Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

Contact Form 7 (5.3.1 & below) Vulnerable To Unrestricted File Upload

Dec 17, 2020 By Astra In Astra
Before you start reading the description, please log in to your WordPress Admin panel & update all the plugins. Contact Form 7 version 5.3.1 and below were found to be vulnerable to unrestricted file upload vulnerability. This issue has been reported by security researchers at Astra Security. By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed uploadable file types on a website.
View Video
datadog

Integrate Datadog Compliance Monitoring with your AWS Well-Architected workloads

Dec 16, 2020 By Michael Yamnitsky In Datadog

Many of our customers rely on the Amazon Web Services (AWS) Well-Architected Framework as a guide to build safe, secure, and performant applications in the cloud. AWS offers the Well-Architected Review (WAR) Tool as a centralized way to track and trend adherence to Well-Architected best practices. It allows users to define workloads and answer a set of questions regarding operational excellence, security, reliability, performance efficiency, and cost optimization.

Read Post
alienvault

2021 Cybersecurity in healthcare

Dec 16, 2020 By Bindu Sundaresan In AT&T Cybersecurity

Breaches and cyberattacks are on the rise in the healthcare industry. The recent acceleration of digital technology and connectivity within Healthcare has led to significant patient care delivery improvements, more effective population health management, and better patient outcomes. With this increased technology and connectivity, however, comes increased exposure to cyberattacks that can impact patient care delivery, safety, and privacy.

Read Post

Wishes Do Come True: Fast Development, Secure Delivery

Dec 16, 2020 By Snyk In Snyk
Organizations re-thinking their software delivery lifecycle are faced with a dilemma: how to speed up the pace of development necessary to surpass their competition, without sacrificing the security of the applications they’re delivering? CI/CD practices and tools have risen up to help meet this need, but fitting legacy applications and security tools into these modern pipelines exposes new gaps that risk slowing release velocity.
View Video

Introducing Teleport Cloud | Access Management SaaS | Servers - Clusters - Applications

Dec 16, 2020 By Teleport In Teleport
Teleport Cloud allows you to secure access to your servers, Kubernetes clusters, and Web applications while leaving the operation of your Unified Access Plane to the experts at Teleport. You can still control access to your compute resources anywhere else in the cloud, plugin approval workflows, and use your choice of SSO identity provider. But now you can get your security deployed faster, and you have peace of mind knowing Teleport is continually patched, monitored, and maintained for you.
View Video
sumologic

Recommendations for monitoring SolarWinds supply chain attack with Sumo Logic Cloud SIEM

Dec 16, 2020 By Sourabh Bhosale and Paul Sheck In Sumo Logic
The global security community recently learned of a supply chain attack against SolarWinds via their Orion® Platform. In this blog we are providing recommendations for Sumo Logic customers to gain a deeper understanding of how to utilize available Indicators of Compromise (IOCs) within our Cloud SIEM offerings to determine your exposure to the attack. Additionally, we’re sharing targeted search recommendations from our Sumo Logic Special Operations (or SpecOps) threat hunting team.
Read Post
upguard

How to Select a Third-Party Risk Management Framework

Dec 16, 2020 By Abi Tyas Tunggal In UpGuard

For many businesses, global third-party vendors have become an important source of strategic advantage and business value. Yet outsourcing is not without its risks. As reliance on third-parties continues to grow, so does the number of headline stories of regulatory action and reputational damage that arise from third-party breaches or failure. Those driving organizations need to reconsider how they approach, identify and manage third-party risk.

Read Post
upguard

How to Secure Apache Tomcat 8 in 15 Steps

Dec 16, 2020 By UpGuard Team In UpGuard

Apache Tomcat is the leading Java application server by market share and the world's most widely used web application server overall. Currently at version 8, the popular web server has not been without its security flaws, perhaps most famously publicized in this incident of aircraft hacking by security researcher Chris Roberts earlier this year. However, hardening Tomcat's default configuration is just plain good security sense—even if you don't plan on using it on your plane's network.

Read Post
veracode

Defense in Depth: Why You Need DAST, SAST, SCA, and Pen Testing

Dec 16, 2020 By Laura Paine In Veracode

When it comes to application security (AppSec), most experts recommend using Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) as “complementary” approaches for robust AppSec. However, these experts rarely specify how to run them in a complementary fashion.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.