Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

tigera

Quick and easy vulnerability management with Calico Cloud

Aug 9, 2022 By Dhiraj Sehgal In Tigera

As more enterprises adopt containers, microservices, and Kubernetes for their cloud-native applications, they need to be aware of the vulnerabilities in container images during build and runtime that can be exploited. In this blog, I will demonstrate how you can implement vulnerability management in CI/CD pipelines, perform image assurance during build time, and enforce runtime threat defense to protect your workloads from security threats.

Read Post
Arctic Wolf

CVE-2022-31656 - Critical Authentication Bypass Vulnerability in Multiple VMware Products

Aug 8, 2022 By Sule Tatar In Arctic Wolf
On Tuesday, August 2, 2022, VMware disclosed a critical-severity authentication bypass vulnerability (CVE-2022-31656) impacting multiple VMware products, including VMware’s Workspace ONE Access, Identity Manager (vIDM), and vRealize automation. If successfully exploited, the vulnerability could allow a threat actor with network access to the user interface to obtain administrative access without needing to authenticate.
Read Post
Snyk

AWS re:Inforce 2022 recap

Aug 8, 2022 By Shilpi Bhattacharjee In Snyk

If you’re looking to catch up on what happened at this years AWS re:Inforce, this is the blog for you. There were many important announcements were this year, including some exciting updates on the cloud security front. In this post, we’ll quickly review the goals of the conference and who should attend, before diving into the keynote highlights, software updates, and helpful resources.

Read Post

Vulnerability Scans Are a Must but Not Enough

Aug 8, 2022 By SecurityScorecard In SecurityScorecard
Vulnerability scans test for different misconfigurations and report the vulnerabilities. But they have 2 big drawbacks: You need to get consent from a company before you do a vulnerability scan on them. You may get a very rigorous readout from a vulnerability scan. But then a sleep-deprived IT administrator misconfigured the system, making your report irrelevant. On the other hand, security ratings don’t need anybody’s consent and provide continuous, real-time monitoring.
View Video
netwrix

Open Port Vulnerabilities List

Aug 4, 2022 By Dirk Schrader In Netwrix

Insufficiently protected open ports can put your IT environment at serious risk. Threat actors often seek to exploit open ports and their applications through spoofing, credential sniffing and other techniques. For example, in 2017, cybercriminals spread WannaCry ransomware by exploiting an SMB vulnerability on port 445. Other examples include the ongoing campaigns targeting Microsoft’s Remote Desktop Protocol (RDP) service running on port 3389.

Read Post
Snyk

Securing PHP containers

Aug 4, 2022 By Neema Muganga In Snyk

According to Wappalyzer, PHP powers over twelve million websites. Not bad for a 28-year-old language! Despite its age, PHP has kept up with modern development practices. With support for type declarations and excellent frameworks like Laravel and Symfony, PHP is still a great way to develop web apps. PHP works well in containerized environments. With an official image available on Docker Hub, developers know they can access well-tested PHP container images to build on.

Read Post
Snyk

A definitive guide to Ruby gems dependency management

Aug 4, 2022 By Liran Tal In Snyk

Ruby, much like other programming languages, has an entire ecosystem of third-party open source libraries which it refers to as gems, or sometimes Ruby gems. These gems are authored by the community, and are available from RubyGems.org which is the official registry for Ruby libraries. Similarly to other open source ecosystems, threat actors may publish deliberate malicious code or such which includes backdoors or credentials harvesting.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.