Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

Pentest 101: How to Dodge the Directory Traversal Vulnerability

Feb 4, 2022 By Astra In Astra
Directory Traversal might not be considered as a high-impact vulnerability but it can be a stepping stone to information leak and shell upload vulnerability. The lack of directory traversal security can allow an attacker to manipulate the file path to gain unauthorized access to different files in the directory. You need penetration testing to detect the directory traversal vulnerability. This video is a short explanation of how the file traversal vulnerability can be exploited, and how you can avoid it.
View Video
1Password

Hacking 101: What is social engineering?

Feb 4, 2022 By Emily Chioconi In 1Password

For the average person, “traditional hacking” isn’t really an ever-present threat. It’s unlikely that a hacker will ever try to track you down, steal one of your devices, and bypass whatever you’ve set up to protect your personal data. Social engineering, on the other hand, is an increasingly common security threat that you’ve probably encountered many, many times before.

Read Post
Arctic Wolf

Top Cyber Attacks of January 2022

Feb 4, 2022 By Arctic Wolf In Arctic Wolf
2021 broke new ground in terms of cybersecurity, and much was ground just as well left unbroken. With no indication that ransomware, data breaches, and assorted malware will go away soon, the new year is a time for organizations to get a fresh start and really fortify themselves against a widening field of threats. One month in, we've already seen a disturbing array of attacks, from those on political targets to distressing new malware to a breach of exceptional sensitive information.
Read Post
CrowdStrike

How to Protect Cloud Workloads from Zero-day Vulnerabilities

Feb 4, 2022 By John Walker In CrowdStrike

Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if they’re able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this can become even more complicated when the vulnerability is nearly ubiquitous.

Read Post
Snyk

Log4Shell remediation with Snyk by the numbers

Feb 4, 2022 By Jason Lane In Snyk

We’re almost two months from the disclosure of Log4Shell, and we here at Snyk couldn’t be more excited with the role we’ve gotten to play in finding and fixing this critical vulnerability that’s impacted so many Java shops. For starters, we’ve been able to help our customers remediate Log4Shell 100x faster than the industry average! How have we been able to achieve that?

Read Post
ioncube24

Weekly Cyber Security News 04/02/2022

Feb 4, 2022 By Kevin In ionCube24

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Something that always surprises me that still happens…. You put something on the Internet and don’t secure it, you do know what is going to happen right? Evidently people still think no one will find them.

Read Post

How to Protect Your CI/CD Pipeline

Feb 4, 2022 By Teleport In Teleport
Application Architecture Summit, January 2021 How to protect your CI/CD pipeline so it doesn’t turn into a vulnerability superspreader. CI/CD pipelines bring so much application security good to the development process. They help increase test coverage and reduce human error by automating away toil. But without proper controls, an over-privileged and insufficiently monitored CI/CD pipeline can turn into a vulnerability superspreader. This talk will show you how to manage identity-based access so your CI/CD pipeline stays secure using the open-source solution Teleport and Github Actions.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.