the compliance becomes more stressful for everyone in the organization. However, building compliance workflow can streamline the process leading to a more cost effect and auditable outcome.

unomaly

Heading Towards Zero Bugs in Production

Any team responsible for building and running software will have an intimate understanding of the tradeoffs of deploying new code and fixing bugs. Where there is code, there will be bugs. Where there is change, there will be new bugs. And there is a limit to how much time that can be spent making sure code is bug free. It’s impossible to completely prevent them.

detectify

What information does Detectify provide for PCI Compliance Requirement 6?

The Payment Card Industry Data Security Standard (PCI DSS) program provides an information security compliance benchmark for companies that are handling, processing and storing cardholder data online. Software development and vulnerability management are covered in the PCI DSS compliance requirements as this concerns products and applications created to handle cardholder data.

detectify

Detectify security updates for 18 April

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.