1393 matches found
Why IaC Security Should Matter to CISOs
Explore how secure infrastructure-as-code IaC enables security leaders to help DevOps teams quickly deliver more business value...
High-Severity RCE Bug Found in Popular Apache Cassandra Database
Researchers have shared details about a now-patched, high-severity security bug in the Apache Cassandra open-source NoSQL distributed database that’s easy to exploit and, if left unpatched, could enable attackers to gain remote code execution RCE. The bug, which involves how Cassandra creates...
com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +94 more potentially affected by CVE-2022-25173 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.92)
org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2022-25173 Source advisory: OSV:GHSA-4M7P-55JM-3VW...
Analyzing DevSecOps vs. DevOps
Learn the difference between DevSecOps and DevOps and get tips to smoothly embed security throughout the entire build lifecycle...
Workshop: Building Modern Applications with DevOps Security
In this workshop, you’ll learn how to leverage DevOps Security with your serverless applications running on AWS Lambda or containerized applications running on AWS Fargate. Learn how to make cloud security more efficient, proactive, and gain visibility...
Apache Log4j: Mitigation for DevOps
What can DevOps teams do to mitigate Apache Log4j risks? Explore how to secure your apps for today and against future vulnerabilities...
What you need to know about how cryptography impacts your security strategy
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Taurus SA Co-founder...
Top 5 DevOps Resource Center Articles of 2021
We look back on the 5 most popular DevOps Resource Center articles in 2021 to help you build at your best in 2022...
Security Bulletin: Is Blueworks Live affected by CVE-2021-44228 (Log4j Vulnerability)?
Summary Is Blueworks Live affected by CVE-2021-44228 Log4j Vulnerability? Vulnerability Details Please refer to the Flash Alert published here: Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. Off Related...
KLA12396 RCE vulnerability in Microsoft Developer Tools
Remote code execution vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-44228 Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
log4j-CVE-2021-44228 On December 5, 2021, Apache identified a...
Announcing Property Manager Extensions for the Integrated Development Environment
We’re proud to announce the 1.0 release of the Property Manager extension to Visual Studio Code and Eclipse. With the new Property Manager extension, you can edit and validate Property Manager API PAPI JSON rule trees right from your integrated development environment IDE. It allows you to make a...
Over a Dozen Malicious NPM Packages Caught Hijacking Discord Servers
At least 17 malware-laced packages have been discovered on the NPM package Registry, adding to a recent barrage of malicious software hosted and delivered through open-source software repositories such as PyPi and RubyGems. DevOps firm JFrog said the libraries, now taken down, were designed to gr...
Kubernetes Guardrails: Bringing DevOps and Security Together on Cloud
Cloud and container technologies are being increasingly embraced by organizations around the globe because of the efficiency, superior visibility, and control they provide to DevOps and IT teams. While DevOps teams see the benefits of cloud and container solutions, these tools create a learning...
QSC Day 2 Recap: Innovation Makes for Better Defense, Improves Resilience
If 2020 was the year of disruption, then 2021 was characterized by high-profile—and low-profile—cyberattacks against the likes of JBS Supply, Colonial Pipeline, and Kaseya. Three years that underscored the need for organizations not only to defend themselves but to become resilient to weather and...
Application Security 101
Everything DevOps teams need to know about web application security risks and best practices...
Best practices in WAF gateways to meet the demands of digital transformation
Every day, digital transformation is changing every organization’s threat landscape. As a result, they are facing a dilemma about where and how to deploy their application security solution. One of the most common approaches that organizations take is to deploy a reverse proxy security solution i...
Guide: How to Hack API in 60 minutes or API Threats Simulation with Open-Source Tools
What is API? API is the abbreviation for Application Programming Interface, which is a product middle person that permits two applications to converse with one another. Useful link: Api security tutorial for beginners and professionals What Is API Testing: Benefits, Types, How To Start OpenAPI...
GitHub Revoked Insecure SSH Keys Generated by a Popular git Client
Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said...
Serverless protection for execution environments made easy
Serverless computing is transforming the way we build, ship, automate, and scale applications. With no infrastructure to manage, organizations can move from ideation to market faster, with virtually no operational overhead. Consequently, these enterprises can now focus on just the code that serve...