Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

What Is Metasploit?

In this quick guide for cybersecurity professionals, we’ve invited some of our favourite security experts who have previously worked with Metasploit to explain why this tool is so valuable for conducting effective penetration tests and network reconnaissance tasks. Our first expert Michael Roninson, Security Expert at Cerber Tech gives a brief overview of this tool and how to use it in his response below;

Sysdig contributes Falco's kernel module, eBPF probe, and libraries to the CNCF

Today, I’m excited to announce the contribution of the sysdig kernel module, eBPF probe, and libraries to the Cloud Native Computing Foundation. The source code of these components will move into the Falco organization and be hosted in the falcosecurity github repository. These components are at the base of Falco, the CNCF tool for runtime security and de facto standard for threat detection in the cloud.

Is my CI pipeline vulnerable?

Your continuous integration (CI) pipelines are at the core of the change management process for your applications. When set up correctly, the CI pipeline can automate many manual tasks to ensure that your application and the environments it runs in are consistent and repeatable. This pipeline can be an integral part of your security strategy if you use it to scan applications, containers, and infrastructure configuration for vulnerabilities.

Get more insights into your organization's mobile device posture information by using the Cortex XSOAR Pack for MobileIron (acquired by Ivanti) Core and Cloud

More than 52% of organizations now offer their employees, contractors and frontline workers the ability to work securely from any endpoint of their choice. This modern workplace includes diverse endpoints such as iOS, macOS, Android, Windows 10 devices, as well as other immersive and rugged devices such as HoloLens, Oculus, Zebra and more - and IT teams need a scalable solution to secure and manage them.

Defense Department Cybersecurity: All Ahead on Zero Trust

With the Defense Department’s quick and successful pivot to a remote workforce last Spring via its Commercial Virtual Remote (CVR) environment, it proved that the future to fully operate from anywhere in the world is now. Gone are the days of thousands of civilian employees heading into the Pentagon or other installations everyday. However, with this new disparate workforce comes increased risks for network security. As my colleague Bill Wright expertly noted last Summer.

Sysdig achieves Red Hat Vulnerability Scanner Certification

Image vulnerability scanning is a critical first line of defense for security with containers and Kubernetes. Today, Red Hat recognized Sysdig as a certified Red Hat security partner based on our work to standardize on Red Hat’s published security data with Sysdig Secure.

Dear CISO

As security practitioners, we all have things we want to be able to tell our CISO’s. We need to tell them we need more money, more headcount, we need to be able to tell them their baby (security program) is ugly. Everyone wants the ear of a CISO for the dollars they control. We just want their ear to help them understand what’s really going on in the industry and in their organization.

It Came From The Clouds

Beware that which lives amongst the Clouds. Or, ya know, just attack them mercilessly. One of the best parts about having such talented security pros at Splunk, is they also make amazing products. And some are even free. Enter the Cloud Attack Range, a detection development platform written/maintained by Splunkers Jose Hernandez and Mike Haag and open-sourced to everyone. Joining us will be Co-Founder of Red Canary Keith McCammon. Red Canary integrates with Attack Cloud to help generate attack data. It’s a true community project and we’re going to chat about it.