Tag: InfoWorld Security

This article has been indexed from InfoWorld Security Argo CD is a popular open source, continuous delivery (CD) platform for Kubernetes that is used by hundreds of organizations globally. Recently, a serious vulnerability in Argo CD was uncovered by Apiiro,…

Read more →

This article has been indexed from InfoWorld Security The popular NPM registry of JavaScript packages was described as a playground for malicious actors by software scanning services provider WhiteSource Software, which has published a report of its vulnerability analysis of…

Read more →

This article has been indexed from InfoWorld Security Outside the insurance industry, few people likely noticed that Lloyd’s of London “will no longer cover the fallout of cyberattacks exchanged between nation-states.” It would be easy to overlook, except that Lloyd’s is a…

Read more →

This article has been indexed from InfoWorld Security This point release arriving January 20, 2022, just days after Rust 1.58, fixes a race condition in the std::fs::remove_dir_all standard library function. This vulnerability is tracked at CVE-2022-21658 and there was an…

Read more →

This article has been indexed from InfoWorld Security Whitfield Diffie and Martin Hellman were outsiders in the field of cryptography when they devised a scheme hitherto unknown: The ability to establish secure communications over public channels between two parties that…

Read more →

This article has been indexed from InfoWorld Security In the wake of a recent incident that wreaked havoc on the NPM package registry, a new group of maintainers is reestablishing the Faker project, making it a community effort. The previous…

Read more →

This article has been indexed from InfoWorld Security Suse has open sourced the code for the NeuVector container runtime security platform under an Apache 2.0 license on GitHub, less than three months after acquiring the company. Container runtime security is…

Read more →

This article has been indexed from InfoWorld Security If 2020 was the year that we became acutely aware of the consumer goods supply chain (toilet paper, anyone? Anyone?), then 2021 was the year that the software supply chain rose in our…

Read more →

This article has been indexed from InfoWorld Security Ten years ago, many CIOs had a negative opinion about cloud computing; few CIOs landed on the positive side. Cloud subject matter experts like me got walked out of the building on…

Read more →

This article has been indexed from InfoWorld Security Earlier this month, security researchers uncovered a series of major vulnerabilities in the Log4j Java software that is used in tens of thousands of web applications. The code is widely used across…

Read more →

This article has been indexed from InfoWorld Security As with many zero-day vulnerabilities, organizations are scrambling to identify and remediate the impact of the Log4Shell vulnerability in Log4j. This particular vulnerability is extraordinarily dangerous because it was found in a…

Read more →

This article has been indexed from InfoWorld Security Last weekend, the internet caught fire, and it is still unclear just how many developers with fire extinguishers will be needed to bring it under control. There was a set of first…

Read more →

This article has been indexed from InfoWorld Security Modern software development practices make securing the software supply chain more important than ever. Our code has dependencies on open source libraries which have dependencies on other libraries and so on—a chain…

Read more →

This article has been indexed from InfoWorld Security Yesterday the Apache Foundation released an emergency update for a critical zero-day vulnerability in Log4j, a ubiquitous logging tool included in almost every Java application. The issue has been named Log4Shell and…

Read more →

This article has been indexed from InfoWorld Security Yesterday the Apache Foundation released an emergency update for a critical zero-day vulnerability in Log4j, a ubiquitous logging tool included in almost every Java application. The issue has been named Log4Shell and…

Read more →

This article has been indexed from InfoWorld Security Attacks on cloud-native infrastructures are on the rise. Research over a six-month period in 2021 shows a 26% increase in attacks on container environments over the previous six months. Malicious actors are…

Read more →

This article has been indexed from InfoWorld Security In light of two recent security incidents impacting the popular NPM registry for JavaScript packages, GitHub will require 2FA (two-factor authentication) for maintainers and admins of popular packages on NPM. The 2FA…

Read more →

This article has been indexed from InfoWorld Security In light of two recent security incidents impacting the popular NPM registry for JavaScript packages, GitHub will require 2FA (two-factor authentication) for maintainers and admins of popular packages on NPM. The 2FA…

Read more →

This article has been indexed from InfoWorld Security Valtix recently released research that multicloud will be a strategic priority in 2022, according to the vast majority of more than 200 IT leaders in the United States who participated in the study.…

Read more →

This article has been indexed from InfoWorld Security Cryptography grows ever more prominent in our lives. Every time you log into an app or send an email, you are relying on an ingenious cryptographic infrastructure that is descended largely from…

Read more →

This article has been indexed from InfoWorld Security For software developers who primarily build their applications as a set of microservices deployed using containers and orchestrated with Kubernetes, a whole new set of security considerations has emerged beyond the build…

Read more →

This article has been indexed from InfoWorld Security Many organizations follow devops principles and want to transform into devops cultures. Some of the key practices include version control, continuous integration and delivery (CI/CD), infrastructure as code (IaC), applying machine learning…

Read more →

This article has been indexed from InfoWorld Security Containers, certainly containers running on public clouds, are really old hat by now. These self-contained, lightweight software packages come with their own runtime environment and are relocatable from platform to platform, typically…

Read more →

This article has been indexed from InfoWorld Security Containers, certainly containers running on public clouds, are really old hat by now. These self-contained, lightweight software packages come with their own runtime environment and are relocatable from platform to platform, typically…

Read more →

This article has been indexed from InfoWorld Security Cloud budgets have expanded in the last two years. Although most see the pandemic as the cause, the reality is that IT dollars have shifted to the cloud for pragmatic reasons as…

Read more →

This article has been indexed from InfoWorld Security Cloud budgets have expanded in the last two years. Although most see the pandemic as the cause, the reality is that IT dollars have shifted to the cloud for pragmatic reasons as…

Read more →

This article has been indexed from InfoWorld Security Cross-site request forgery (CSRF) is an attack that tricks an end user into executing undesirable actions while logged into a web application. Taking advantage of the authenticated user’s permissions, a CSRF attack…

Read more →

This article has been indexed from InfoWorld Security Cloud computing represents the most profound IT shift in decades, helping organizations across industries to transform every aspect of how they do business. But the cloud turned security on its head, creating…

Read more →

This article has been indexed from InfoWorld Security Among the biggest considerations companies face when selecting public cloud service providers is the level of cyber security they offer, meaning the features and capabilities they put in place to protect their…

Read more →

This article has been indexed from InfoWorld Security These days cloud application developers are also security engineers. Who did not see this coming, given that application-level security is no longer an option? Also, we are pushing developers to build applications…

Read more →

This article has been indexed from InfoWorld Security Securing web applications is an inherently complex proposition. Spring Security offers Java developers a powerful framework for addressing this need, but that power comes with a steep learning curve. This article offers…

Read more →

This article has been indexed from InfoWorld Security Companies including Microsoft, Google, and Facebook are backing an initiative to promote the extended Berkley Packet Filter (eBPF), technology that enables developers to safely embed programs in any piece of software including…

Read more →

This article has been indexed from InfoWorld Security Cloud-based authentication and authorization platforms—sometimes known as IDaaS, or identity as a service — are an expanding area of cloud tooling, and it’s easy to see why. App security is difficult and…

Read more →

This article has been indexed from InfoWorld Security I’ve spoken to hundreds of development teams, and most of them still build authorization by hand, ad-hoc, and without a plan. That’s natural—no one has yet developed a “Stripe” or “Twilio” for…

Read more →

This article has been indexed from InfoWorld Security I’ve spoken to hundreds of development teams, and most of them still build authorization by hand, ad-hoc, and without a plan. That’s natural—no one has yet developed a “Stripe” or “Twilio” for…

Read more →

This article has been indexed from InfoWorld Security Ransomware is making the news more and more, and I suspect this will continue to happen for the next few years at least. Attackers mostly exploit neglect and a lack of expertise,…

Read more →

This article has been indexed from InfoWorld Security As a cloud architect, I am amazed that cloud security is still so hard. We’ve had identity access management (IAM) for more than a decade. Now we have deep encryption services, key…

Read more →

This article has been indexed from InfoWorld Security We live in a world where more and more of our personal information is held online. It’s often a single source of truth about us, the place where health information and financial…

Read more →

This article has been indexed from InfoWorld Security In the latest Agents of Transformation report, Agents of Transformation 2021: The Rise of Full-Stack Observability, 77% of global technicians report experiencing a higher level of complexity as a result of accelerated cloud…

Read more →

This article has been indexed from InfoWorld Security Native fuzzing for the Google-created Go language is ready for beta testing, the Go project announced. The goal behind the new automated testing capability is to help Go developers improve code quality…

Read more →

This article has been indexed from InfoWorld Security Native fuzzing for the Google-created Go language is ready for beta testing, the Go project announced. The goal behind the new automated testing capability is to help Go developers improve code quality…

Read more →

This article has been indexed from InfoWorld Security As I move from project to project, I’ve seen the latest trend is to leverage operational tools, such as AIops and security operations platforms to automate most of what it takes to…

Read more →

This article has been indexed from InfoWorld Security A study by Ponemon and IBM indicates that misconfigured cloud servers cause 19% of data breaches. This is an expensive problem with an average cost of half a million dollars per breach.…

Read more →

This article has been indexed from InfoWorld Security When I hear people say, “I’m a cross-cloud architect,” I wonder what the heck they mean. I’m seeing an emerging pattern in the cloud computing space where enterprises are morphing from dealing…

Read more →

This article has been indexed from InfoWorld Security When I hear people say, “I’m a cross-cloud architect,” I wonder what the heck they mean. I’m seeing an emerging pattern in the cloud computing space where enterprises are morphing from dealing…

Read more →

This article has been indexed from InfoWorld Security An SSH jump server is a proxy standing between clients and the rest of the SSH fleet. Jump hosts minimize threats by forcing all SSH traffic to go through a single hardened…

Read more →

This article has been indexed from InfoWorld Security I may be overstating a bit, but it seems like we can’t go a week without some breach or ransom attack hitting the news cycles. It’s even more frustrating when these incidents…

Read more →

This article has been indexed from InfoWorld Security It often makes business sense to code microservices, customized applications, innovative customer experiences, enterprise workflows, and proprietary databases. But there are also times when the business and technology teams should consider low-code…

Read more →

This article has been indexed from InfoWorld Security It often makes business sense to code microservices, customized applications, innovative customer experiences, enterprise workflows, and proprietary databases. But there are also times when the business and technology teams should consider low-code…

Read more →

This article has been indexed from InfoWorld Security The cloud is typically a destination for systems needing to be modernized to take advantage of technologies such as AI, predictive analytics, or a hundred other cloud services. It’s typically cheaper, it…

Read more →

Big companies such as General Electric, Siemens, and Robert Bosch are using edge computing technology to optimize production. Manufacturing is a large consumer of edge approaches and technology. Typically, these edge systems are powered by artificial intelligence (AI) systems that…

Read more →

Read the original article: 3 cloud architecture mistakes we all make, but shouldn’t The only time I had an issue with someone I worked for was when they wanted me to punish a junior IT architect on my staff for…

Read more →

Read the original article: What is unified policy as code, and why do you need it? Uptime.Reliability.Efficiency. These used to be perks, elements of forward-thinking and premium-level enterprises. Now they’re a baseline expectation. Today, consumers expect information, resources, and services…

Read more →

Read the original article: The cloud attack you didn’t see coming You have to respect that ransomware attacks at least let you know you’ve been attacked. You’ll have an opportunity to defend yourself and batten down the hatches. However, a…

Read more →

Read the original article: You could be hacked and not know it You have to respect that ransomware attacks let you know you’ve been attacked. You’ll have an opportunity to defend yourself and batten down the hatches. However, a rising…

Read more →

Read the original article: The pandemic-driven rush to cloud is compromising security Oh, what a cloud year 2020 was. Cloud spending grew by 37% in the first quarter of 2020 alone as many quickly understood that COVID-19 would leave them vulnerable if…

Read more →

Read the original article: The pandemic-driven rush to cloud is compromising security Oh, what a cloud year 2020 was. Cloud spending grew by 37% in the first quarter of 2020 alone as many quickly understood that COVID-19 would leave them vulnerable if…

Read more →

Read the original article: Authorization is the next big technical challenge Want to deliver messaging or voice calls for customers? You’ve got Twilio. Need to process credit card payments? Stripe has you covered. Need to run machine learning models or…

Read more →

Read the original article: Google’s OSS-Fuzz extends fuzzing to Java apps Google’s open source fuzz-testing service, OSS-Fuzz, now supports applications written in Java and JVM-based languages. The capability was announced on March 10. OSS-Fuzz provides continuous fuzzing for open source…

Read more →

Read the original article: Cybersecurity in 2021: Stopping the madness The challenges are greater than ever. But security pros have learned a lot – and with luck, the right strategic defenses can help even the highest-value targets withstand severe attacks.…

Read more →

Read the original article: 6 security risks in software development and how to address them CIOs and their IT departments face significant business pressure to modernize applications, improve customer experiences, migrate applications to the cloud, and automate workflows. Agile development…

Read more →

Read the original article: 6 security risks in software development and how to address them CIOs and their IT departments face significant business pressure to modernize applications, improve customer experiences, migrate applications to the cloud, and automate workflows. Agile development…

Read more →

Read the original article: The future of work: Coming sooner than you think What will your worklife be like years from now? Today’s work-from-home world has given us a glimpse of the future, as these five articles from CIO, Computerworld,…

Read more →

Read the original article: Using OPA with GitOps to speed cloud-native development One risk in deploying fleets of powerful and flexible clusters on constantly changing infrastructure like Kubernetes is that mistakes happen. Even minute manual errors that slip past review…

Read more →

Read the original article: How to bring zero-trust security to microservices Transitioning to microservices has many advantages for teams building large applications, particularly those that must accelerate the pace of innovation, deployments, and time to market. Microservices also provide technology…

Read more →

Read the original article: Using OPA for multicloud policy and process portability As multicloud strategies become fully mainstream, companies and dev teams are having to figure out how to create consistent approaches among cloud environments. Multicloud, itself, is ubiquitous: Among…

Read more →

Read the original article: Using OPA for multicloud policy and process portability As multicloud strategies become fully mainstream, companies and dev teams are having to figure out how to create consistent approaches among cloud environments. Multicloud, itself, is ubiquitous: Among…

Read more →

Read the original article: Anti-adversarial machine learning defenses start to take root Much of the anti-adversarial research has been on the potential for minute, largely undetectable alterations to images (researchers generally refer to these as “noise perturbations”) that cause AI’s…

Read more →

Read the original article: 4 steps to DevSecOps in your software supply chain Developers often want to do the “right” thing when it comes to security, but they don’t always know what that is. In order to help developers continue…

Read more →

Read the original article: GNAP: OAuth the next generation The year was 2012, and a revised security protocol called OAuth 2 swept the web, allowing users to use security providers to easily log in to websites. Many single sign-on systems,…

Read more →

Read the original article: 4 steps to DevSecOps in your software supply chain Developers often want to do the “right” thing when it comes to security, but they don’t always know what that is. In order to help developers continue…

Read more →

Read the original article: GNAP: OAuth the next generation The year was 2012, and a revised security protocol called OAuth 2 swept the web, allowing users to use security providers to easily log in to websites. Many single sign-on systems,…

Read more →

Read the original article: Using OPA for cloud-native app authorization In the cloud-native space, microservice architectures and containers are reshaping the way that enterprises build and deploy applications. They function, in a word, differently than traditional monolithic applications. Microservices are…

Read more →

Read the original article: IBM adds code risk analyzer to cloud-based CI/CD Looking to bring security and compliance analytics to devops, IBM has added its Code Risk Analyzer capability to its IBM Cloud Continuous Delivery service. Code Risk Analyzer is…

Read more →

Read the original article: 2 egregious cloud security threats the CSA missed My interesting weekend reading was this Cloud Security Alliance (CSA) report, which was vendor sponsored, highlighting 11 cloud security threats that should be on top of everyone’s mind.…

Read more →

Read the original article: Microsoft open-sources fuzzing test framework Microsoft is looking to help developers continuously fuzz-test code prior to release, via the open source OneFuzz framework. Described as a self-hosted fuzzing-as-a-service platform, OneFuzz enables developer-driven fuzzing to identify software…

Read more →

Read the original article: Using OPA to safeguard Kubernetes As more and more organizations move containerized applications into production, Kubernetes has become the de facto approach for managing those applications in private, public and hybrid cloud settings. In fact, at…

Read more →

Read the original article: Using OPA to safeguard Kubernetes As more and more organizations move containerized applications into production, Kubernetes has become the de facto approach for managing those applications in private, public and hybrid cloud settings. In fact, at…

Read more →

Read the original article: The five best Kubernetes security practices Everyone is moving to containers for their programs, and to manage them, almost everyone is using Kubernetes. That leads to one big problem: How do you secure Kubernetes itself?  …

Read more →

Read the original article: The five best Kubernetes security practices Everyone is moving to containers for their programs, and to manage them, almost everyone is using Kubernetes. That leads to one big problem: How do you secure Kubernetes itself?  …

Read more →

Read the original article: Cloudops tool integration is more important than the tools themselves It’s 3:00 on a Tuesday, and your AIops tool messages that the corporate network is reaching a saturation point. It seems that one of the virtual…

Read more →

Read the original article: Cloudops tool integration is more important than the tools themselves It’s 3:00 on a Tuesday, and your AIops tool messages that the corporate network is reaching a saturation point. It seems that one of the virtual…

Read more →

Read the original article: OPA: A general-purpose policy engine for cloud-native As your organization embraces the cloud, you may find that the dynamism and scale of the cloud-native stack requires a far more complicated security and compliance landscape. For instance,…

Read more →

Read the original article: OPA: A general-purpose policy engine for cloud-native As your organization embraces the cloud, you may find that the dynamism and scale of the cloud-native stack requires a far more complicated security and compliance landscape. For instance,…

Read more →

Read the original article: Google Cloud adds security capabilities for sensitive workloads Google Cloud on July 14 introduced two new security services to its cloud platform, including a VM service launched as part of Google’s Confidential Computing portfolio. The services cater…

Read more →

Read the original article: Social engineering hacks weaken cybersecurity during the pandemic Cybersecurity inevitably suffers when scares infect the populace. The COVID-19 outbreak appears to be the most acute global crisis since the Second World War. Every aspect of the…

Read more →

Read the original article: Use of cloud collaboration tools surges and so do attacks Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.   Advertise on IT Security News. Read…

Read more →

Read the original article: 10 steps to automating security in Kubernetes pipelines Kubernetes pipelines face an ever-increasing range of threats that demand more integrated and automated security across the application lifecycle. Making things more complex, critical vulnerabilities can make their…

Read more →

Read the original article: 10 steps to automating security in Kubernetes pipelines Kubernetes pipelines face an ever-increasing range of threats that demand more integrated and automated security across the application lifecycle. Making things more complex, critical vulnerabilities can make their…

Read more →

Read the original article: Amid the pandemic, using trust to fight shadow IT With most workers scattered at home and trying to come up with their own ad-hoc IT workarounds, there’s an easy way for IT shops to build trust:…

Read more →

Read the original article: The Internet of Things in 2020: More vital than ever Just when we needed it most, the internet of things is delivering gobs of data and remote device control across almost every industry, from healthcare to…

Read more →

Read the original article: The Internet of things in 2020: More vital than ever Just when we needed it most, the internet of things is delivering gobs of data and remote device control across almost every industry, from healthcare to…

Read more →

Security developer Snyk has published a free extension for Microsoft’s popular Visual Studio Code editor that finds vulnerabilities in NPM packages. Introduced April 2, the open source Snyk Vuln Cost extension serves as a security scanner, providing feedback inline as…

Read more →

Security developer Snyk has published a free extension for Microsoft’s popular Visual Studio Code editor that finds vulnerabilities in NPM packages. Introduced April 2, the open source Snyk Vuln Cost extension serves as a security scanner, providing feedback inline as…

Read more →

Everyone has heard of open source projects like Linux, Kubernetes, and MySQL. Far fewer have heard of ROS (Robot Operating System), Apache Flink, or InfluxDB, though these open source projects, too, are getting noticed. However, virtually no one has heard…

Read more →

Devops came about because of the cultural, functional, and technical walls between development teams that want to release frequently and operations teams that need to preserve reliability and stability. Devops culture addresses the mindset, collaboration, and practices to achieve both…

Read more →

Devops came about because of the cultural, functional, and technical walls between development teams that want to release frequently and operations teams that need to preserve reliability and stability. Devops culture addresses the mindset, collaboration, and practices to achieve both…

Read more →

Multi-cloud strategies and hybrid IT environments bring a set of challenges that technology leaders might not have expected.   Advertise on IT Security News. Read the complete article: 7 best practices for managing a multi-cloud environment

Read more →

APIs have become the crown jewels of organizations’ digital transformation initiatives, empowering employees, partners, customers, and other stakeholders to access applications, data, and business functionality across their digital ecosystem. So, it’s no wonder that hackers have increased their waves of…

Read more →

APIs have become the crown jewels of organizations’ digital transformation initiatives, empowering employees, partners, customers, and other stakeholders to access applications, data, and business functionality across their digital ecosystem. So, it’s no wonder that hackers have increased their waves of…

Read more →