Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Elastic is going closed-source. Where does that leave MSSPs?

Elastic moved from an open source license for Elasticsearch and Kibana to a “source available” (aka closed source) license. It was supposed to shut down SaaS companies, but what does it mean for Managed Security Service Providers? Managed Security Service Providers, or MSSPs, are a growing segment in the security business. These firms specialize in deploying security infrastructure, aggregating monitoring and event data, and proactively hunting threats.

Introducing GitHub Discussions for CFEngine

We are excited to announce that CFEngine is now using GitHub Discussions. GitHub Discussions is a feature of GitHub repos, and similar to Q&A platforms like Stack Overflow, and other online forums. After testing it out for a few weeks we are pleased with how it works and want to encourage all our users to try it.

Calico Enterprise Multi Cluster Management - Federated Identity and Services

Managing multiple Kubernetes clusters can become time consuming and complex. Calico Enterprise can help with built in multi-cluster management capabilities to simplify deployment and ongoing operations, including securing interactions between the clusters, and providing cross-cluster service discovery.

Applying Strong Cyber Hygiene Security to IoT Endpoints

The Internet of Things, better known as IoT. You’ve heard of it, right? But do you know what it is? Simply, it is the interconnection of things (or endpoints) on the Internet to send and receive data. Today, experts calculate that there are 31 billion things connected to the insecure Internet, and growing exponentially. Did you know there are different types of IoT applications?

How We Use InfluxDB for Security Monitoring

At InfluxData, we believe it makes sense to use a time series database for security monitoring. In summary, it’s because security investigations are inevitably time-oriented — you want to monitor and alert on who accessed what, from where, at which time — and time series databases like InfluxDB are very efficient at querying the data necessary to do this.

How to detect sudo's CVE-2021-3156 using Falco

A recent privilege escalation heap overflow vulnerability (CVSS 7.8), CVE-2021-3156, has been found in sudo. sudo is a powerful utility built in almost all Unix-like based OSes. This includes Linux distributions, like Ubuntu 20 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). This popular tool allows users to run commands with other user privileges.

Detecting the Sudo Baron Samedit Vulnerability and Attack

On January 26th, 2021, Qualys reported that many versions of SUDO (1.8.2 to 1.8.31p2 and 1.9.0 to 1.9.5p1) are vulnerable (CVE-2021-3156) to a buffer overflow attack dubbed Baron Samedit that can result in privilege escalations. Qualys was able to use this vulnerability to gain root on at least Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2), some of the most modern and widely used Linux operating systems.