%term

Password Policy Configuration for Safer Security

Jul 5, 2024 By John Gates In CalCom

A password policy is a set of rules that are usually a part of an organizations security regulations to improve computer security. These policies can be formal regulations or part of security awareness training programs that outline requirements such as minimum length, complexity and unique characters. A password must comply with these password strength rules to be set for an account.

Read Post

CalCom

Read more about Password Policy Configuration for Safer Security

Do not allow anonymous enumeration of SAM accounts

Jul 4, 2024 By John Gates In CalCom

The two policy settings in the CIS Benchmarks control the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM). By enabling the policy settings, users with anonymous connections will not be able to enumerate domain account user names on the systems in your environment.

Read Post

CalCom

Read more about Do not allow anonymous enumeration of SAM accounts

Best Practice for Securely Developing with AI - Keep a Human in the Loop

Jul 4, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Best Practice for Securely Developing with AI - Keep a Human in the Loop

The Kubernetes gap in CNAPP - exploring why many CNAPPs have a Kubernetes gap

Jul 4, 2024 By James Berthoty In ARMO

A guest post by James Berthoty, founder of Latio. CSPMs and CNAPP have a major gap, and unfortunately, it drives the majority of your cloud that actually matters (Kubernetes). To be frank, most CNAPPs were created around two things: Even the early players in the space who recognized the value of containerization found themselves too ahead of the market to support the giant funding opportunities present from their competition, who were focused on easily scanning every cloud workload that could exist.

Read Post

ARMO

Read more about The Kubernetes gap in CNAPP - exploring why many CNAPPs have a Kubernetes gap

Managing AWS IAM with Terraform

Jul 4, 2024 By Guest Expert In GitGuardian

Get started with IAM by using Terraform to create users, groups, and policies.

Read Post

GitGuardian

Read more about Managing AWS IAM with Terraform

Best Practice for Securely Developing with AI - Restrict Data Access

Jul 3, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Best Practice for Securely Developing with AI - Restrict Data Access

Secrets in Plain Sight: Unveiling over 1 million secrets on public websites

Jul 2, 2024 By GitGuardian In GitGuardian

Join us at CodeSecDays for an insightful session with Cybernews researcher Vincentas Baubonis, who will reveal how their team discovered 1,141,004 secrets across 58,364 websites. Learn how exposed environment (.env) files containing passwords, API keys, and email credentials can lead to data breaches and site takeovers. We’ll discuss common leaked secrets like database credentials and AWS keys, and their impact, and share research methodology, ethical considerations, and steps to prevent exposure.

View Video

GitGuardian

Read more about Secrets in Plain Sight: Unveiling over 1 million secrets on public websites

regreSSHion: RCE Vulnerability in OpenSSH Server (CVE-2024-6387)

Jul 1, 2024 By Amit Schendel In ARMO

A high-severity remote code execution (RCE) vulnerability has been found in OpenSSH’s server (CVE-2024-6387) by the research team of Qualys. This issue is especially concerning because it brings back a problem that was originally fixed in 2006, showing that one of the most popular secure software still has hidden bugs. This discovery follows another major vulnerability found in the XZ Utils library just a few months ago, highlighting ongoing security challenges.

Read Post

ARMO

Read more about regreSSHion: RCE Vulnerability in OpenSSH Server (CVE-2024-6387)

A Look at Container Security Through the Lens of DevOps

Jul 1, 2024 By Tripwire Guest Authors In Tripwire

Containerization has revolutionized application development, deployment, and management – and for good reason. The ability to automatically wrap an application and its dependencies into a single, easily deployable package helps developers focus on what they do best: writing code.

Read Post

Tripwire

Read more about A Look at Container Security Through the Lens of DevOps

10 BEST Practices for Securely Developing with AI

Jul 1, 2024 By Snyk In Snyk

AI technology is booming, but are you aware of the hidden security risks? Join us as we explore the 10 best practices to keep your use of AI safe and secure.

View Video

Snyk

Read more about 10 BEST Practices for Securely Developing with AI

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Password Policy Configuration for Safer Security

Do not allow anonymous enumeration of SAM accounts

Best Practice for Securely Developing with AI - Keep a Human in the Loop

The Kubernetes gap in CNAPP - exploring why many CNAPPs have a Kubernetes gap

Managing AWS IAM with Terraform

Best Practice for Securely Developing with AI - Restrict Data Access

Secrets in Plain Sight: Unveiling over 1 million secrets on public websites

regreSSHion: RCE Vulnerability in OpenSSH Server (CVE-2024-6387)

A Look at Container Security Through the Lens of DevOps

10 BEST Practices for Securely Developing with AI

Monthly Archive

Follow Us