Security

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

How we designed Ubuntu Pro for Confidential Computing on Azure

Dec 16, 2021 By Nikos Mavrogiannopoulos In Canonical

Not all data is destined to be public. Moving workloads that handle secret or private data from an on-premise setup to a public cloud introduces a new attack surface with different risks. As the public cloud environment shares its hardware infrastructure, a flaw in the clouds’ isolation mechanisms can be detrimental to the protection of sensitive data. The major public cloud environments tackle this by building their security following a defense-in-depth approach.

Read Post

Canonical

Read more about How we designed Ubuntu Pro for Confidential Computing on Azure

Log4j: Two Tricks to Make Your Next Vulnerability Less Chaotic

Dec 16, 2021 By Matt Beran In InvGate

Tl;dr: Log4j is a mess, if you’re chasing down the applications, services and servers that use Java; consider the suggestions below to make zero day patching easier.

Read Post

InvGate

Read more about Log4j: Two Tricks to Make Your Next Vulnerability Less Chaotic

JavaScript security: Vulnerabilities and best practices

Dec 15, 2021 By Anna Monus In Raygun

If you run an interactive website or application, JavaScript security is a top priority. There’s a huge array of things that can go wrong, from programmatic errors and insecure user inputs to malicious attacks. While JavaScript error monitoring can help you catch many of these issues, understanding common JavaScript security risks and following best practices is just as important.

Read Post

Raygun

Read more about JavaScript security: Vulnerabilities and best practices

Log4j Log4Shell Vulnerability: All You Need To Know

Dec 15, 2021 By JFrog In JFrog

On December 9, 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java. Since then, the trivially exploitable (weaponized PoCs are available publicly) and extremely popular library has reportedly been massively exploited and has gotten wide coverage on media and social networks.

View Video

JFrog

Read more about Log4j Log4Shell Vulnerability: All You Need To Know

Apache Log4j vulnerability and VMware

Dec 15, 2021 By OpsLogix In OpsLogix

Apache Log4j, an open-source logging software used in everything from online games to enterprise software and cloud data centers, has a severe security vulnerability that has security teams all over the world working frantically to correct it. The internet has been on high alert as hackers increase their efforts to target vulnerable systems, owing to its broad use.

Read Post

OpsLogix

Read more about Apache Log4j vulnerability and VMware

Detect Log4j RCE With Graylog GreyNoise

Dec 15, 2021 By Graylog In Graylog

Graylog experts Abe Abernethy and Jeff Darrington show you how to find the Log4j or Log4Shell with Graylog and integration with GreyNoise. #logmanagement #logmanagementdoneright Download Graylog Graylog on Social Media Graylog.

View Video

Graylog

Read more about Detect Log4j RCE With Graylog GreyNoise

Kroger Uses JFrog Xray for Software Security and License Compliance

Dec 15, 2021 By JFrog In JFrog

Kroger leverages the JFrog platform to give developers visibility into their software vulnerabilities and make informed decisions on what to fix. See how Kroger has implemented secure DevOps processes with automated vulnerability scanning and open-source software (OSS) license compliance capabilities to support their development and security teams.

View Video

JFrog

Read more about Kroger Uses JFrog Xray for Software Security and License Compliance

AppDynamics' response to our customers regarding the Log4j vulnerability threat

Dec 15, 2021 By Wei Li In AppDynamics

We know that the threat posed by the Log4j vulnerabilities is top of mind — and we’re here to help. Bookmark this post for ongoing updates.

Read Post

AppDynamics

Read more about AppDynamics' response to our customers regarding the Log4j vulnerability threat

Security vulnerabilities on the Data Distribution Service (DDS)

Dec 15, 2021 By Florencia Cabral Berenfus In Canonical

If you are currently running the Robot Operating System 2 (ROS 2), this piece is especially relevant to the security of your robots. A few weeks ago, a group of security researchers reported 13 security vulnerabilities affecting some of the most used implementations of DDS, the default middleware used by ROS 2.

Read Post

Canonical

Read more about Security vulnerabilities on the Data Distribution Service (DDS)

The Log4j Log4Shell vulnerability: Overview, detection, and remediation

Dec 14, 2021 By Zack Allen In Datadog

On December 9, 2021, a critical vulnerability in the popular Log4j Java logging library was disclosed and nicknamed Log4Shell. The vulnerability is tracked as CVE-2021-44228 and is a remote code execution vulnerability that can give an attacker full control of any impacted system. In this blog post, we will: We will also look at how to leverage Datadog to protect your infrastructure and applications.

Read Post