Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

jfrog

Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling

Sep 7, 2021 By Ori Hollander and Or Peles In JFrog
JFrog Security research teams are constantly looking for new and previously unknown vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a potentially critical vulnerability in HAProxy, a widely used open-source load balancer proxy server that is particularly suited for very high traffic web sites and used by many leading companies.
Read Post
broadcom

Security Testing in an Agile Development World

Sep 7, 2021 By Pratima Mishra In Broadcom

Security testing is a key component of software quality. A program may meet functionality and performance requirements, but that does not guarantee security. In this blog post I will present different security testing methods and provide a few tips for conducting a more secure code review. But first, let’s understand what software security is intended for.

Read Post
opsmatters

Why DDoS remains a bigger threat than ever in the age of the cloud

Sep 6, 2021 By OpsMatters In OpsMatters
Distributed denial of service attacks are one of the most established, and oldest, modes of cyber attack, dating back at least a quarter of a century to the mid-1990s. The cloud, on the other hand, is one of the newer revolutions in the tech world. While the term "cloud computing" was actually coined at approximately the same time as the inaugural DDoS attack, it is only over the past several years that the cloud has truly become a ubiquitous part of the computing landscape.
Read Post
coralogix

Elasticsearch Audit Logs and Analysis

Sep 5, 2021 By Joanna Wallace In Coralogix

Security is a top-of-mind topic for software companies, especially those that have experienced security breaches. Companies must secure data to avoid nefarious attacks and meet standards such as HIPAA and GDPR. Audit logs record the actions of all agents against your Elasticsearch resources. Companies can use audit logs to track activity throughout their platform to ensure usage is valid and log when events are blocked.

Read Post

Risk Mitigation Strategies for Tcp/IP Vulnerabilities in OT

Sep 4, 2021 By JFrog In JFrog
JFrog in collaboration with Forescout Research Labs recently released the fourth study from Project Memoria - the industry’s most comprehensive study of TCP/IP vulnerabilities. INFRA:HALT covers 14 vulnerabilities affecting the popular closed source TCP/IP stack NicheStack. These vulnerabilities can cause Denial of Service or Remote Code Execution, allowing attackers to take targeted OT and ICS devices offline or take control of them.
View Video
logz.io

Assign Read-Only Access to Users in Logz.io

Sep 3, 2021 By Noa Levi In logz.io

Cloud monitoring and observability can involve all kinds of stakeholders. From DevOps engineers, to site reliability engineers, to Software Engineers, there are many reasons today’s technical roles would want to see exactly what is happening in production, and why specific events are happening. However, does that mean you’d want everyone in the company to access all of the data?

Read Post
codefresh

How to Handle Secrets Like a Pro Using Gitops

Sep 3, 2021 By Kostis Kapelonis In Codefresh

One of the foundations of GitOps is the usage of Git as the source of truth for the whole system. While most people are familiar with the practice of storing the application source code in version control, GitOps dictates that you should also store all the other parts of your application, such as configuration, kubernetes manifests, db scripts, cluster definitions, etc. But what about secrets? How can you use secrets with GitOps?

Read Post
servicenow

5 ways federal agencies can augment a zero-trust architecture

Sep 2, 2021 By Marcel Shaw In ServiceNow

A May 2021 executive order mandated that federal government agencies invest in both technology and personnel to centralize and streamline access to cybersecurity data, accelerate migration to secure cloud architectures, and advance toward a zero-trust architecture. A zero-trust architecture doesn’t refer to a predefined, out-of-the-box network security solution. It’s a strategy based on an agency’s cybersecurity plan that contains a collection of zero-trust concepts.

Read Post
Sponsored Post
Torq

Automated Threat Intelligence: An Overview

Sep 1, 2021 By Theo Despoudis In Torq

SecOps and security teams spend an excessive amount of time sifting through low-value, poorly-contextualized alarm data rather than actively hunting for valid threats. This is because bad actors are constantly looking to steal whatever they can hold onto with the least exposure. Recent ransomware attacks in critical business sectors only serve as reminders that organizations cannot lie dormant. This blog post will unpack strategies to help overcome these challenges and explain why integrating threat intelligence with security orchestration and automation is critical for an effective security operations strategy.

Read Post
virtualmetric

What is Forensic Analysis and Why is it Important for the Security of Your Infrastructure

Sep 1, 2021 By Antonia Shehova In VirtualMetric

With the advent of cybercrime in recent years, tracking malicious online activities has become imperative for protecting operations in national security, public safety, law and government enforcement along with protecting private citizens. Consequently, the field of computer forensics is growing, now that legal entities and law enforcement has realized the value IT professionals can deliver.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.