DevOps

AutoAdminLogon, worth the extra risk?

Apr 1, 2024 By Ben Balkin In CalCom

AutoAdminLogon is a Windows registry setting which automates the logon process of a specific user account during system startup, bypassing the typical login screen. Enabling this setting streamlines the startup process, being particularly useful in scenarios where a system needs to boot up and immediately launch specific applications or services without manual intervention.

Read Post

CalCom

Read more about AutoAdminLogon, worth the extra risk?

Bombshell in SSH servers! What CVE-2024-3094 means for Kubernetes users

Mar 31, 2024 By Amit Schendel In ARMO

On March 29, 2024, Red Hat disclosed CVE-2024-3094 (a.k.a XZ vulnerability) scoring a critical CVSS rating of 10. Stemming from a supply chain compromise it affects the latest iterations of XZ tools and libraries. The CVE was identified by a software engineer following the discovery of performance issues in SSH connections. This led to the exposure of a major supply chain attack where a compromised library was inserted into sshd and exploited during the authentication process.

Read Post

ARMO

Read more about Bombshell in SSH servers! What CVE-2024-3094 means for Kubernetes users

Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise

Mar 31, 2024 By Tom Abai In Mend

*April 1 update. it was confirmed that Fedora 40 is not affected by the backdoor. However, users should still downgrade to a 5.4 build to be safe. On March 29th, 2024, a critical CVE was issued for the XZ-Utils library. This vulnerability allows an attacker to run arbitrary code remotely on affected systems. Due to its immediate impact and wide scope, the vulnerability has scored 10 for both CVSS 3.1 and CVSS 4, which is the highest score available.

Read Post

Mend

Read more about Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise

A Day In The Life of a Security Leader

Mar 30, 2024 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about A Day In The Life of a Security Leader

Kerberos v5 Authentication

Mar 29, 2024 By John Gates In CalCom

Kerberos stands as the default authentication protocol facilitating secure service requests between trusted devices within a network. It has been an integral component of Windows Active Directory (AD) environments since the era of Windows 2000. When a user logs into their computer, Kerberos undertakes mutual authentication, ensuring both the user and the server validate their identities.

Read Post

CalCom

Read more about Kerberos v5 Authentication

Transforming Privileged Access A Dialogue on Secretless, Zero Trust Architecture

Mar 28, 2024 By Teleport In Teleport

Join us for an insightful webinar featuring IAM analyst Jack Poller and Teleport CEO Ev Kontsevoy as they delve into the nuances of privilege management and the paradigm shift towards a secretless, zero trust, least privileged architecture for engineers accessing cloud and on-premises compute infrastructure.

View Video

Teleport

Read more about Transforming Privileged Access A Dialogue on Secretless, Zero Trust Architecture

Over 100 Malicious Packages Target Popular ML PyPi Libraries

Mar 28, 2024 By Tom Abai In Mend

Early on March 28, 2024, the Mend.io research team detected more than 100 malicious packages targeting the most popular machine learning (ML) libraries from the PyPi registry. Among those libraries are Pytorch, Matplotlib, and Selenium.

Read Post

Mend

Read more about Over 100 Malicious Packages Target Popular ML PyPi Libraries

The State of Software Supply Chain Security in 2024

Mar 27, 2024 By Sean Pratt In JFrog

In today’s fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. With that in mind, it’s important to assess whether your organization is set up to handle the continuous expansion of the open-source ecosystem and an ever-growing array of tools to incorporate into your supply chain.

Read Post

JFrog

Read more about The State of Software Supply Chain Security in 2024

The Enterprise OPA Platform for application authorization

Mar 27, 2024 By Styra In Styra

Learn more: https://www.styra.com/enterprise-opa-platform/

View Video

Styra

Read more about The Enterprise OPA Platform for application authorization

Understanding Supply Chain Risk - Using SCA to protect your application

Mar 27, 2024 By GitGuardian In GitGuardian

Understanding our supply chain means understanding all the components that make it. But this is harder than it appears. Open-source components make up 80 - 90% of our application's source code, but we must also remember that our open-source components are also made from open-source components, it's like supply chain inception. SCA or Software Composition Analysis is a security tool that looks at your entire supply chain and outlines vulnerabilities, including transitive or downstream dependencies.

View Video

GitGuardian

Read more about Understanding Supply Chain Risk - Using SCA to protect your application

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

AutoAdminLogon, worth the extra risk?

Bombshell in SSH servers! What CVE-2024-3094 means for Kubernetes users

Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise

A Day In The Life of a Security Leader

Kerberos v5 Authentication

Transforming Privileged Access A Dialogue on Secretless, Zero Trust Architecture

Over 100 Malicious Packages Target Popular ML PyPi Libraries

The State of Software Supply Chain Security in 2024

The Enterprise OPA Platform for application authorization

Understanding Supply Chain Risk - Using SCA to protect your application

Monthly Archive

Follow Us