When it comes to securing your software development against open source vulnerabilities, the earlier action occurs — by the right person — the safer you and your enterprise will be. Many IT departments rely on the PagerDuty incident response platform to improve visibility and agility across the organization.

On Tuesday, January 26, 2021, Apple released version 14.4 of its iOS, iPadOS, and tvOS products that included patches for three security vulnerabilities that affect iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation, as well as Apple TV.

Splunk Phantom 4.10 introduced many new enhancements, including the ability to develop playbooks in Python 3. In fact, Python 3 is now the default for Splunk Phantom playbooks. In doing so, we needed to create two different “playbook runners” to ensure we could continue to support playbooks written in Python 2.7 while also supporting Python 3.

The defense evasion category inside MITRE ATT&CK covers several techniques an attacker can use to avoid getting caught. Familiarizing yourself with these techniques will help secure your infrastructure. MITRE ATT&CK is a comprehensive knowledge base that analyzes all of the tactics, techniques, and procedures (TTPs) that advanced threat actors could possibly use in their attacks. Rather than a compliance standard, it is a framework that serves as a foundation for threat models and methodologies.

In the mid of December, SolarWinds disclosed that the company experienced a highly sophisticated, manual supply chain attack on versions of the Orion network monitoring product released in March – June 2020. The company shared that the attack was most likely conducted by foreign hackers and intended to be narrow, remarkably targeted, and manually executed attack.

Making sure your SQL Servers are secured against malicious users is difficult. How can you know that you’ve done enough? How do you know you’re protected from the things that actually worry you? The United States Defense Information Systems Agency (DISA) publishes a set of guidelines for organizations securing different pieces of software that connect to the US Department of Defense’s networks (DoD).

Elastic moved from an open source license for Elasticsearch and Kibana to a “source available” (aka closed source) license. It was supposed to shut down SaaS companies, but what does it mean for Managed Security Service Providers? Managed Security Service Providers, or MSSPs, are a growing segment in the security business. These firms specialize in deploying security infrastructure, aggregating monitoring and event data, and proactively hunting threats.

We are excited to announce that CFEngine is now using GitHub Discussions. GitHub Discussions is a feature of GitHub repos, and similar to Q&A platforms like Stack Overflow, and other online forums. After testing it out for a few weeks we are pleased with how it works and want to encourage all our users to try it.

Emerging technologies impact many areas of an organization, but their impact on staffing is often overlooked. It would be ideal for public sector organizations, and state governments, in particular, to be able to adopt new technologies and hire the appropriate staff quickly and easily to optimize operations. State government managers face barriers such as a lack of budget, limited resources, minimal training, and unclear priorities—impeding speedy adoption.