In this episode of TFiR Let’s Talk, Swapnil Bhartiya sits down with Sathya Sankaran, COO of Catalogic and GM of CloudCasa, to discuss in-depth how CloudCasa is supporting backup for the three major cloud providers − Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS), and Google Kubernetes Engine (GKE) − and the data protection challenges they are addressing.
Today marks an exciting day for JFrog and a substantial step forward towards ensuring end-to-end software supply chain security. JFrog Advanced Security is our unique approach for DevOps-centric security, and the only solution that was built especially for today’s modern DevOps workflows.
Adopting a fine-grained policy-as-code authorization approach based on Open Policy Agent (OPA)– the leading open-source policy engine– is a huge step forward in building microservices applications that run reliably and securely.
There are many types of security research, from digging into malware to discovering the latest DDoS attack vectors. At Mend, vulnerability research is a primary focus for our research team, but even that area has many different avenues to pursue. For example, we tend to focus on open source vulnerabilities, so it is quite unlikely that you’ll see us doing reverse engineering and trying to understand assembly code.
Rest-client is one of the most popular RubyGems, with a simple DSL that allows sending HTTP requests. Lightweight, versatile, developed by famous Rubyists…with all these attributes, this gem is a very shiny and attractive target for malicious actors. All they need is a good method of attack. An attempt made today tried to leverage typosquatting by adding malicious code to rest_client, but it didn’t quite ace the assignment.
It’s that time of year again: October is Cybersecurity Awareness Month. At the very least, it serves as an annual reminder to check your security posture, both at work and at home. But I figured that it also might be a good time to take a closer look at more specific topics over the course of the month. I will do my best to stay out of the weeds, but this is important for all of us to be aware of.
Autumn is officially here again in New Jersey, bringing fresh apples, cider, Halloween candy by the ton, and pumpkin spice everything. It’s been more than four months since our May update to CloudCasa, which is a bit longer than usual. But don’t think that we spent the summer lounging on a beach! Our development team has been working as hard as ever, and we have an impressive list of new CloudCasa features to announce.
As you probably know by now, PodSecurityPolicy has been deprecated from Kubernetes for over a year, since the release of Kubernetes 1.21. In short PSP was an admission controller that let cluster managers control security by managing pod-specific policy. Like most other admission controllers, PSP could specify requirements one must meet to enter a pod, and deny any requests which don’t meet that requirement. In rare cases, PSP could also modify pod fields, changing requirements for access.
In a new article for HelpNet Security, Leon Juranic, security research team lead at Mend, states the case for taking proactive defensive steps against a new attack called Evil-Colon. Evil-Colon works similarly to the now defunct Poison-NULL-Byte attacks, and it has the potential to cause severe disruption to your code if not properly addressed. What does all this mean? In a nutshell, it’s possible to exploit applications that are performing path-based operations with user input in various ways.
