Apache Metron Graduates to Top-Level Project
Hortonworks and Apache announce graduation of Metron, a realtime big data security platform to top-level project at the ASF.
Git Continues to Improve Security and UI in Version 2.13
The latest release of Git introduces many changes aimed to improve its user interface, while also fixing two significant vulnerabilities.
Microsoft Renews Calls for “Digital Geneva Convention” after Widespread Cyber Attacks
The major story from last week was that malware, described in leaked NSA documents, crippled Windows computers worldwide. The WannaCry Ransomware virus is believed to have hit 200,000 victims in 150 countries, including UK hospitals, utilities in Spain, and Russia’s interior ministry.
Doing Safe-to-Fail Experiments
Safe-to-fail experiments can be used in complex environments to probe, sense, and respond. You have to know what success and failure look like and need to be able to dampen or amplify the effect of probing to handle potential failures. Safe-to-fail experiments can help you to deal with risks and uncertainty, learn, and keep your options open.
AWS Organizations Offers Centralized Policy-Based Account Management
After a three month preview since re:Invent 2016, Amazon Web Services has recently moved AWS Organizations to general availability. The new service allows to centrally manage multiple AWS accounts within a hierarchy of organizational units and attach service control policies with fine-grained access permissions. AWS Organizations also supersede the formerly separate consolidated billing feature.
Public Docker Image Vulnerability Research Findings Released
A researcher from Federacy released a report analyzing vulnerabilities in Docker images in public repositories. 24% of images were found to have significant vulnerabilities, with Ubuntu based ones having the most and Debian based ones having the least.
Object Deserialisation Filters Backported from Java 9
JEP 290, which allows filtering of incoming data when deserialising an object, and was initially targeted to Java 9, has been backported to Java 6, 7, and 8. The feature provides a mechanism to filter incoming data in an object input stream as it is being processed, and can help prevent deserialisation vulnerabilities like the one that affected Apache Commons and other libraries a while back.
Apache Ranger Graduates to Top-Level Project
Apache Ranger, a security management framework for Apache Hadoop ecosystem, graduated to top level. Ranger is used as a centralized component to define and administer security policies that are enforced across supported Hadoop components such as Apache HBase, Hadoop (HDFS and YARN), Apache Hive, Apache Kafka, Apache Solr, among others.
Study Shows the Web is Crowded with Outdated, Vulnerable JavaScript Libraries
A recent study has found that 37% of Alexa top 75K websites has at least one vulnerability and almost 10% at least two. Maybe even more shockingly, 26% of Alexa top 500 websites use vulnerable libraries.
Enterprise Ethereum Alliance Releases Vision Paper
The newly formed Enterprise Ethereum Alliance has published a Vision Paper outlining “a vision for users and stakeholders to propose, implement, and integrate advances to the Ethereum protocol with support for Enterprise Ethereum protocols.” In this paper the EEA discusses many topics related to Pluggable Consensus, interoperability, Ethereum protocol updates, storage and performance.
Improving IT Performance with Continuous Delivery
The main benefit of continuous delivery is lower-risk releases; comprehensive test automation and continuous integration are practices that have the biggest impact on IT performance. Research of continuous delivery and IT performance tells us that implementing continuous delivery practices leads to higher IT performance and high performers achieve both higher tempo and higher levels of stability.
The Enterprise Ethereum Alliance is Formed - Microsoft, Intel, JP Morgan, Startups Join
In a recent blog post, Microsoft announced their participation in the newly formed Enterprise Ethereum Alliance. The mission for this alliance is to learn from and build upon the only smart contract supporting blockchain currently running in real-world production and to define enterprise-grade software capable of handling the most complex, highly demanding applications at the speed of business.
Building the Hyperconnected Future on Blockchains Paper Released at World Government Summit
At the recent World Government Summit, Hexayurt Capital and ConsenSys released a paper called “Building the Hyperconnected Future on Blockchains.” The purpose of the paper was to provide an Internet of Agreements (IoA) strategy and roadmap for the next wave of innovation in order to drive Globalization 2.0.
Bitbucket Introduces Required Two-Factor Authentication and IP Whitelisting
Atlassian has announced two new features aimed to make Bitbucket more secure: IP whitelisting and required two-factor verification.
Cloudbleed - Cloudflare Proxies Memory Leak
A buffer overflow bug has caused a small number of requests to Cloudflare proxies to leak data from unrelated requests, including potentially sensitive data such as passwords and other secrets. The issue, which has been named ‘Cloudbleed’, was discovered by Google Project Zero vulnerability researcher Tavis Ormandy.
CONTENT IN THIS BOX PROVIDED BY OUR SPONSOR
|
When Cloud Security and Continuous Compliance is Done Right, it's Evident |
|
Featured Content |
Blog Posts
The Time Has Come to Fully Embrace Security Automation
6 Security Essentials to Jumpstart Your Security Program
Start Compliant, Stay Compliant in the Cloud
Understanding a Rugged DevOps Approach to Cloud Security
Webinars
How to Achieve NIST Appliance in the Cloud
The Future of Continuous Compliance is Automation feature Forrester
|
Whitepapers |
11 Things To Focus On To Be PCI Compliant In AWS
10 Security Best Practices for AWS
Top 10 AWS Cloud Security Risks
Continuous Monitoring and Compliance in the Cloud
|
Videos |
|
Follow us on |
