Security

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Docker container security: demystifying FIPS-enabled containers with Ubuntu Pro

Jun 2, 2023 By Valentin Viennot In Canonical

In today’s rapidly changing digital environment, the significance of robust Docker container security measures cannot be overstated. Even the containerised layer is subject to compliance standards, which raise security concerns and compliance requirements. Docker container security measures entail safeguarding our lightweight, appliance-type containers –each encapsulating code and its dependencies– from threats and vulnerabilities.

Read Post

Canonical

Read more about Docker container security: demystifying FIPS-enabled containers with Ubuntu Pro

Protecting Our Partners from Cyber Attacks

Jun 2, 2023 By N-able In N-able

N-able Chief Security Officer David MacKinnon discusses how we protect our partners from cyber attacks.

View Video

N-able

Read more about Protecting Our Partners from Cyber Attacks

Securing Apache Spark Big Data Operations

Jun 2, 2023 By Canonical In Canonical

Apache Spark is an open source toolkit that helps users develop parallel, distributed data engineering and machine learning applications and run them at scale. In this webinar, Rob Gibbon – product manager, and Massimiliano Gori – senior information security lead, will survey the state of big data security best practices and outline both high level architectures and pragmatic steps that you can take to secure your Spark applications – wherever they may be running.

View Video

Canonical

Read more about Securing Apache Spark Big Data Operations

The Human Element of Preventing Supply Chain Attacks: Security Insights Podcast Ep. 12

Jun 1, 2023 By Ivanti In Ivanti

Welcome to Security Insights: where best-practice cybersecurity meets the real-world risks, workplaces, and roadblocks you face every day. Join Chris Goettl, head of Endpoint Security Product Management, and Ashley Stryker, your cybersecurity "rubber duck", as they review the security strategies and tactics that truly matter to the information security teams protecting organizations, agencies, and businesses like yours.

View Video

Ivanti

Read more about The Human Element of Preventing Supply Chain Attacks: Security Insights Podcast Ep. 12

Top 3 SIEM Optimizations - How to Get More From Your Existing Tech Stack

Jun 1, 2023 By Bradley Chambers In Cribl

In today’s digital-first world, most security problems are actually data problems, and data volumes are outpacing organizations’ abilities to handle, process, and get value from it. You’ll have 250% more data in five years than you have today, but the chances of your budget increasing to match that are slim. The challenges that come with managing the rise in enterprise data volume directly affect your ability to adequately address cybersecurity risks.

Read Post

Cribl

Read more about Top 3 SIEM Optimizations - How to Get More From Your Existing Tech Stack

Zero trust security for CI/CD pipelines

Jun 1, 2023 By Jacob Schmitt In CircleCI

The zero trust security model is an approach to network security that enforces strict access controls and authentication at every stage of the software development lifecycle. It treats every user, device, and transaction as a security risk and uses the principle of least privilege to restrict access to sensitive resources and minimize the potential attack surface.

Read Post

CircleCI

Read more about Zero trust security for CI/CD pipelines

Migrating to cfbs

Jun 1, 2023 By Nick Anderson In CFEngine

Traditionally, CFEngine policy sets are managed as a whole. When upgrading the Masterfiles Policy Framework (MPF)1 users must download the new version of the policy framework and integrate it into the existing policy set, carefully diffing the vendored policy files against their currently integrated policy. Updates to policy authored by others must be sought out and similarly integrated.

Read Post

CFEngine

Read more about Migrating to cfbs

Don't Take the Bait: Tips to Avoid Falling Victim to Phishing and Baiting

May 31, 2023 By OpsMatters In OpsMatters

The old days of a hacker sitting alone in a basement typing feverishly to breach a database are over. That's just for the movies. In the real world, almost all cyberattacks are socially engineered, meaning we fall for scams. Of course, there are levels to creating a scam. It can range anywhere from getting an email from a Nigerian prince claiming you've won millions of dollars to an email from your bank asking for your personal information. With so many situations to look out for, here are some general tips so you don't take the bait.

Read Post

OpsMatters

Read more about Don't Take the Bait: Tips to Avoid Falling Victim to Phishing and Baiting

Why Your Observability Strategy Needs Security Observability

May 31, 2023 By Jeff Stewart In SolarWinds

An observability strategy helps many businesses support the stability and performance of complex, distributed IT environments. Since you may already be tracking the three pillars of observability—metrics, logs, and traces—why shouldn’t you also use the endless stream of telemetry data to identify security risks and vulnerabilities, just as you use it to monitor and stabilize operations? Even the best-planned observability strategy is incomplete without the fourth pillar of security.

Read Post

SolarWinds

Read more about Why Your Observability Strategy Needs Security Observability

Grafana Labs partners with GitHub to enable secret scanning

May 31, 2023 By Victor Cinaglia, Joao Guerreiro In Grafana

As part of our ongoing commitment to security, we are excited to announce we have partnered with GitHub to protect our users on public repositories via GitHub’s secret-scanning feature. Through the partnership, GitHub will notify Grafana Labs when one of the following secret types is exposed in the code of a public repository: GitHub actively monitors public repositories for leaked secrets. When a secret is detected, its hash is stored in Grafana Labs’ Secret Scanning API.

Read Post