%term

Rethinking Security in the Age of DevSecOps

Mar 25, 2019 By Tripwire In Tripwire

Tripwire CTO David Meltzer and Lamar Bailey, Director of Security Research and Development, discuss the main challenges and pain points as DevSecOps comes of age, sharing their recommendations and predictions in this video interview with Information Security Media Group at RSA Conference 2019.

View Video

Tripwire

Read more about Rethinking Security in the Age of DevSecOps

Security Requires Immutability: Avoid Dynamic Environments with Change Management

Mar 25, 2019 By Tyler Reguly In Tripwire

When Shelley published his famous poem in 1816, he was telling us that the only constant in life is change. This was not a new concept, even then. Heraclitus proposed the same concept around 500 BCE with ‘Panta rhei’ (Life is Flux or everything changes). Even though we all know and understand this ancient concept, people still have difficulty with change.

Read Post

Tripwire

Read more about Security Requires Immutability: Avoid Dynamic Environments with Change Management

3 Reasons Log Management is Critical for Business Intelligence

Mar 25, 2019 By Chris O'Brien In Devo

Log management is the answer to all of your digital transformation woes. No, hear me out. At its heart, log management is the (challenging) task of collecting and storing all machine-generated data from across your entire enterprise into a common repository. If this collection doesn’t happen, or if log collection is limited to certain datasets, there’s little chance of deriving those high value insights you dream of.

Read Post

Devo

Read more about 3 Reasons Log Management is Critical for Business Intelligence

What You Should Know About Ransomware in 2019

Mar 25, 2019 By Veriato In Veriato

It’s estimated that Ransomware costs will climb to roughly $11.5 billion in 2019, according to CSO Online. The frequency of attacks continues to increase as well. According to a report on Ransomware, these attacks occurred once every 120 seconds in early 2016. By 2017 this spiked to an attack occurring every 40 seconds. In 2019, the frequency is expected to grow to an attack happening every 14 seconds.

Read Post

Veriato

Read more about What You Should Know About Ransomware in 2019

Container compliance for Docker and Kubernetes

Mar 22, 2019 By Sysdig In Sysdig

Container compliance for Docker and Kubernetes is an essential part of enterprise security. It’s important for your environments, no matter where they reside, to remain compliant with industry regulation and/or company security policy.

View Video

Sysdig

Read more about Container compliance for Docker and Kubernetes

Detecting and preventing cgroups escape via SCTP - CVE-2019-3874

Mar 22, 2019 By Harry Perks In Sysdig

This week CVE-2019-3874 was discovered which details a flaw in the Linux kernel where an attacker can circumvent cgroup memory isolation using the SCTP socket buffer. In containerised environments, this has the potential for a container running as root to create a DoS.

Read Post

Sysdig

Read more about Detecting and preventing cgroups escape via SCTP - CVE-2019-3874

Weekly Cyber Security News 22/03/2019

Mar 22, 2019 By Kevin In ionCube24

A selection of this week’s more interesting vulnerability disclosures and cyber security news. A news busy week this has been, from a catastrophic malware hit against an global manufacturer to startling breaches from the usual players. Which to pick out then? OK, a wonderful article by Krebs that caught my attention today.

Read Post

ionCube24

Read more about Weekly Cyber Security News 22/03/2019

Defending Against Malicious and Accidental Insiders - ISMG Interview At RSA Conference 2019

Mar 22, 2019 By Veriato In Veriato

Malicious and accidental insiders alike have drawn renewed attention to the Insider Threat. Patrick Knight of Veriato offers new insight on the scale of the problem and how to tackle it.

View Video

Veriato

Read more about Defending Against Malicious and Accidental Insiders - ISMG Interview At RSA Conference 2019

Proof of Concept: CVE-2017-9791 Apache Struts OGNL Expression Injection

Mar 21, 2019 By Detectify In Detectify

Object-Graph Navigation Language (OGNL) is an expression language for handling Java objects. When an OGNL expression injection vulnerability is present, it is possible for the attacker to inject OGNL expressions. Many critical Apache Struts CVEs are the result of GNL expression injection. Watch our short attack demo video where we explain Apache Struts OGNL expression injection and how it works.

View Video

Detectify

Read more about Proof of Concept: CVE-2017-9791 Apache Struts OGNL Expression Injection

Apache Struts Vulnerabilities

Mar 21, 2019 By Detectify In Detectify

Apache Struts is a well-known development framework for Java-based web applications that is mostly used in enterprise environments. If you search for Apache Struts CVEs on MITRE, you currently get 77 results, and most of the critical ones are due to OGNL expression injection, which is very similar to SSTI (Server Side Template Injection) attacks. In this article we will go through the security history of Apache Struts, common Apache Struts security issues and the impact of these vulnerabilities.

Read Post

Detectify

Read more about Apache Struts Vulnerabilities

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Rethinking Security in the Age of DevSecOps

Security Requires Immutability: Avoid Dynamic Environments with Change Management

3 Reasons Log Management is Critical for Business Intelligence

What You Should Know About Ransomware in 2019

Container compliance for Docker and Kubernetes

Detecting and preventing cgroups escape via SCTP - CVE-2019-3874

Weekly Cyber Security News 22/03/2019

Defending Against Malicious and Accidental Insiders - ISMG Interview At RSA Conference 2019

Proof of Concept: CVE-2017-9791 Apache Struts OGNL Expression Injection

Apache Struts Vulnerabilities

Monthly Archive

Follow Us