Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Teleport 16: Advancing Infrastructure Defense-in-Depth with Device Trust, MFA, and VNet

Join us for an in-depth look at the latest release of Teleport. Teleport 16 introduces several powerful new features that further advance its capabilities in defending against identity provider compromise. In this webinar, we will explore how Teleport 16 enhances security and simplifies secure infrastructure access through: Teleport Access: Teleport Identity: Teleport Policy.

Repo Jacking: The Great Source-code Swindle

In this post, we explore a powerful, yet widely unknown attack vector which has emerged in the last couple of years known as ‘Repo Jacking’. During our research, we discovered the enormous potential to compromise software components with tens of millions of downloads across the Terraform IaC (Infrastructure as Code) and Composer (PHP package registry) ecosystems. Despite its power, Repo Jacking remains under-researched and frequently misunderstood.

Anonymous Logon: Understanding the Security Battleground with NT Authority

Anonymous logon refers to a type of network access where a user can log in to a system or network resource without providing any authentication credentials such as a username or password. This type of access is typically granted to allow basic, unauthenticated access to certain resources for public use or for specific purposes.

Log on as a Batch Job Rights & Security Setting

Log on as a batch job policy determines the accounts permitted to sign in through a batch-queue tool like the Task Scheduler service. When you schedule a task using the Add Scheduled Task Wizard, assigning it to run under specific credentials, that user is granted the right to log on as a batch job. At the designated time, the Task Scheduler service logs in the user as a batch job rather than an interactive user, executing the task within the user’s security parameters.

Exploring Best Practices and Modern Trends in CI/CD

Let’s start with statistics: continuous integration, deployment, and delivery is among the top IT investment priorities in 2023 and 2024. To be exact, according to GitLab’s 2024 Global DevSecOps report, it is on the 8th place (and security is the top priority!). However, it shouldn’t be surprising, as CI/CD practice brings a lot of benefits to IT teams – it helps to accelerate software delivery and detect vulnerabilities and bugs earlier.

Unlocking the Power of Kubernetes Data Management: Mastering CSI and Non-CSI Snapshots for Enhanced Security and Efficiency

In the rapidly evolving landscape of containerized applications, robust data backup solutions are essential. This is particularly true in production Kubernetes environments, where data integrity and availability are paramount. This post explores the critical roles of CSI snapshots & Non-CSI snapshots in Kubernetes, and how CloudCasa by Catalogic enhances data protection and management capabilities across diverse Kubernetes deployments.

#DevSecOps Essentials: Operating Confidently with Trusted Packages

Join JFrog’s Senior Solution Engineer, Mike Holland, and Technical Success Manager, Harpreet Singh, as they showcase the power of the JFrog Software Supply Chain platform. Designed to detect third-party components, track dependencies, and enforce compliance, this platform is essential for efficient and reliable software development. In this session, you'll learn.