Blog

Patch Management is a strategic process of acquiring, testing, and installing updated software. But, most of the companies find themselves comply less than strictly with their patching schedule. Customers can reduce risk while lengthening their patching cycles, helping their overtaxed IT departments, and reducing patching costs by simply applying this patch management

Virtual Patching gives a rapid way of a solution to provide web security. Even though the preferred solution is temporary, it would fix the vulnerable web application. Once the code gets fixed, the virtual patch is being deployed on every ingress point which can access the code and the new

Safeguarding the company’s assets against existing and emerging vulnerabilities is the most critical task that security teams are struggling with.  Virtual Patching can be a great choice for corporate having multiple websites. The central management of virtual patching can save a lot of time, if the sites have the same

Various tools are used to achieve Deep Security virtual patching. It includes: Web Application Firewall (WAF) Intrusion Prevention System (IPS) Web server plugin Application layer filter  The following features need to be considered while selecting a tool for Virtual Patching solutions: The virtual patching tool must be able to inspect

From the technical point of view, the initial mitigation strategy would be for an organization to rectify the discovered vulnerability within the source code of the web application. This is globally accepted by web application security experts and system owners. But nowadays, there arise many situations where modifying the source

Today’s systems can be considered as very advanced as well as complex, with multiple dependencies and interrelationships. It requires a lot of time to develop a fix and test it in operation. Implementation of a virtual patch does not modify the operation of the underlying application or the systems that

The term patch is misleading because the vulnerable system is not being patched. A quick repair job for a piece of software code is called a patch. It is developed and distributed as a replacement or insertion of rule(s) to restrict the inputs and outputs to the vulnerable application in

“Virtual Patching” is a term that was initially used by Intrusion Prevention System vendors many years ago. It is also known as External Patching or Just-in-time Patching. This term is not only web-application specific but mainly used by WAF providers over the past years. In today’s dynamically changing IT world,

With the running application, we want to access one service. Let’s create a ClusterIP type of service. We can: Create a yaml manifest for the service and apply it, or Use the “kubectl expose” command creates a service without creating a yaml file. Like all Kubernetes objects, services are defined

Kube-Proxy Kube-proxy implements a form of virtual IP for services for all types except ExternalName. Three modes are: (a) Proxy-mode: userspace kube-proxy monitors the Kubernetes master, observe services and endpoints objects that get added or deleted. The mode opens a random port on the local node for each service. Every

Key Terms Nodes: Virtual host(s) on which containers/pods are running. Kubernetes Service: A logical set of pods that perform identical functions. These will be accessed through the DNS name of the service. Types of Kubernetes Services There are four types of services that are defined by how they expose the

Key Terms: Pods: One or more containers that shares the storage and network with a Kubernetes configuration, mentioning the behavior of those containers. Kubernetes Services A Kubernetes service is outlined as a logical set of pods that perform identical functions. These will be accessed through the DNS name of the

Security should extend beyond images and workloads and defend the complete environment, as well as the cluster infrastructure. You want to secure your clusters, nodes and also the container engine. Kubernetes Infrastructure Security Practices Update your Kubernetes to the most recent version. Because solely the last 3 versions of Kubernetes

Kubernetes Security: Runtime Phase The runtime phase exposes containerised applications to a slew of recent security challenges. The aim is to gain visibility into your running environment and discover and reply to threats as they arise. Proactively securing your containers and Kubernetes deployments at the build and deploy phases will

Kubernetes Container Security in Deployment Phase Kubernetes infrastructure ought to be designed firmly before workloads being deployed. From a security perspective, you initially need visibility into what you’re deploying – and the way. Then you’ll determine and reply to security policy violations. At a minimum, you would like to know:

Overview : Kubernetes Security: Build Phase Securing containers and Kubernetes starts within the building part with securing your container images. Your time spent right here pays dividends later due to the fact any neglected protection excellent practices at this factor may be considerably greater luxurious to restore down the line

Overview : Around 87% of organizations are using Kubernetes container orchestration to manage their container workloads. Each of the security issues correlates with a container lifecycle phase. It is better to counteract known vulnerabilities in the build phase, misconfigurations in the build/deploy phase, and responds to threats at runtime. Kubernetes

Overview : Kubernetes helps the enterprises to automate their application deployment for the business benefits. Now-a-days Kubernetes security can be considered as a critical component for all deployments because the new deployments might be vulnerable to attacks and exploits from hackers or insiders. Different kind of attacks will be launched

Cyber landscape predictions FireEye Mandiant has delivered its cyber landscape predictions for the coming year, including growing and affiliate-supported espionage, increased targeting of OT by ransomware, and continued targeting of healthcare. Due to COVID-19 pandemic, the cyber activity has been dominated and will continue into future. The techniques learned and

Overview : Multiple vulnerabilities reported in GitLab EE Affected Product(s) : Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. Vulnerability Details : CVE ID : CVE-2020-13348 An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could

Prototype Pollution Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. The vulnerability happens when parameters are injected and relied on by means of the susceptible website

  CVE-2019-20901 Proof of Concept : The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.

A new variant of popup injector WordPress malware is spreading and affecting 1000s of WordPress websites. The  web master was getting once in a weekly email from visitors complaining about adult content popups on the website. Update – Contact security@prophaze.com to clean this variant and secure your website from similar

Overview : PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm. CVE-2020-11547   References MISC:https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure