Is your team drowning in container vulnerability noise? Are you spending a lot of time figuring out where to focus resources on and still missing dangerous vulnerabilities? Know that you are not alone. Container environments revolutionized app development by enabling unprecedented velocity, but not without a price. The use of readily available container images of third-party and open-source code enabled much faster cycles, but also facilitated the introduction of vulnerabilities in the application.

Vulnerabilities are everywhere. Vetting, mitigating, and remediating them at scale is exhausting for security practitioners. Let’s keep in mind that no organization has the capacity to find and fix all vulnerabilities. The key is to understand what a vulnerability is, interpret the meanings of the CVSS score, and prioritize and effectively use resources within constrained time limits or delivery windows. Since 2016, new vulnerabilities reported each year have nearly tripled.

DevOps has been the methodology of choice among developers for over a decade. No doubt, it’s proven its efficiency and ability to speed up processes while uniting teams by promoting open communication and shared responsibility. But will GitOps steal the spotlight? We’re exploring the answer in today’s post by looking at these two methodologies’ similarities and differences, advantages, and limitations.

Cybersecurity can often seem intimidating for IT teams. After all, things like “threat hunting,” “red teaming,” and “blue teaming” are not used in IT operations. On the other hand, just because these words are terms of art doesn’t mean that they’re activities you don’t do already. You’re probably already using log data as part of your IT operations incident response.

This blog was written by an independent guest blogger. In mid-March, Microsoft released a free, open-source tool that can be used to secure MikroTik routers. The tool, RouterOS Scanner, has its source code available on GitHub. It is designed to analyze routers for Indicators of Compromise (IoCs) associated with Trickbot. This article will introduce some background on the MikroTik vulnerability, the Trickbot malware, and some ways you can protect yourself.

A few days ago it was reported that the new Go versions 1.18.1 and 1.17.9 contain fixes for a stack overflow vulnerability in the encoding/pem builtin package, in the Decode function. Given the high popularity of Go among our customers and in the industry at large, this update led us to investigate the vulnerability in previous versions.

One of the many values of 1Password is that we make it faster and easier to use strong, unique passwords everywhere online. That’s great if you already have a good handle on why password strength matters for online security. But we know that not everyone does.

The FSMO (Flexible Single Master Operations) roles are vital when it comes to Active Directory. The FSMO roles help keep Active Directory consistent among all of the domain controllers in a forest by allowing only specific domain controllers to perform certain operations. Additionally, Active Directory FSMO Roles are essential for your Active Directory environment’s stability and security.

Creating an incident response plan is mission-critical for modern organizations. As threat actors continuously evolve their attack methodologies, organizations need the people, processes, and technologies that allow them to rapidly respond to a security incident. According to research, attacks have increased by 15% since 2019.

It should come as no surprise that as cryptocurrencies become more popular and edge towards the mainstream, the mining of these digital currencies—which uses computing power to solve complex math problem— has given rise to a new form of cyber attack: cryptojacking. Cryptojacking may sound like a way to steal someone's cryptocurrency assets, but it's a less obvious form of theft.