Since we launched Puppet Comply last year, we’ve been working hard to build out the solution’s capabilities so that we can provide our customers with more options in implementing a continuous compliance program, and become more proactive and efficient in how they manage compliance. A key activity in any strong continuous compliance program is remediation.
When we discuss cybersecurity and the threat of cyber attacks, many may conjure up the image of skillful hackers launching their attacks by way of undiscovered vulnerabilities or using cutting-edge technology. While this may be the case for some attacks, more often than not, vulnerabilities are revealed as a result of careless configuration and inattention to detail. Doors are left open and provide opportunities for attacks.
Yet another Puppetize Digital is in the (online only) books. Our second annual virtual conference drew attendees from around the globe, bringing together the people at the center of automation. If you weren’t able to attend this year’s event live, worry not! You can watch the entire conference on-demand here. Read on for Puppetize highlights!
Apache has disclosed a critical actively exploited path traversal flaw in the popular Apache web server, version 2.4.49. This path traversal means that an attacker can trivially read the contents of any file on the server that the Apache process has access to. This could expose highly sensitive information, even as critical as the server's own private SSL certificates. See the Sonatype blog for more technical information on the vulnerability.
It has been argued that automation in the workplace tends to be misunderstood. Analysts are keen to point out that, despite myths to the contrary, automation isn't going to put most people out of work, for instance. Nor is AI going to become a real substitute for actual human intelligence. These are compelling arguments for rethinking the way we think about automation in general. But you can take the points further if you analyze the impact of automation on specific domains, such as cybersecurity. Indeed, automation is perhaps nowhere more misunderstood than in the realm of cybersecurity. To prove the point, here are five common myths about automation's impact on security, and why they're wrong.
Manually managing groups on a large infrastructure can be a tedious task, and is therefore best suited through automation software like CFEngine. Unfortunately - at time of writing - CFEngine does not have any built-in promise types for managing groups. But fear not; in CFEngine 3.17, custom promise types were introduced.
