Operations | Monitoring | ITSM | DevOps | Cloud

On May 27, 2022, an interesting Microsoft Word doc was uploaded to VirusTotal by an independent security research team called nao_sec. The Word doc contains built-in code that calls an HTML file from a remote source that in-turn executes more (malicious) code and Microsoft Defender for Endpoint misses detection. Two days later, May 29, Kevin Beaumont publishes an article describing the behavior of this Word doc, and deems this a new 0-day vulnerability in Office/Windows products.

At Tigera, we strive to innovate at every opportunity thrown at us and deliver what you need! We have listened to what users ask and today we are excited to announce the early preview of Calico Enterprise 3.14. From new capabilities to product supportability and extending partnerships with our trusted partners, let’s take a look at some of the new features in this release.

Security can certainly be a broad brush topic. As a software engineer, you design and build to the best of your ability. In delivery methodologies of years gone by, sometimes security can be viewed as an afterthought e.g running security testing last before deploying. Today with the DevSecOps movement, one more set of concerns moves left towards the developer which is now security.

This blog is the second in a four-part series about how Puppet can help government agencies meet compliance and security requirements. Read the first post here. Zero Trust is a strategy created to combat system intrusions through a “never trust, always verify” model. DevSecOps is a collaborative software development strategy that integrates development, security, and operations practices into a continuously evolving lifecycle.

Right now, much of the security world is focused on the RSA conference in San Francisco, California. The Torq team has been preparing for the event for months—and we’re thrilled that we finally get a chance to talk about Torq in person with other security professionals.

It is critical that access to any configuration changes or management actions made to monitoring platforms are logged and traceably audited. In this article, I will help you learn how to discover the auditing capabilities in IT monitoring tools. You will learn how to audit and manage the monitoring platform itself and make sure that it is being used appropriately.

Organizations cannot rely on a single source of data on which to base their entire cybersecurity strategy – particularly their vulnerability management programs. Case in point: The National Vulnerability Database, or NVD. This publicly available database of known vulnerabilities covers an enormous array of all the different vulnerabilities that currently affect applications, software and hardware applications.

SSH or Secure Shell is one of the oldest protocols used in networking for secure encrypted communication between two systems and to remotely manage servers and other systems. Ever since its introduction, they have been adopted by IT teams in organizations all over the world to manage their assets. And SSH keys continue to play a significant role in granting secure access to computer systems, and with the cloud computing boom, they’re playing even more important roles. So what are SSH keys?

The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures "2022 Cybersecurity Almanac." The way that people work, the tools that they use, and the mindset they must adopt to protect the enterprise has to evolve to keep up with the threat landscape.