Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

We've successfully completed our SOC 2 audit

We're very pleased to announce that incident.io is now SOC 2 compliant, having successfully completed our Type I audit. Put simply, this means an external auditor has looked at how the company is operating, and how our software is managed and operated, and confirmed that we meet a set of high security standards.

Log4j critical vulnerability advice for customers

At Avantra, our customers trust us to keep their business operations based on SAP running smoothly. I have written in the past about the importance of SAP security, and how I believe that in the next few years, SAP risks becoming an attack vector for hackers. It should come as no surprise that security is an area in which Avantra has invested significantly since I became CEO.

Log4Shell: How We Protect Sematext Users

On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j 2 version 2.14.1 or below to be compromised and allow an attacker to execute arbitrary code on the vulnerable server. This vulnerability was registered on the National Vulnerability Database as CVE-2021-44228, with a severity score of 10. Here is a diagram of the attack chain from the Swiss Government Computer Emergency Response Team (GovCERT).

Your Log4shell Remediation Cookbook Using the JFrog Platform

Last week, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th. MITRE assigned CVE-2021-44228 to this vulnerability, which has since been dubbed Log4Shell by security researchers.

"I love it when a plan comes together"-the questions to ask your customers before the next software vulnerability

I’m probably dating myself, but I used to love the television show The A-Team when I was little. Every week, the team would be put into the middle of a problem and work together to overcome some challenge. Plus, they had Mr. T and a really cool van.

Experiment with Calico BGP in the Comfort of Your Own Laptop!

Yes, you read that right – in the comfort of your own laptop, as in, the entire environment running inside your laptop! Why? Well, read on. It’s a bit of a long one, but there is a lot of my learning that I would like to share. I often find that Calico Open Source users ask me about BGP, and whether they need to use it, with a little trepidation. BGP carries an air of mystique for many IT engineers, for two reasons.

Nastel Products Are Not Affected by Log4j Vulnerability Issues

Recent news about Log4j has enterprises and vendors scrambling for information and answers, including customers of messaging middleware and Integration Infrastructure Management (i2M) products. Nastel Technologies customers will not be exposed to any risks from this vulnerability, but enterprises are encouraged to check with their Cloud and other solution vendors to protect themselves and their data.

The wrong lessons to learn from the Log4j vulnerability

Log4j and Java sucks, but I don't use that, so I'm safe...right? Wrong. This video walks through the wrong lessons to take away from the huge Log4j remote code execution vulnerability, and points you at the lessons you should be learning instead. While the Log4j vulnerability may not directly affect you, its type of vulnerabilities certainly do.

SecOps for Safer, More Efficient ITOps

When the Nobel Prize for physics was announced in October 2021, one of the winners was Italian theoretical physicist Giorgio Parisi, whose groundbreaking research helped decode complex physical systems, opening the door for breakthroughs in mathematics, science, and artificial intelligence. Decoding complex physical systems? If the science thing didn’t work out, Parisi could have pursued a career in security operations.