Security News > 2020 > January

There's significant variation in DevOps maturation and security integration across the financial services, government, retail, telecom, and technology industries, according to Puppet's report based on nearly 3,000 responses. "Integrating security into your DevOps practices can be challenging, but when done correctly is proven to pay off. Security should not be an afterthought; it must be a shared responsibility across teams during every stage of their software delivery lifecycle," said Alanna Brown, Sr. Director Community and Developer Relations at Puppet.

The delivery agent is invoked by OpenSMTPD executing a shell command, which includes the sender's address as a command-line parameter. Thus, whatever sender address is supplied by an email client, it can't smuggle in extra commands.

Last year, SEO spam was the most frequently observed threat on compromised websites, according to a new report from GoDaddy-owned web security company Sucuri. Nearly two-thirds of infected websites had a form of SEO spam present, with database spam being the most prevalent form of infection.

Customer demands for increased data protection and privacy, the ongoing threat of data breaches and misuse by both unauthorized and authorized users, and preparation for the GDPR and similar laws around the globe spurred many organizations to make considerable privacy investments - which are now delivering strong returns, Cisco reveals. Organizations, on average, receive benefits 2.7 times their investment, and more than 40 percent are seeing benefits that are at least twice that of their privacy spend.

The opportunity for tech pros lies in fully leveraging the benefits of APM across the entire application stack, so they can better communicate results to the organizations they serve. "To move beyond simply reactive troubleshooting, tech pros should consider modern APM tools as the keystone to connecting these previously siloed functions to gain comprehensive insight across the entire application stack."

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. According to a report researchers shared with The Hacker News, the first security vulnerability is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft.

Combined with its existing Agent Assist and IVR payment solutions, PCI Pal Digital will enable a true omnichannel secure payments environment for contact centers and businesses taking payments across the globe. "As we see the increased adoption of digital channels within organizations, including both our partners and direct customers, we believe that now is the time to introduce our digital payment offering supplementing our existing Agent Assist and IVR solutions," said James Barham, CEO, PCI Pal.

RiskSense, pioneering risk-based vulnerability management and prioritization, announced a Ransomware Dashboard that automatically reveals an organization's exposure to specific attacks including the ransomware family name, vulnerabilities they exploit, the assets at risk and remediation steps to prevent an infection. To enable organizations to go on the offensive and fix the very vulnerabilities that make ransomware attacks possible, the RiskSense Ransomware Dashboard reveals all assets, including workstations, servers, storage devices and more, at risk from active exploits used by ransomware in the wild.

SIOS Technology, an industry pioneer in providing IT resilience through intelligent application availability, announced the availability of SIOS AppKeeper, the industry's first out-of-the-box solution to automatically respond to service outages on Amazon EC2 instances, protecting applications from service interruptions and downtime while eliminating the need for costly and time-consuming manual intervention. SIOS AppKeeper not only identifies and sends notifications for failures from an intuitive dashboard, it will also automatically attempt to restart failed services or reboot the instance - addressing 85% of application service failures.

Fastly, provider of an edge cloud platform, announced Cloud Optimizer, a new offering that enables critical, high-traffic content delivery by sitting between a company's content delivery network and its central cloud. Cloud Optimizer brings customers with multi-cloud or multi-CDN architectures, especially within commerce and high tech verticals, the real-time control and visibility required to make informed business decisions as quickly as possible, without the need to re-architect network infrastructure.