HackDig : Dig high-quality web security articles

Smart gardening with a Raspi and Prometheus

Let’s build a smart gardening system with Prometheus and a Raspberry pi. Having plants at home can reduce your stress levels and make your home look more delightful. Seeing your indoor oasis growing gives us a sense of accomplishment and makes us feel proud… until you see that first brown leaf. That’s when you start doubting your green fingers.
Publish At:2021-09-09 12:08 | Read:289 | Comments:0 | Tags:Uncategorized

What Does The Great Resignation Mean for Data Security?

You may not realize it yet, but we’re living through the latest zeitgeist. It’s the Great Resignation. You may have heard it being tossed around the media or witnessed it firsthand, or even been a part yourself. Either way, it’s happening across the United States. And it affects data security as much as it affects the employment rate. Wave
Publish At:2021-08-19 14:05 | Read:588 | Comments:0 | Tags:Data Protection Fraud Protection Identity & Access Risk Mana

How to Establish a Culture of Secure DevOps

We’re constantly told to “Shift Left” and that Secure DevOps is the only way to have confidence in your cloud native applications. But speaking to end-users and industry colleagues, it’s clear that there are some major challenges in adopting Secure DevOps. If we read our history books, we know that DevOps wasn’t successfully adopted by buying tools, and a tr
Publish At:2021-07-16 13:04 | Read:680 | Comments:0 | Tags:Uncategorized

Microsoft rolled out emergency update for Windows PrintNightmare zero-day

Microsoft rolled out KB5004945 emergency update to address the actively exploited PrintNightmare zero-day vulnerability (CVE-2021-34527) in Print Spooler service. Microsoft has released the KB5004945 emergency security update to address the actively exploited CVE-2021-34527 zero-day vulnerability, aka PrintNightmare. Microsoft has released updates to
Publish At:2021-07-07 04:05 | Read:763 | Comments:0 | Tags:Uncategorized CVE-2021-34527 Cybersecurity cybersecurity new

The European Commission proposed to launch the new Joint Cyber Unit

The European Union Agency for Cybersecurity welcomes the European Commission proposal to launch the new Joint Cyber Unit. The European Commission proposed on Wednesday the creation of a new Joint Cyber Unit that aims at providing a coordinated response to large-scale cyber attacks and crises. The idea of establishing a Joint Cyber Unit (JCU) was first
Publish At:2021-06-23 17:16 | Read:391 | Comments:0 | Tags:Uncategorized Cybersecurity cybersecurity news EU Hacking ha

Wormable bash DarkRadiation Ransomware targets Linux distros and docker containers

DarkRadiation is a new strain of ransomware implemented in Bash that targets Linux and Docker cloud containers and leverages Telegram for C2. Trend Micro researchers spotted a new strain of ransomware, dubbed DarkRadiation, which is writted in Bash script and target Linux distributions (Red Hat/CentOS and Debian) and Docker cloud containers. The ransom
Publish At:2021-06-22 17:52 | Read:741 | Comments:0 | Tags:Uncategorized Cybersecurity cybersecurity news DarkRadiation

Top 10 vulnerability assessment and management best practices

By implementing these vulnerability assessment and vulnerability management best practices you will reduce the attack surface of your infrastructure. We’re human, and many things we build aren’t perfect. That’s why we take our cars for a periodic inspection, or why we have organizations certifying that products are safe to use.
Publish At:2021-06-22 01:35 | Read:772 | Comments:0 | Tags:Uncategorized Vulnerability

Secure Coding with DDD

Domain-Driven Design for Secure Code   With the ever-growing software ecosystem, attributes for successful product are performance, security, maintainability, and usability. When it comes to delivering product the priorities are quality assurance, time to market and it need to stay within budget. The security-related tasks in the backlog keep getting l
Publish At:2021-06-17 05:02 | Read:447 | Comments:0 | Tags:Uncategorized

Bad guys are watching for new openings in your cloud, are you?

You see the headlines, and perhaps, ‘thank goodness it wasn’t us’ flickers through your mind. An overly permissive web server exposes 100 million+ consumer credit applications, or an S3 bucket leaves hundreds of millions of user records open to the public. A nightmare scenario for any CISO and their cloud security team! According to Gartner “Customer
Publish At:2021-06-14 13:04 | Read:580 | Comments:0 | Tags:Uncategorized Cloud

Top 10 PromQL examples for monitoring Kubernetes

In this article, you will find 10 practical Prometheus query examples for monitoring your Kubernetes cluster. So you are just getting started with Prometheus, and are figuring out how to write PromQL queries. At Sysdig, we’ve got you covered! A while ago, we created a PromQL getting started guide. Now we’ll jump in skipping the theory, directly with som
Publish At:2021-05-27 14:10 | Read:566 | Comments:0 | Tags:Prometheus Uncategorized

Securing the new AWS App Runner service

In its mission to simplify building and running cloud-native applications for users, Amazon has announced the GA of AWS App Runner, a new purpose-built container application service. With security top of mind for most organizations shifting to the cloud, Sysdig has collaborated with AWS to enable threat detection for the new platform. In this art
Publish At:2021-05-24 15:58 | Read:518 | Comments:0 | Tags:AWS Sysdig Secure Uncategorized

Detecting and Mitigating CVE-2021-25737: EndpointSlice validation enables host network hijack

The CVE-2021-25737 low-level vulnerability has been found in Kubernetes kube-apiserver where an authorized user could redirect pod traffic to private networks on a Node. The kube-apiserver affected are: kube-apiserver v1.21 kube-apiserver v1.20.0 to v1.20.6 kube-apiserver v1.19.0 to v1.19.10 kube-apiserver v1.16.0 – v1.18.18 By exploi
Publish At:2021-05-24 12:04 | Read:481 | Comments:0 | Tags:Uncategorized

Top 10 metrics in PostgreSQL monitoring with Prometheus

PostgreSQL monitoring with Prometheus is an easy thing to do thanks to the PostgreSQL Exporter. PostgreSQL is an open-source relational database with a powerful community behind it. It’s very popular due to its strong stability and powerful data types. In this article, you’ll learn the top 10 metrics in PostgreSQL monitoring, with alert exam
Publish At:2021-05-20 14:27 | Read:644 | Comments:0 | Tags:Prometheus Uncategorized

Accelerate Your Hybrid Cloud Journey With Security Confidence

Organizations are accelerating their move to cloud to drive business innovation and customer success. In fact, 74% of respondents to a 2020 LogicMonitor survey believe that 95% of workloads will migrate to cloud in the next five years. At the same time, cloud poses new cybersecurity challenges as teams struggle to keep pace with the growing diversity of thr
Publish At:2021-05-20 11:01 | Read:875 | Comments:0 | Tags:Uncategorized Amazon AWS Cloud Cloud Security Hybrid Cloud M

Kubernetes capacity planning: How to rightsize your cluster

Kubernetes capacity planning is one of the main challenges that infrastructure engineers have to face, as understanding Kubernetes limits and requests is not an easy thing. You might be reserving way more resources than you need to ensure your containers don’t run out of memory, or are CPU throttled. If you are in this situation, you’re going to be
Publish At:2021-05-13 14:13 | Read:410 | Comments:0 | Tags:Sysdig Monitor Uncategorized


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud