Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs

Hunters researchers noted the vulnerability could lead to privilege escalation. Google said the report “does not identify an underlying security issue in our products.” Cybersecurity researchers from the firm Hunters discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs. The flaw is significant in that it could let attackers use privilege escalation to gain access that would otherwise only be available to users with Super Admin access. Hunters named this…

Read More

SSL vs TLS: Which Should You Be Using?

SSL vs TLS: Which Should You Be Using?

Secure communication protocols like SSL and TLS are the modern Internet’s foundation. They form an invisible yet essential layer to protect all our online activities from ever-increasing, evolving cyber threats. This article reviews differences, use cases, and best practices for each so you can make an informed decision. What is SSL and TLS? The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols use encryption algorithms to establish a secure connection between two endpoints….

Read More

MLOps Security Best practices

MLOps Security Best practices

You must build, deploy, and maintain machine learning (ML) systems reliably and efficiently. You can do this using the process of MLOps, which is a combination of DevOps, data engineering, and ML techniques. MLOps provides a systematic approach to evaluating and monitoring ML models. MLOps is concerned with the lifecycle management of ML projects. This involves training, deploying, and maintaining machine learning models to ensure efficiency. Security is an essential component of all MLOps lifecycle…

Read More

Attack Vector vs Attack Surface: The Subtle Difference

Attack Vector vs Attack Surface: The Subtle Difference

Cybersecurity discussions about “attack vectors” and “attack surfaces” sometimes use these two terms interchangeably. However, their underlying concepts are actually different, and understanding these differences can provide a better understanding of security nuances, allowing you to improve your organization’s security by differentiating between these terms. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two concepts and establish a more mature security posture. Attack vector…

Read More

Dependency Mapping for DevSecOps

Dependency Mapping for DevSecOps

Dependency Mapping for DevSecOps Today, DevOps teams use a staggering array of interconnected applications and infrastructure systems to build their continuous integration and continuous deployment (CI/CD) pipelines. These components are called dependencies because they depend on each other to enhance the functionality of an application. While dependencies shorten the release cycle and simplify developers’ lives, without proper security in place, these pipelines can be exposed to critical risks. In a worst-case scenario, it can cause…

Read More

TLS Connection Cryptographic Protocol Vulnerabilities

TLS Connection Cryptographic Protocol Vulnerabilities

Why Your TLS Connection May Not be as Secure as You Think The Transport Layer Security (TLS) cryptographic protocol is the backbone of encryption on the Internet. It prevents eavesdropping, tampering, and message forgery between two communicating network endpoints. TLS secures many types of Internet communication, including web browsing, email, instant messaging, and voice over IP (VoIP). However, a misconfiguration in TLS can open the doors to multiple vulnerabilities. This blog post explores the risks…

Read More

Well-Architected Framework: Sustainability

Well-Architected Framework: Sustainability

Designing and implementing your business workloads in a public cloud platform such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) can be a challenge. Though the marketing pitch makes it sound as if it is straightforward to deploy and migrate workloads to the cloud, it nonetheless requires a thorough understanding of several factors. This includes how that cloud environment is configured, the platform’s architecture, what services are available, and how you,…

Read More

Cloud Configuration Management: Add These Guardrails After Launch

Cloud Configuration Management: Add These Guardrails After Launch

The Challenge With a brand-new account, your initial configuration sets the tone. With existing accounts, the challenge is twofold. The first is the team working with that account will already be used to operating under the existing configuration. And since they’ve been doing it this way for a while and things are working, there’s no motivation to change. The second challenge is on the technical side. Can these guardrails be implemented without breaking anything inside…

Read More

Apache Log4j: Mitigation for DevOps

Apache Log4j: Mitigation for DevOps

Apache Log4j: Mitigation for DevOps Cloud Native What can DevOps teams do to mitigate Apache Log4j risks? Explore how to secure your apps for today and against future vulnerabilities. By: Melanie Tafelski January 05, 2022 Read time:  ( words) What is Apache Log4j? You’ve most likely heard of the critical flaw CVE-2021-44228, discovered in the popular Java-based library, Apache Log4j. Nicknamed Log4Shell, it impacts numerous Apache projects, including Druid, Dubbo, Flink, Flume, Hadoop, Kafka, Solr, Spark,…

Read More