Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Stranger Danger: Your Java Attack Surface Just Got Bigger

Sep 21, 2022 By Snyk In Snyk
Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
View Video
teleport

How to Connect to Microsoft SQL Server Remotely Using Teleport

Sep 20, 2022 By Travis Rodgers In Teleport

Support for Microsoft SQL Server was added in our Teleport 9 release, along with support for Redis and MariaDB. In this post, we'll specifically be looking at Microsoft SQL Server and will cover how to connect to it remotely using Teleport. Before we get into the steps of accessing SQL Server with Teleport, let's briefly go over a few recommended security postures with SQL Server and how Teleport actually helps to implement them.

Read Post
sysdig

Container Image Scanning for Azure Pipelines with Sysdig

Sep 19, 2022 By Eduardo Mínguez In Sysdig

Scanning a container image for vulnerabilities or bad practices in your Azure Pipelines using Sysdig Secure is a straightforward process. This article demonstrates a step by step example on how to do it. The following proof of content showcased how to leverage the sysdig-cli-scanner in Azure Pipelines. Although possible, it is not officially supported by Sysdig, so we recommend checking the documentation to adapt these steps to your environment.

Read Post
armo

CVE-2022-3172 - kube-apiserver can allow an aggregated API server to redirect client traffic to any URL

Sep 19, 2022 By Ben Hirschberg In ARMO
A new vulnerability was reported on Sep 16th in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. As a result, the client may perform unexpected actions and share the API server credentials with third parties. The aggregated API server extension in Kubernetes API server enables users to extend API server with alternative objects and paths.
Read Post
teleport

Directory Sharing in a Web-Based RDP Client Using the File System Access API

Sep 19, 2022 By Isaiah Becker-Mayer In Teleport

Remote Desktop Protocol (RDP) is a protocol developed by Microsoft which at its core is designed to give users a graphical interface to a remote Windows computer over a network connection. The remote Windows machine runs an RDP server, while the local computer accessing it runs an RDP client. Windows comes bundled with Microsoft's Remote Desktop Connection to easily access Windows hosts over RDP.

Read Post
styra

Security Challenges in Microservices

Sep 19, 2022 By Will Seaton In Styra

Before the rise of cloud computing and small autonomous services built with containers, a typical application would consist of a monolith of code with a frontend, a backend and a database. Developers would take extra caution when updating their code because any change or bug could affect the entire application. As an alternative, microservices broke down applications into small interconnected services — each responsible for their discrete function, collaborating using APIs.

Read Post
LimaCharlie

What is SIaaS? An introduction to security infrastructure as a service

Sep 15, 2022 By Christopher Luft In LimaCharlie

Security infrastructure as a service (SIaaS) is an engineering-centric, infrastructure-first approach to cybersecurity—and is at the heart of everything we do at LimaCharlie. In this post, we’ll explain more about what SIaaS is, why it’s important, and how it differs from legacy models of cybersecurity.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.