The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.
It’s more critical than ever to secure your company data and protect your workloads in the cloud. This blog post is a roundup of the latest technical resources and product capabilities by both Google Cloud and Splunk to enhance your threat prevention, detection, and response techniques, regardless of where you are in your business-transforming cloud journey.
We are pleased to announce that as of 13th April 2021, Dashbird has successfully completed its SOC 2 Type 2 audit. SOC 2 engagements are based on the AICPA’s Trust Service Criteria. SOC 2 audit reports focus on a Service Organization’s non-financial reporting controls as they relate to the Security of a system. The audit was conducted by Dansa D’Arata Soucia LLP.
It was revealed just a few days ago that US Federal investigators are looking into an intrusion and insertion of malicious code into Codecov. As many readers here will already know, Codecov is a software auditing tool that analyses your source code to check for the amount of test coverage. The intrusion targeted the Codecov bash uploader, which is a script that provides a way to send coverage reports to Codecov.
On March 9, 2021, Verkada, a software company that specializes in making security cameras for monitoring physical access control, was subject to a security hack. Hackers gained access to the video feed of at least 15 thousand cameras deployed across various locations and exposed the inner workings of hospitals, clinics, and mental health institutions; banks; police departments; prisons; schools; and companies like Tesla and Cloudflare.
The CVE-2021-20291 medium-level vulnerability has been found in containers/storage Go library, leading to Denial of Service (DoS) when vulnerable container engines pull an injected image from a registry. The container engines affected are: Any containerized infrastructure that relies on these vulnerable container engines are affected as well, including Kubernetes and OpenShift.
The Splunk Attack Range project has officially reached the v1.0 release. By achieving this milestone, we wanted to reflect on how we got here, what features we’ve built for v1.0 and what the future looks like for Splunk Attack Range. What is the Splunk Attack Range? 🧐
As we’ve hinted at before, 2021 will be a big year for CFEngine. In the summer, we will release CFEngine 3.18 LTS. This is the first LTS release with Compliance Reports , Custom Promise types , and all of the other improvements we’ve made over the past year .
When it comes to securing your production environment, it’s essential that your security teams are able to detect any suspicious activity before it becomes a more serious threat. While detecting clear-cut attacker techniques is essential, being able to spot unknowns is vital for full security coverage.
