The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204C “Implementation of DevSecOps for a Microservices-based Application with Service Mesh.” The guidelines include many best practices on how organizations and secure their CI/CD pipeline and enhance the software delivery processes.
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new CISA Insights guideline document with steps organizations can take against potential critical cybersecurity threats.
VMware has issued a security fix for a VMware Tanzu Application Service for VMs vulnerability CVE-2021-22101.
Microsoft has published new guidance on Open Management Infrastructure (OMI) vulnerabilities within Azure virtual management (VM) Management extensions.
Security researchers at Intezer Labs detected a new Linux malware dubbed “Doki” and cyber attack that uses blockchain wallet for generating command and control (C2) domain names.
VMware issued a security advisory for ten vulnerabilities that impact VMware ESXi, Workstation, Fusion and Cloud Foundation products. An attacker could exploit one of these vulnerabilities and take control of an unpatched system.
The National Security Agency (NSA) has released guidelines to help organizations mitigate cloud vulnerabilities. The NSA document includes four classes of vulnerabilities at most risk to threat actors.
Remote conferencing service company, Zoom, has patched a vulnerability that could allow a bad actor to eavesdrop on your company’s online meetings.
Microsoft has introduced a new source code analyzer tool dubbed Microsoft Application Inspector. The tool is designed to “identify interesting features in source code” and can help enable developers understand software components your apps use.
Cloud security experts from Palo Alto Networks have warned about three critical misconfigurations that are most common in most organizations and have contributed to the majority of cloud attacks.