Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

mend

How to Make Your Vulnerability Management Metrics Count

Dec 9, 2021 By Patricia Johnson In Mend

Software development organizations are investing more and more resources in their vulnerability management programs. According to Gartner’s forecast, in 2021 enterprise security spending was expected to break records and grow 12.4% to reach 150.4 billion. But how do organizations know if they’re spending their security resources wisely? The answer can only be found by crunching the numbers.

Read Post
Snyk

Responsible disclosure: CodeCov CEO & CTO share learnings from the breach

Dec 9, 2021 By Mariah Gresham In Snyk

In January of 2021, CodeCov suffered a supply chain attack that exposed client environment variables. In the following months, the specifics of the breach and its technical applications have been thoroughly examined by the application security community to determine what went wrong and how to combat similar attacks in the future. But another interesting outcome of the breach were the insights into a slightly less glamorous topic: responsible disclosure.

Read Post

How to Scale Developer Security Using Snyk (Demo)

Dec 9, 2021 By Snyk In Snyk
Emerging cloud-native technologies have shifted and expanded the scope of AppSec as we know it. Digital transformation and scale now hinges on developers’ ability to build and deploy rapidly – and doing so securely. Snyk’s developer security platform is designed to work like a developer tool – making it not only easy to find issues but to fix them quickly. In this recorded webinar, Jim Armstrong walks through a demo to show how developers can secure their proprietary code, open source libraries, container images, and infrastructure as code deployments.
View Video
CalCom

Netlogon Service Configuration in Active Directory and Member Servers

Dec 9, 2021 By Keren Pollack In CalCom
Netlogon Service is a Microsoft Windows Server process used to validate or authenticate users and devices in a domain. It is used to confirm the user’s identity on any particular network that the user is trying to access. Netlogon is a process, not an application, therefore it is continuously running in the background. It can be stopped either manually or by some runtime error.
Read Post
Snyk

Snyk Open Source adds beta C/C++ security scanning for unmanaged OSS

Dec 8, 2021 By Daniel Berman In Snyk

We’re happy to announce the open beta of C/C++ security scanning in Snyk Open Source, enabling development and security teams to find and fix known security vulnerabilities in their C/C++ open source code and libraries! Used across various industry verticals and prominent within the gaming, hardware/IoT, and communications industries, C/C++ continues to have a major impact on software development and the technology space as a whole.

Read Post

Snyk Customer Story: ActiveCampaign

Dec 8, 2021 By Snyk In Snyk
ActiveCampaign's Amar Patel, Engineering Manager, and Ben Harold, Senior Software Engineer share their experiences with Snyk. Snyk helps ActiveCampaign "identify vulnerabilities and communicate with upper management about the risks that need to be addressed." With Snyk, ActiveCampaign can gain get better insights into the risks on their platform and better address those risks in a more streamlined and frictionless manner.
View Video
jfrog

Malicious npm Packages Are After Your Discord Tokens - 17 New Packages Disclosed

Dec 8, 2021 By Andrey Polkovnychenko and Shachar Menashe In JFrog

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 11 malicious packages in the PyPI repository, a discovery that shows attacks are getting more sophisticated in their approach.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.