%term

Introducing Mend Supply Chain Defender Integration with JFrog Artifactory

Jun 3, 2022 By Jack Marsal In Mend

When it comes to understanding the difference between open source software vulnerabilities and malicious threats, it’s helpful to think in terms of passive vs. active threats. Vulnerabilities can be attacked and exploited, but in a vacuum don’t pose a threat. Malicious threats are different —– they involve a threat actor actively planning to attack you.

Read Post

Mend

Read more about Introducing Mend Supply Chain Defender Integration with JFrog Artifactory

Amazon RDS Just-in-Time (JIT) Access With Teleport and Slack

Jun 3, 2022 By Janakiram MSV In Teleport

This blog is part three in a series about secure access to Amazon RDS. In Part 1, we covered how to use OSS Teleport as an identity-aware access proxy to access Amazon RDS instances running in private subnets. Part 2 explained implementing single sign-on (SSO) for Amazon RDS access using Okta and Teleport. In Part 3, we will guide you through the steps to configure privilege escalation for just-in-time access requests for Amazon RDS access.

Read Post

Teleport

Read more about Amazon RDS Just-in-Time (JIT) Access With Teleport and Slack

CVE-2022-26134 - Critical Vulnerability in Confluence Server & Data Center

Jun 3, 2022 By Sule Tatar In Arctic Wolf

On Tuesday, May 31, 2022, Volexity responsibly disclosed a remote code execution (RCE) vulnerability to Atlassian affecting all supported versions of Confluence Server & Data Center. The Object-Graph Navigation Language (OGNL) injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.

Read Post

Arctic Wolf

Read more about CVE-2022-26134 - Critical Vulnerability in Confluence Server & Data Center

We've joined the FIDO Alliance to build a better future for authentication

Jun 3, 2022 By Jeff Shiner In 1Password

I’m happy to announce that 1Password has joined the FIDO Alliance to help build safer, simpler, and faster login solutions for everyone. In fact, we’re already on our way … keep reading for a sneak peek at the future of authentication in 1Password.

Read Post

1Password

Read more about We've joined the FIDO Alliance to build a better future for authentication

Detecting and mitigating CVE-2022-26134: Zero day at Atlassian Confluence

Jun 3, 2022 By Alberto Pellitteri In Sysdig

A new zero day vulnerability actively exploited in the wild has been found in Atlassian Confluence. The vulnerability CVE-2022-26134 affects all supported versions of Confluence Server and Confluence Data Center allowing an unauthenticated user to run arbitrary commands remotely. The Atlassian team confirmed the vulnerability with an official tweet and then also published a security advisory to update its customers.

Read Post

Sysdig

Read more about Detecting and mitigating CVE-2022-26134: Zero day at Atlassian Confluence

Atlassian Confluence Vulnerability CVE-2022-26134

Jun 3, 2022 By Ryan Kovar In Splunk

If you want just to see how to find evidence of the Atlassian vulnerability in your Confluence systems, skip down to the “detections” sections. Otherwise, read on for a quick breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.

Read Post

Splunk

Read more about Atlassian Confluence Vulnerability CVE-2022-26134

Raising SIEM awareness and securing enterprise endpoints with Joseph Steinberg

Jun 3, 2022 By ManageEngine In ManageEngine

In this episode of ManageEngine Insights podcast, we'll explore various security concerns arising in enterprises and elsewhere. Enterprises need to consider both bottom-up and top-down approaches, as well as a wide variety of hardware and software-based security measures.

View Video

ManageEngine

Read more about Raising SIEM awareness and securing enterprise endpoints with Joseph Steinberg

PCI DSS 4 0 Requirements Explained

Jun 3, 2022 By VISTA InfoSec In VISTA InfoSec

PCI DSS 4.0 update has made a huge buzz in the industry post its release. Organizations are still scrambling to understand the changes introduced and learn about the requirements of PCI DSS. So, explaining the updates and the PCI requirements in detail VISTA InfoSec conducted an informative webinar on ”PCI DSS 4.0 Requirements Explained”. Watch the video and gain insight into the key updates introduced by the PCI Council.

View Video

VISTA InfoSec

Read more about PCI DSS 4 0 Requirements Explained

Forward Networks Adds New Verification Capabilities To Make Hybrid Multi-cloud Networks More Secure

Jun 2, 2022 By Forward Networks In Forward Networks

New Product Features and Rapid7 Integration Provide End-to-End Security Posture Verification and Enhanced Visibility to Help Engineers Accurately Prioritize Remediation.

Read Post

Forward Networks

Read more about Forward Networks Adds New Verification Capabilities To Make Hybrid Multi-cloud Networks More Secure

Microsoft zero-day vulnerability, Follina (CVE-2022-30190), exploited in the wild: Here's all you need to know

Jun 2, 2022 By General In ManageEngine

Follina—while we’re sure this commune in Italy is lovely, the same can’t be said about this new vulnerability by the same name for InfoSec folks. Thanks to a zero-day bug in the Microsoft Support Diagnostic Tool, Follina is now making the headlines but for all the wrong reasons. This blog talks in detail about the zero-day vulnerability in Microsoft Support Diagnostic Tool (MSDT), popularly known as Follina.

Read Post

ManageEngine

Read more about Microsoft zero-day vulnerability, Follina (CVE-2022-30190), exploited in the wild: Here's all you need to know

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Introducing Mend Supply Chain Defender Integration with JFrog Artifactory

Amazon RDS Just-in-Time (JIT) Access With Teleport and Slack

CVE-2022-26134 - Critical Vulnerability in Confluence Server & Data Center

We've joined the FIDO Alliance to build a better future for authentication

Detecting and mitigating CVE-2022-26134: Zero day at Atlassian Confluence

Atlassian Confluence Vulnerability CVE-2022-26134

Raising SIEM awareness and securing enterprise endpoints with Joseph Steinberg

PCI DSS 4 0 Requirements Explained

Forward Networks Adds New Verification Capabilities To Make Hybrid Multi-cloud Networks More Secure

Microsoft zero-day vulnerability, Follina (CVE-2022-30190), exploited in the wild: Here's all you need to know

Monthly Archive

Follow Us