Security

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Mitigating the Next Log4shell: Automating Your Vulnerability Management Program

Jan 3, 2022 By Leonid Belkind In Torq

As CVE-2021-44228, a.k.a "Log4Shell" or Apache Log4j Remote Code Execution vulnerability continues to send shockwaves across the world of software, many security vendors and practitioners are rushing to provide recommendations on dealing with the crisis. If you need immediate help mitigating the impact of Log4shell, we're here for that. But the goal of this post is to look forward. This isn't the first and won't be the last high-impact vulnerability to be uncovered. So it's worth preparing your organization for the next one, so that you can respond faster, mitigate and remediate sooner - and have fewer weekends like the last one.

Read Post

Torq

Read more about Mitigating the Next Log4shell: Automating Your Vulnerability Management Program

IoT's Importance is Growing Rapidly, But Its Security Is Still Weak

Jan 3, 2022 By curatauser In meshIQ

The weakest link in most digital networks is the person sitting in front of the screen – the defining feature of the Internet of People (IoP). Because that’s where, through cunning and manipulative tactics, unsuspecting recipients can be tricked into opening toxic links. Little do they know, however, they’ve unwittingly opened the gates to digital catastrophe. Of course, I have nothing against people. In fact, some of my best friends are people!

Read Post

meshIQ

Read more about IoT's Importance is Growing Rapidly, But Its Security Is Still Weak

Enhanced security for the Spot-Jenkins plugin

Jan 3, 2022 By Noam Stern In Spot

Many of Spot by NetApp customers run Jenkins as a core part of their CI/CD processes and use it together with Spot’s Elastigroup to deploy jobs running on spot instances. This integration has helped our customers realize up to 90% savings on cloud computing, and seamlessly fits into their existing DevOps workflows.

Read Post

Spot

Read more about Enhanced security for the Spot-Jenkins plugin

CFEngine: The Agent Is In 8 - Security Hardening Holiday Calendar

Jan 3, 2022 By CFEngine In CFEngine

"CFEngine: The Agent Is In" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.

View Video

CFEngine

Read more about CFEngine: The Agent Is In 8 - Security Hardening Holiday Calendar

5 key strategies for protecting legal privilege during security incidents

Jan 3, 2022 By Noam Morginstin In Exigence

When a cyber incident hits, there are certain questions that are asked right away almost every time...

Read Post

Exigence

Read more about 5 key strategies for protecting legal privilege during security incidents

CFEngine 2021 Retrospective

Dec 31, 2021 By Cody Valle In CFEngine

For our final blog post of 2021 and continuing our tradition, we’d like to reflect on all the CFEngine accomplishments throughout the year and provide a sneak peak of what to expect in 2022.

Read Post

CFEngine

Read more about CFEngine 2021 Retrospective

Log4J Does What?!!!

Dec 30, 2021 By Barak Merimovich In logz.io

You have probably heard of Log4Shell, the security vulnerability that has ‘earned’ itself an NIST rank of 10: In this post I will show a really basic example of how this vulnerability actually works. I will walk you through some basic usage of the Log4J library and then show how some fairly basic inputs into this library can cause truly unexpected, and potentially disastrous, outcomes.

Read Post

logz.io

Read more about Log4J Does What?!!!

Part I: A Journey Into the World of Advanced Security Monitoring

Dec 30, 2021 By Nitzan Gotlib In JFrog

Dealing with hundreds of security alerts on a daily basis is a challenge. Especially when many are false positives that waste our time and all take up too much of our valuable time to sift through. Let me tell you how our security team fixed this, as we built security around the JFrog products. First, let me tell you a little bit about our team.

Read Post

JFrog

Read more about Part I: A Journey Into the World of Advanced Security Monitoring

Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

Dec 30, 2021 By Ilya Khivrich In JFrog

The high risk associated with newly discovered vulnerabilities in the highly popular Apache Log4j library – CVE-2021-44228 (also known as Log4Shell) and CVE-2021-45046 – has led to a security frenzy of unusual scale and urgency. Developers and security teams are pressed to investigate the impact of Log4j vulnerabilities on their software, revealing multiple technical challenges in the process.

Read Post

JFrog

Read more about Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

Faster troubleshooting of microservices, containers, and Kubernetes with Dynamic Packet Capture

Dec 29, 2021 By Joseph Yostos In Tigera

Troubleshooting container connectivity issues and performance hotspots in Kubernetes clusters can be a frustrating exercise in a dynamic environment where hundreds, possibly thousands of pods are continually being created and destroyed.

Read Post