Today we’re pleased to announce an update to our popular Docker and Snyk vulnerability cheat sheet. Since 2020, millions of MacOS and Windows developers have been able to use docker scan to analyze their containers in their local environments as part of their day-to-day development. This capability gives teams feedback at the time of active development for faster cycles.
The ongoing war between Ukraine and Russia has placed organizations worldwide on full alert due to the possibility that cyber attacks related to the conflict may impact organizations outside the region.
Last month, we announced the launch of our active cloud-native application runtime security. Calico Cloud’s active runtime security helps security teams secure their containerized workloads with a holistic approach to threat detection, prevention, and mitigation. As security teams look to secure these workloads, it’s also critical that they employ a defense-in-depth strategy.
A few days ago it was reported that the new Apache version 2.4.53 contains fixes for several bugs which exposed the users of the well known HTTP server to attacks: CVE-2022-22719 relates to a bug in the mod_lua modules which may lead to Denial of Service after reading from a random memory Area, CVE-2022-22720 exposes the server to HTTP Smuggling attacks, CVE-2022-22721 exposes the server to a buffer overflow when handling large XML input, and CVE-2022-23943 is a vulnerability in the mod_sed module, whi
In recent times when data breaches and cyber attacks have become so common, being cyber resilient and prepared for the attack when it happens is the new norm.
ISO 27001 compliance provides greater assurance that an organization is adequately managing its cybersecurity practices, such as protecting personal data and other types of sensitive data. Third-party risk management (TPRM) programs can benefit immensely from implementing the relevant ISO 270001 controls to mitigate the risk of significant security incidents and data breaches.
According to a PwC poll, the epidemic has increased the number of employees working from home to almost 70%. Remote working, however, has its own set of risks. Companies are vulnerable to a host of network attacks because of employee-owned devices, insecure connections, and inappropriate device usage. That is where cybersecurity awareness training for employees comes into the picture and plays a key role in preventing cyber attacks.
As more and more businesses and individuals choose to store their data online, ensuring the safety of information is becoming exceptionally crucial. According to recent statistics from the Hosting Tribunal, over 95% of IT professionals use cloud storage. This number is expected to grow steadily.
A Penetration Test commonly consists of assessing; the confidentiality, integrity and availability of an information system, widely known as the CIA triad. There are numerous penetration testing approaches. This can include black-box testing, white-box testing and grey-box testing which all, in turn, provide remediation advice. However, the three types of testing define different approaches the consultant takes during an assessment and all have different benefits and disadvantages.
