Operations | Monitoring | ITSM | DevOps | Cloud

Vulnerability

Understanding the Impact of the Kubernetes Security Flaw and Why DevSecOps is the Answer

It finally happened. At the start of DockerCon Europe and a week before KubeCon was set to take place in the U.S., researchers discovered the first major vulnerability within Kubernetes, the popular cloud container orchestration system.

Detecting jQuery File Upload vulnerability using Falco (CVE-2018-9206)

In the past few days, a new vulnerability was disclosed in a widely used component – jQuery File Upload plugin. A change in Apache’s Web Server security setting handling, exposed users of this plugin to an unrestricted file upload flaw. Let’s dig in on how to detect jQuery File Upload vulnerability (CVE-2018-9206) using Falco.

Spectre and Meltdown Vulnerabilities For GroundWork Users

Reports have recently surfaced about Spectre and Meltdown vulnerabilities in most modern computer systems. These so-called side-channel attacks can allow one program (e.g. a browser) to infer and even read data used by the CPU to execute another program… even a more privileged one. These vulnerabilities affect phones, ​tablets, ​desktops, servers, and cloud computing services.

Patching Spectre and Meltdown is Easy with AWS Systems Manager

Most likely you have heard about Spectre and Meltdown by now. It’s all over the news. As an IT or DevOps engineer, it’s now your job to patch your EC2 instance operating systems. This task can be “fun” if you need to SSH/RDP into every EC2 instance and apply patches. Or, it can be truly fun if you decide to use AWS Systems Manager to apply patches to your OS.