Meeting the Challenges of Remote Work with Chrome OS Policy Settings – Part I

Many organizations, from enterprises to small businesses and schools, are focusing efforts on distance working and learning. One significant hurdle for those who are suddenly tasked with supporting remote users is the question of how to manage a fleet of new endpoints. One appealing solution for managing all these new ... Read More

Start the Year Right with a Security and Privacy Check Up

| | 2fa, cloud api, MFA, Security Awareness, SSH
At some point in the past, I began making new year’s resolutions for doing a bit of personal privacy and security maintenance on New Year’s Day or thereabouts. I would usually have a bit of downtime to finally get around to doing the things I’d been putting off all year ... Read More

Five “W’s” for Vulnerability Management

As we wind down 2019, it is a great time to think about your vulnerability management plans for the coming year. The five W’s can help guide our efforts as we resolve to improve our digital security for the coming new year. What Is Vulnerability Management? Vulnerability assessments are useful ... Read More
Critical Security Vulnerability Disclosed in iTerm2 App

Critical Security Vulnerability Disclosed in iTerm2 App

A critical vulnerability has been discovered in the popular iTerm2 application, an open source terminal emulator program designed to replace the default Apple Terminal in macOS. iTerm2 often finds its way into lists of some of the best software to install on a Mac. It is especially popular with power ... Read More

Using AWS Session Manager with Enhanced SSH and SCP Capability

| | Amazon Web Services, aws, Cloud, SCP, SSH
Last year, Amazon Web Services announced new capabilities in the AWS Systems Manager Session Manager. Users are now capable of tunneling SSH (Secure Shell) and SCP (Secure Copy) connections directly from a local client without the need for the AWS management console. For years, users have relied on firewalls and ... Read More

AWS System Manager And The Dangers of Default Permissions

In September of 2018, Amazon Web Services (AWS) announced the addition of the Session Manager to the AWS Systems Manager. The session manager enables shell or remote desktop level access to your AWS EC2 Windows and Linux instances, along with other benefits. This is a great new feature, but care ... Read More

High Severity RunC Vulnerability Exposes Docker And Kubernetes Hosts

Often claimed as a worst-case scenario, a container breakout vulnerability has been discovered in RunC, the universal container runtime used by Docker, Kubernetes and other containerization systems. Further research has discovered that a similar version of the same vulnerability affects the LXC and Apache Mesos packages. Identified as CVE-2019-5736, this ... Read More
Critical Vulnerability Uncovered In Kubernetes

Critical Vulnerability Uncovered In Kubernetes

The first major security flaw has been uncovered in Kubernetes, the popular container orchestration system developed by Google. The vulnerability, identified as CVE-2018-1002105, carries a critical CVSS V3 rating of 9.8 due to low attack complexity, requiring no special privileges, and a network attack vector. The vulnerability is triggered when ... Read More
Achieve CIS Compliance in Cloud, Container and DevOps Environments

Achieve CIS Compliance in Cloud, Container and DevOps Environments

| | CIS, Cloud, Complaince, containers, policy
If you are embracing DevOps, cloud and containers, you may be at risk if you’re not keeping your security methodologies up to date with these new technologies. New security techniques are required in order to keep up with current technology trends, and the Center for Internet Security (CIS) provides free cybersecurity best practices for ... Read More
Tripwire Data Collector Increases Operational Technology Visibility With Enhanced Web Scripting Capability

Tripwire Data Collector Increases Operational Technology Visibility With Enhanced Web Scripting Capability

Tripwire Data Collector has been providing industrial organizations with visibility into their operational technology (OT) environments since its release in mid-2018. Data can be gathered and monitored via multiple avenues – not only native industrial protocols, such as EtherNet/IP CIP and Modbus TCP, but also integrations with management applications like ... Read More