On October 29th, Detectify released a security test to detect a critical Oracle WebLogic Server RCE – CVE-2020-14882. Again in November, Oracle released an out-of-band security patch to fix a related RCE for Oracle Fusion Middleware. These vulnerabilities are currently being exploited by multiple botnets in the wild. Detectify scans your application for both of these vulnerabilities and will alert you if you are running a vulnerable version of Oracle WebLogic Server.

Organizations are modernizing IT infrastructure, restructuring teams, and accelerating application delivery with containers and Kubernetes. As with any technology, organizations are at various places within their journey. However, according to Gartner, more than 75% of global organizations will be running containerized apps in production by 2022. Chances are your team is using containers for some applications.

Today, cybersecurity, risk, and data protection are issues that are on upper management’s radar. Seeking to minimize the potential for business disruption, board members are getting more involved with the organization’s security program. Recent surveys indicate that 65% of companies are recruiting board members who are knowledgeable about security issues.

Modern languages like Python, NodeJS, and Go make it easy to handle concurrent requests for multiple customers at the same time by using threads or goroutines. Such services seem very cost effective because one process can handle hundreds or thousands of tenants. However, this efficiency comes at a hidden, steep price. When language runtime scheduling breaks down, one tenant can cause an outage for everyone.

On November 19, Veracode published new, official Docker images for use in continuous integration pipelines. The images, which provide access to Pipeline Scan, Policy (or Sandbox) scans, and the ability to access Veracode APIs via the Java API Wrapper or via HTTPie with the Veracode API Signing tool, make it easy to include the current version of Veracode tools in your automation workflow.

2020 has been a challenging year. Organizations had to quickly figure out how to secure employees and mobile endpoints working outside their existing perimeter-based controls. To take a step back, 2020 isn’t an anomaly. This shift to mobile-first was happening well before the pandemic.

December 1, 2020 Miamisburg, OH – Ignyte Assurance Platform, the integrated cyber risk assurance company, announced it has achieved ISO/IEC 27001:2013 certification, recognizing its commitment to providing customers with the highest level of information security management. Following an extensive audit process, the certification was issued by an ANAB and UKAS Accredited Certification Body based in the United States.

The new Devo eBook, Building the Modern SOC, presents four evolutionary steps for creating a highly automated and efficient security operations center (SOC) that empowers analysts. This is the third in a series of posts highlighting the most important elements of the four steps. Previous posts covered Step 1, establishing a foundation of centralized, scalable visibility, and Step 2, extracting intelligent insights from your data.

Well, it’s been a while since you read a blog dedicated to the latest release – okay, the latest several releases – of Splunk Security Essentials (SSE). We have been busy behind the scenes, however, so let’s catch you up on SSE’s latest features, which include the new version of our content API, and externally with updates from MITRE and the release of ATT&CK v7.2 (with Sub-Techniques) and ATT&CK v8.

More and more organizations are adopting Kubernetes, but they’re encountering security challenges along the way. In the fall 2020 edition of its “State of Container and Kubernetes Security” report, for instance, StackRox found that nearly 91% of surveyed organizations had adopted Kubernetes, with a majority (75%) of participants revealing that they had deployed the container orchestration platform into their production environments.