Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Seccomp internals deep dive - Part 1

Seccomp, short for Secure Computing Mode, is a noteworthy tool offered by the Linux kernel. It is a powerful mechanism to restrict or log the system calls that a process makes. Operating within the kernel, seccomp allows administrators and developers to define fine-grained policies for system call execution, enhancing the overall security posture of applications and the underlying system.

FIPS Compliant Algorithms for Encryption, Hashing, and Signing

With the rise of cyber threats and the increasing volume of sensitive data being transmitted over networks, organizations must prioritize the use of cryptographic algorithms that meet stringent standards for security and reliability. One such standard is FIPS (Federal Information Processing Standards) compliance, which ensures that cryptographic algorithms adhere to the rigorous criteria set forth by the U.S. government.

What is ASPM - Application Security Posture Management Defined

Welcome to our concise video on ASPM – Application Security Posture Management! In this brief 1-minute video, we unravel the complexities surrounding ASPM, shedding light on its crucial role in safeguarding digital assets and data integrity. ASPM serves as a comprehensive framework for assessing, monitoring, and enhancing the security posture of applications throughout their lifecycle. From development to deployment and beyond, ASPM empowers organizations to proactively identify and mitigate security risks, vulnerabilities, and compliance gaps.

CMMC vs NIST 800-171

January 2020 is when the Department of Defense (DoD) released the Cyber Maturity Model Certification (CMMC) framework, aimed at evaluating and strengthening the cybersecurity readiness of the Defense Industrial Base (DIB). As per the DoD’s directive, all prime contractors and subcontractors within the supply chain must undergo auditing and certification under the CMMC framework.

Friction between DevOps and Security - Here's Why it Can't be Ignored

Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright’s blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company’s software applications.

Yet another reason why the xz backdoor is a sneaky b@$tard

A contributor to the liblzma library (a compression library that is used by the OpenSSH project, among many others) submitted malicious code that included an obfuscated backdoor. Since the maintainers had no reason to suspect foul play, they accepted and merged the contribution. The malicious code made it into the compression library release, and later on to the OpenSSH server, which relies on the library in question.

What You Need to Know About Hugging Face

The risk both to and from AI models is a topic so hot it’s left the confines of security conferences and now dominates the headlines of major news sites. Indeed, the deluge of frightening hypotheticals can make AI feel like we are navigating an entirely new frontier with no compass. And to be sure, AI poses a lot of unique challenges to security, but remember: Both the media and AI companies have a vested interest in upping the fright hype to keep people talking.

Securing CI/CD Runners through eBPF

During the Open Security Summit 2024, Yahoo! Principal Security Engineer Mert Coskuner and Kondukto CEO & Co-Founder Cenk Kalpakoglu delved into the intriguing topic of securing CI Runners through eBPF agents. Although the title might seem unconventional, it reflects their creative approach to solving security challenges in continuous integration environments. With the rapid digital transformation of businesses, there has been an increasing focus on supply chain attacks and their impact on security.