Security

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

A visual guide to Calico eBPF data plane validation

Mar 31, 2022 By Chris Tomkins In Tigera

In previous blog posts, my colleagues and I have introduced and explored the Calico eBPF data plane in detail, including learning how to validate that it is configured and running correctly. If you have the time, those are still a great read; you could dive in with the Calico eBPF Data Plane Deep-Dive.

Read Post

Tigera

Read more about A visual guide to Calico eBPF data plane validation

Vulnerability Management - Intro to Torq Webinar

Mar 31, 2022 By Torq In Torq

As recent vulnerabilities like log4j have shown, having a standardized approach to identifying vulnerabilities and applying patches is essential to organizations looking to keep their systems safe from exploits. Whether it's preventative maintenance or responding to new 0-days, a continuous vulnerability management program ensures that security teams can rapidly identify risks and work cross-functionally to deploy patches and verify successful remediation.

View Video

Torq

Read more about Vulnerability Management - Intro to Torq Webinar

April Phools' Phishing Challenge

Mar 31, 2022 By NinjaOne In NinjaOne

Can you do what you advise your clients and spot a phishing attempt when you see one? Watch this "April Phools" edition of our MSP Live Chats series with special guest Connor Swalm, CEO of Phin Security, who showcased the latest tricks and tactics attackers are using to get victims on the hook. Don't miss OITVOIP CEO Ray Orsini, Lifecycle Insights' Alex Farling, and the rest of our panel as they played a high-stakes game of "spot the phish" on the LIVE event.

View Video

NinjaOne

Read more about April Phools' Phishing Challenge

CFEngine: The Agent Is In 11 - Infrastructure Hardening With CFEngine & Lynis

Mar 31, 2022 By CFEngine In CFEngine

"CFEngine: The Agent Is In" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.

View Video

CFEngine

Read more about CFEngine: The Agent Is In 11 - Infrastructure Hardening With CFEngine & Lynis

Elastic on Elastic - Using Elastic Observability to optimize the performance of detection rules in Elastic Security

Mar 30, 2022 By Dmitrii Shevchenko In Elastic

Elastic Security’s developer support team has recently seen a surge in reports from customers about sluggish performance in our UI. Our initial inspection of logs for troubleshooting provided some insights, but not enough for a true fix. Luckily, we have Elastic Observability and its APM capabilities to dive in deeper and look under the hood at what was really happening within Elastic Security. And, more importantly, how we could improve its performance for customers.

Read Post

Elastic

Read more about Elastic on Elastic - Using Elastic Observability to optimize the performance of detection rules in Elastic Security

VMware Tanzu Community Edition Taps in Cartographer for Building Secure Adaptable Cloud Native Supply Chains

Mar 30, 2022 By Beena More In VMware Tanzu

The latest update to the VMware Tanzu Community Edition further streamlines the path to production with the addition of Cartographer, an open source project to build and manage modern secure software supply chains.

Read Post

VMware Tanzu

Read more about VMware Tanzu Community Edition Taps in Cartographer for Building Secure Adaptable Cloud Native Supply Chains

What is Data Encryption and Why It's Recommended for Really Safe Online Security

Mar 30, 2022 By Internxt Team In Internxt

Encryption has come a long, long way over the last few years. Something once reserved only for militaries and governments, encryption has been made super accessible and has become standard practice in the tech industry. Whether it’s texts, photos, or word docs - it can, and should, be encrypted. Put simply, encryption scrambles any file sent or stored online into unreadable nonsense that can only be translated (or decrypted) by a user with a key.

Read Post

Internxt

Read more about What is Data Encryption and Why It's Recommended for Really Safe Online Security

Chrome Zero Day: Find vulnerable devices for patching

Mar 30, 2022 By InvGate In InvGate

Google issued an emergency security update due to the severity of exploit CVE-2022-1096. A few days later, Microsoft joined the recommendation, advising Chromium Edge users to update their browsers as well. Therefore, if you haven’t already, you should check your browser details to check if it’s updated to version 99.0.4844.84 of Chrome or version 99.0.1150.55 or higher of Edge. Matt Beran shows you how you can find vulnerable devices across your inventory for proactive patching using InvGate Insight.

View Video

InvGate

Read more about Chrome Zero Day: Find vulnerable devices for patching

Chrome zero-day: find devices with vulnerabilities across your inventory

Mar 30, 2022 By InvGate In InvGate

If you’re an asset manager or an application administrator, you must have had - or are about to have - a lot of work since there’s a new Chrome zero-day vulnerability in the wild. Google issued an emergency security update due to the severity of exploit CVE-2022-1096. A few days later, Microsoft joined the recommendation, advising Chromium Edge users to update their browsers as well.

Read Post

InvGate

Read more about Chrome zero-day: find devices with vulnerabilities across your inventory

Change in behavior: Directory permissions and the execute bit

Mar 29, 2022 By Nick Anderson In CFEngine

rxdirs has provided a convenient default when setting permissions recursively. When enabled (the default prior to version 3.20.0) a promise to grant read access on a directory is extended to also include execution since quite commonly if you want to read a directory you also want to be able to list the files in the directory. However, the convenience comes with the cost of complicating security reviews since the state requested on the surface is more strict than what is actually granted.

Read Post