Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts

2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of...

Wiz extends vulnerability scanning support to MacOS instances

Wiz customers can now detect vulnerabilities in MacOS workloads and their software components with agentless scanning, and assess their secure configurations against built-in CIS Benchmarks for Apple MacOS...

Docker and Kubernetes, we have got you covered: Wiz simplifies compliance and security posture management for Docker and Kubernetes environments.

Ensure that your Docker and Kubernetes environments are secure and compliant with CIS benchmarks. Generate reports quickly and easily and remediate any issues with actionable insights...

Casting a Light on Shadow IT in Cloud Environments

What is Shadow IT? The term “Shadow IT” refers to the use of systems, devices, software, applications, and services without explicit IT approval. This typically occurs when employees adopt consumer products to increase productivity or just make their lives easier. This type of Shadow IT can be...

Wiz: First agentless cloud security vendor to attain CIS SecureSuite Vendor Certification for cloud-managed Kubernetes

Confidently ensure your Kubernetes environments are compliant with CIS Benchmarks for cloud-managed Kubernetes. Quickly generate compliance reports and remediate any issues without hassle...

Risk Fact #5: Infrastructure Misconfigurations Open the Door to Ransomware

Qualys Blog Series – Threat Research Unit Report In this last blog of our series describing the top Risk Facts discovered in the 2023 Qualys TruRisk Research Report, we go under the hood to better understand Risk Fact 5: Infrastructure misconfigurations open the door to ransomware Misconfiguratio...

Update for CIS Google Cloud Platform Foundation Benchmarks - Version 1.3.0

The Center for Internet Security CIS recently released an updated version of their Google Cloud Platform Foundation Benchmarks - Version 1.3.0. Expanding on previous iterations, the update adds 21 new benchmarks covering best practices for securing Google Cloud environments. The updates were broa...

Cloudsploit - Cloud Security Posture Management (CSPM)

Quick Start Generic $ git clone https://github.com/aquasecurity/cloudsploit.git $ cd cloudsploit $ npm install $ ./index.js -h Docker $ git clone https://github.com/aquasecurity/cloudsploit.git $ cd cloudsploit $ docker build . -t cloudsploit:0.0.1 $ docker run cloudsploit:0.0.1 -h $ docker run -...

Kubernetes Guardrails: Bringing DevOps and Security Together on Cloud

Cloud and container technologies are being increasingly embraced by organizations around the globe because of the efficiency, superior visibility, and control they provide to DevOps and IT teams. While DevOps teams see the benefits of cloud and container solutions, these tools create a learning...

Career Navigator talk for IT Hub College

Last week I gave a "Career Navigator" talk for the students of the IT Hub College in Moscow. By the way, this college has a very interesting practical information security program. If it is relevant for you, check it out. Ive never talked so much about myself in public. It was like giving advises...

How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability

Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash and...

How to Improve Azure Security with CIS Benchmarks

View Trend Micro Cloud One™ – Conformity in action! Read along as Chuck walks you through how to run a CIS report to see how to improve and remediate misconfigurations via a Conformity Bot...

Harbian-Audit - Hardened Debian GNU/Linux Distro Auditing

Hardened Debian GNU/Linux and CentOS 8 distro auditing. The main test environment is in debian GNU/Linux 9/10 and CentOS 8, and other versions are not fully tested. There are no implementations of desktop and SELinux related items in this release. The code framework is based on the OVH-debian-cis...

Qualys Adds Cloud Agent Linux Support for AWS ARM-Based EC2 Instances

Releasing this week May 26, 2020, Qualys adds Cloud Agent Linux support for Amazon Web Services EC2 instances powered by ARM processors including the new Graviton2 processor. AWS Graviton2 processors power Amazon EC2 M6g, C6g, and R6g instances that provide up to 40% better price performance over...

Policy Compliance Library Updates, January 2020

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

Qualys Policy Compliance Notification: Policy Library Updates (April, May)

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

Qualys Policy Compliance Notification: Policy Library Update (March)

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...