How to empower IT Sec and Ops teams to anticipate and resolve IT problems
Every IT system administrator knows the misery of facing a problem for which the root cause requires hours (and sometimes days) to unearth, all the while part of the IT …
configuration management
Policy automation to eliminate configuration errors
Far too often, major security breaches can be traced back to a configuration error. Changes and adjustments to network and security configurations are unavoidable; they are a …
How to harden Kubernetes systems and minimize risk
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a report which details threats to Kubernetes environments and …
Product showcase: Accurics
It is no big secret that infrastructure has changed over the last decade. We went from tools such as autossh, to configuration management, and ended up with Infrastructure as …
Top cloud infrastructure risks faced by real-world organizations
There’s an increased adoption of managed infrastructure services and the emergence of new cloud watering hole attacks, Accurics reveals. Of all violations identified, 23 …
How secure configurations meet consensus
Have you ever wondered how technology hardening guidelines are developed? Some are determined by a particular vendor or driven by a bottom-line perspective. But that’s not the …
SaltStack Salt vulnerabilities actively exploited by attackers, patch ASAP!
Two vulnerabilities in SaltStack Salt, an open-source remote task and configuration management framework, are being actively exploited by attackers, CISA warns. About …
Microsoft releases PowerShell 7 for Windows, macOS and Linux
Microsoft has released PowerShell 7, the latest major update to its popular task automation tool and configuration management framework that can be used on various operating …
Google Groups misconfiguration leads to sensitive data leaks
If your employees are using Google Groups to discuss issues and ideas, you might want to check whether the sharing setting for these groups is set to “Private”. …
Deception security doesn’t have to be onerous or expensive
When talking about deception security, most infosec pros’ mind turns to honeypots and decoy systems – additional solutions that companies have to buy, deploy, and …
Components of an effective vulnerability management process
Vulnerabilities continue to grab headlines. Whether it is a zero-day that affects “tens of millions” servers around the globe or an old unpatched flaw that leads to a data …
TP-LINK loses control of two device configuration domains
Security researcher Amitay Dan warns that tplinklogin.net, a domain through which TP-LINK router owners can configure their devices, is no longer owned by the company, and …