Security

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Google's New 'Badge of Shame' for Slow Websites

Feb 25, 2020 By Georgina Grant-Muller In RapidSpike

Google recently announced a new ‘Badge of Shame’ for slow websites in Chrome to improve user experience. We explain what this new badge means for websites and provide some tips to help you speed up your site.

Read Post

RapidSpike

Read more about Google's New 'Badge of Shame' for Slow Websites

Plugging Git Leaks: Preventing and Fixing Information Exposure in Repositories

Feb 25, 2020 By Julien Cretel In Honeybadger

Have you ever been neck-deep building a new feature? You're working at capacity. You need to test something out so you paste an API key into your source file with every intention of removing it later. But you forget. You push to GitHub. It's an easy mistake, and potentially a very expensive one. In this article, Julien Cretel explores the nuances of this kind of data leak, offers suggestions for recovery when leaks happen and gives us options for preventing them in the first place.

Read Post

Honeybadger

Read more about Plugging Git Leaks: Preventing and Fixing Information Exposure in Repositories

How to Stop the Use of Anonymizer Websites on Your Network With SolarWinds Security Event Manager

Feb 25, 2020 By SolarWinds In SolarWinds

Your organization has internet use policies in place for multiple reasons: protecting your network against security breaches, keeping organizational costs down, and protecting your employees, end users, or customers. Anonymizer websites provide a workaround to these policies that can put your organization at risk. In this video we'll show you how to identify and stop the use of anonymizer websites on your network with SolarWinds Security Event Manager.

View Video

SolarWinds

Read more about How to Stop the Use of Anonymizer Websites on Your Network With SolarWinds Security Event Manager

Episode 3: SSH Keys For Server Authentication

Feb 25, 2020 By Request Metrics In Request Metrics

In the previous video, we created a build for our new project. Now we are configuring access to the development server using SSH keys. Follow along as we create a new SSH key pair using Git Bash. We'll use PuTTY and the new key to SSH to our Linux server from a Windows machine. Generating a new SSH key is not too difficult, but there are a few gotchas when using Windows. We are going through this exercise because Eric and Jordan develop on Windows. Todd watches in amusement as his MacOS machine "just works".

View Video

Request Metrics

Read more about Episode 3: SSH Keys For Server Authentication

Episode 3.5: Basic Ansible With SSH Keys

Feb 25, 2020 By Request Metrics In Request Metrics

Now that we have a SSH key, we can configure the server to host our ASP.NET Core application. We use Ansible for this because of its relative simplicity vs many of the other available tools. Some extra steps are needed however when running Ansible running in WSL.

View Video

Request Metrics

Read more about Episode 3.5: Basic Ansible With SSH Keys

A PagerDuty Security Debrief

Feb 24, 2020 By Joseph Mandros In PagerDuty

Today is day one of the RSA Security Conference in San Francisco, where thousands of security professionals from around the world come together to share new ideas, discuss global security vulnerabilities, and explore the latest technologies in the security industry.

Read Post

PagerDuty

Read more about A PagerDuty Security Debrief

Pre-RSA Twitter Poll: 3 Interesting Observations on SOC, SIEM and Cloud

Feb 21, 2020 By Dana Torgersen In Sumo Logic

In advance of the RSA Conference 2020, we wanted to get a pulse of attendees’ perceptions on a few topics, specifically challenges facing modern SOCs (security operations centers) and the value they are getting from technologies such as analytics, automation, and their SIEM tools. To get this, we fielded a series of questions to the Twitter-verse and received nearly 17,000 votes! After going through the results, we found a few interesting things…

Read Post

Sumo Logic

Read more about Pre-RSA Twitter Poll: 3 Interesting Observations on SOC, SIEM and Cloud

The Power of Splunk Security Essentials + Accedian Skylight Powered Security

Feb 21, 2020 By guest In Splunk

As new technologies emerge, end-to-end application stacks continue to grow, and connected devices become more omnipresent in everyday lives, our society will only become more intrinsically connected across multiple touchpoints. It’s even estimated that in the US alone, there will be roughly 200 billion IoT devices by the end of 2020.

Read Post

Splunk

Read more about The Power of Splunk Security Essentials + Accedian Skylight Powered Security

Image scanning for CircleCI

Feb 20, 2020 By Fede Barcelona In Sysdig

In this blog post, we are going to cover how to perform container image scanning for CircleCI using Sysdig Secure. Image scanning allows DevOps teams to detect and resolve issues, like known vulnerabilities and incorrect configurations, directly in their CI/CD pipelines. Using Sysdig Secure, you can enforce image policies to block vulnerabilities before they reach production environments and fix them faster while the developer still has the context.

Read Post

Sysdig

Read more about Image scanning for CircleCI

SIEM Yara Rules

Feb 20, 2020 By Steven Dietz In Sumo Logic

The tongue-in-cheek named malware detection tool, Yet Another Recursive Acronym (YARA) is described as “the pattern-matching Swiss Army knife for malware researchers (and everyone else)”. The Sumo Logic Cloud SIEM Enterprise platform is one of the first SIEM solutions to incorporate it as a built-in feature. This gives blue teamers an additional layer of detection built into the SIEM.

Read Post