Operations | Monitoring | ITSM | DevOps | Cloud

Coding is a big part of building an application. But, most of the time, you don’t write the entire code. Yes, you don't! Some people, usually big companies, provide pre-written codes for certain standard functions - like loggers, APIs, etc. This is because these functions work the same way in most applications; they require only simple fine-tuning to be adapted for your program as well. In such a case, writing it all from scratch would be a waste. And that is why developers use libraries.

As we move into the new year, organizations can expect the number of cyberattacks to increase significantly. In order to battle these upcoming threats, effective patching and patch management processes will be essential. Before patching vulnerabilities, there are two main vulnerability assessments that IT teams should focus on: CVE & CVSS scores. Below, we’ll examine the importance of CVE & CVSS scores along with some of their uses and benefits in the cybersecurity space.

Vulnerability management should be among the highest priorities of organizations, especially within their IT environments. Skybox Security reports, “vulnerabilities have more than tripled over the past ten years.” With this exponential increase, they also report that cybercrime has continuously evolved and become a more complex threat. Vulnerability management aims to assert a level of control over this ever-present issue in the IT space.

On 10th December 2021, Apache foundation admitted the Log4Shell vulnerability of its Log4j 2.16 version. Chen Zhao Jun was an Alibaba cloud services security analyst who first found out about this security threat and consequently reported it to the foundation. Upon further investigation, they identified that the vulnerability had existed since 2013. Unfortunately, by then all the corporations, big and small were affected by this malicious security breach.

There is no end to zero-day attacks. Lessen the pain by spotting them early. In recent days two zero-day vulnerabilities against Microsoft on-premises Exchange Servers have been publicized and exploited. The good news is that Exchange cloud users such as Microsoft 365 customers, need not worry as these exploits are only against the on-premises versions.

Scan your packages for vulnerabilities and never miss new vulnerabilities as they get discovered. Create actionable workflows by quarantining packages over defined vulnerability levels.

IBM this week announced patches for high-severity vulnerabilities in IBM MQ, warning that attackers could exploit them to bypass security restrictions or access sensitive information. Messaging and queuing middleware, IBM MQ provides enterprise-grade messaging between applications, enabling the transfer of data between programs and the sending of messages to multiple subscribers. Two security issues were resolved in IBM MQ this week, both residing within the libcurl library.