Log4Shell Hacks On and On
Wikipedia states that Log4Shell was a zero-day vulnerability in Log4j, the popular Apache logging program. The key word is “was.” …
Open Source
Cybersec Threat Hunter to DevOps: You’ve Been Framed…
DevOps and cloud native development have gifted cyber attackers an enlarged attack surface and the ability to use organizations’ own …
Palo Alto Networks Brings Out-of-Band Web Security to Cloud
Your first question when you read that headline was probably my first question. What is “Out-of-Band” …
Latest OpenSSL version is affected by a remote memory corruption flaw
Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido …
OpenSSL to Release Security Patch for Remote Memory Corruption Vulnerability
The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. …
OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw
The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) …
Software Supply Chain Compliance with Aqua’s Chain-Bench
We can all agree today that we really need to know what’s what with your software supply chain. If you don’t know why I recommend you …
Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is “attackability” the …
OpenSSL issues a bugfix for the previous bugfix
If you’re an OpenSSL user, you’re probably aware of the most recent high-profile bugfix release, which came out back in March 2022. …
iPaaS: The latest enterprise cybersecurity risk?
iPaaS apps are vulnerable because they transport highly sensitive data from core systems, include many different third-party apps in the …
Classifying Severity Levels for Your Organization
Working with previously defined severity levels helps on-call teams to quickly triage major issues. As we have seen in this post, each …
Jit: Security-as-Code Pioneer Opens for Business
Anyone can make plans. Turning plans into reality, that’s …
Applying Zero Trust Security to Kubernetes Via Service Mesh
Earlier this year, the White House issued an Executive Order on Improving the Nation’s Cyber Security, which laid the groundwork for …
How Web Assembly Can Mitigate the Software Supply Chain Crisis
The definition of insanity, according to no less than the insightful mind of Albert Einstein, is doing the same thing over and over and …