Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Technology

netskope

Leaky Images: Accidental Exposure and Malware in Google Photos and Hangouts

Sep 29, 2020 By Ashwin Vamshi In Netskope

Did you know that the default link sharing option in Google Photos allows anyone with the link to view the files and all images shared in Google Hangouts that are publicly accessible? In this edition of our leaky app series, we will cover how image link sharing in Google Hangouts and Google Photos can lead to the accidental public exposure of sensitive data. We will also look at the threat detection capabilities of Google Photos and Google Hangouts.

Read Post
bearer

Measuring Performance in Node.js with Performance Hooks

Sep 29, 2020 By Mark Michon In Bearer

Measuring performance in Node.js applications can sometimes be a challenge. Do to the nature of the event loop and asynchronous code, determining the actual time a piece of code takes to execute requires tools built into the platform. First added in Node.js v8.5, as stableas of v12, the Performance Measurement APIs are stable and allow much more accurate monitoring than earlier implementations.

Read Post
alienvault

Stories from the SOC - Cloud and On-site Protection

Sep 28, 2020 By Edwardo Rodriguez In AT&T Cybersecurity

One of the benefits of having your managed detection and response (MDR) service managed by AT&T Cybersecurity is the visibility into threats from a large number of customers of all sizes and across different industries. This allows the team to take what they learn from one customer and apply it to another. Our security operation center (SOC) analysts were able to use an OTX alarm and an AWS correlation rule to discover open ports on public facing servers for two different customers in 24 hours.

Read Post

iDevNews Application Architecture Summit 2020 | RBAC for SSH and Kubernetes Access with Teleport

Sep 28, 2020 By Teleport In Teleport
Enterprises are best served by leveraging an RBAC system to manage access to their SSH and Kubernetes resources. With Teleport, an open source software, employers are able to provide granular access controls to developers based on the access they need and when they need it. This makes it possible for employers to maintain secure access without getting in the way of their developers’ daily operations. Join Steven Martin, Solution Engineer at Gravitational, as he demonstrates how to assign access to developers and SRE’s across environments with Teleport through roles mapped from enterprises’ identity providers or SSOs.
View Video

Demo | Access Workflow Integration Using Pager Duty | Privileged Access Management | Teleport

Sep 26, 2020 By Teleport In Teleport
Teleport allows you to implement industry-best practices for SSH and Kubernetes access, meet compliance requirements, and have complete visibility into access and behavior. But invariably, change happens. Teleport allows users to request elevated privileges in the middle of their command-line sessions and create fully auditable dynamic authorizations . These requests can be approved or denied in PagerDuty or anywhere else via a flexible Authorization Workflow API.
View Video
sumologic

Leveraging logs to better secure cloud-native applications

Sep 25, 2020 By Twain Taylor In Sumo Logic
With the growing popularity of cloud computing, security incidents related to it have been on the rise. Logs are indispensable resources for countering these threats, and they can be utilized for alerting, taking remedial action, and even preventing future attacks. In this post, we will examine ways to better secure cloud-native applications using logs.
Read Post
styra

API Authorization at the Gateway with Apigee, Okta and OPA (Part 1)

Sep 24, 2020 By Ash Narkar In Styra

API gateways have become a standard component in modern application architectures. The gateway exposes application APIs to the Internet and serves as a logical place to enforce policy. This is a two-part series about enforcing API authorization policies in Apigee with Okta as the identity provider (IdP).

Read Post
synopsys

Open source licenses: No license, no problem? Or ... not?

Sep 23, 2020 By Matt Jacobs In Synopsys

In 2019, the Black Duck® Audit Services team audited 1,253 codebases to identify open source components, their associated licenses, security vulnerabilities, and overall community activity. Our Audit Services team has extensive experience in not only identifying open source licenses, but also researching the more than 2,700 license permutations that exist in the open source world. But what happens when an open source component has no license at all?

Read Post

Escape The Ticketing Turmoil | Slack/PagerDuty Integrations | Teleport Workflow API

Sep 23, 2020 By Teleport In Teleport
Teleport allows you to implement industry-best practices for SSH and Kubernetes access, meet compliance requirements, and have complete visibility into access and behavior. But invariably, change happens. Teleport allows users to request elevated privileges in the middle of their command-line sessions and create fully auditable dynamic authorizations. These requests can be approved or denied via ChatOps in Slack, in PagerDuty, or anywhere else via a flexible Authorization Workflow API.
View Video

SKILup Day DevSecOps | How To Securely Access Compute Resources In Cloud Environments | Virag Mody

Sep 22, 2020 By Teleport In Teleport
Virag Mody, Technical Writer for Gravitational gave a concise talk on Infrastructure Security best practices for SKILupDays DevSecOps 2020. In the talk he covers why certificate authorities are so important, and what individuals can do to create a more secure infrastructure access process.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.