Vulnerabilities are software bugs or weaknesses that could be used by an attacker. They could be present in the operating system, application code, and third-party code dependencies, such as libraries, frameworks, programming scripts, and so on. By taking a secure DevOps approach and identifying vulnerabilities early in development, you avoid frustrating developers with delays when an application is ready for production.

If you help to manage cloud environments, you’re probably familiar with the concept of identity lifecycle management. Identity lifecycle management helps you keep track of who is allowed to do what within your cloud. But merely understanding identity lifecycle management isn’t enough to administer modern cloud identities effectively. You also need a way to automate identity lifecycle management at massive scale.

CVE-2022-1271 is a new vulnerability affecting gzip, a widely used open source component for archiving, compressing, and decompressing files. CVE-2022-1271, also tracked in the Black Duck KnowledgeBase™ as BDSA-2022-0958, is a bug in gzip, a file format and software application used for archiving, compressing, and decompressing files.

The migration of assets to the Cloud has been the common denominator in company business strategies over the last two years, coupled with the rising number of incidents involving the theft of sensitive information and user passwords on Cloud platforms. According to the Verizon Data Breach Report 2021, in 2020 29,207 real-time security incidents were detected, out of which 5,258 were confirmed data breaches.

This blog was written by an independent guest blogger. In mid-March, Microsoft released a free, open-source tool that can be used to secure MikroTik routers. The tool, RouterOS Scanner, has its source code available on GitHub. It is designed to analyze routers for Indicators of Compromise (IoCs) associated with Trickbot. This article will introduce some background on the MikroTik vulnerability, the Trickbot malware, and some ways you can protect yourself.

You’ve secured your cloud identities. You’ve hardened your cloud security posture. You’ve configured strong cloud access controls. But there’s still one more thing you need in order to secure your cloud environment: a cloud workload protection platform, or CWPP. Cloud workload protection platforms secure the workloads that run on your cloud — which are distinct from the infrastructure, user identities and configurations that form the foundation of your cloud environment.

Cloud access control is a critical part of cloud security strategy. Without granular controls in place, unauthorized users could gain access to your data or even take down your entire cloud infrastructure. Solutions such as Cloud access broker solution (CASB) help you enforce access controls by acting as a layer separating users and cloud service providers.

Open source software adoption reaches higher levels every year. Recent figures show that over 70% of code used in codebases is open source. With a constant stream of new components comes increased requirements to manage the inherent risks associated with open source. Requirements that quickly turn into a necessity as supply chain attacks increased by 400% in 2021. The practice to identify and track open source components usually falls under the umbrella of Software Composition Analysis (SCA).