Article: Session Details: DevOps Connect: DevSecOps - Techstrong Live Events - published over 2 years ago.
Content: Pentesting is critical for DevSecOps. Finding and fixing security vulnerabilities is fundamental to building robust software.
Copy Link: https://www.techstrongevents.com/devopsconnect-devsecops-rsac-2022/session/917240/pentesting-at-scale   
Published: 2022 07 08 23:53:41
Received: 2022 07 09 03:36:32
Feed: Google Alert - devsecops
Source: Google Alert
Category: News
Topic: DevSecOps

Article: Killnet: Russian DDoS Group Claims Attack on US Congress Website - Security Boulevard - published over 2 years ago.
Content: DevOps Connect:DevSecOps @ RSAC 2022. SHARE THIS: Flashpoint Team. July 8, 2022. Table Of Contents. Table of Contents.
Copy Link: https://securityboulevard.com/2022/07/killnet-russian-ddos-group-claims-attack-on-us-congress-website/   
Published: 2022 07 09 02:37:57
Received: 2022 07 09 03:17:15
Feed: Google Alert - devsecops
Source: Google Alert
Category: News
Topic: DevSecOps

Cyber Tzar Free Score Certificate

Article: ClusterFuzzLite: Continuous fuzzing for all - published about 3 years ago.
Content: Posted by Jonathan Metzman, Google Open Source Security TeamIn recent years, continuous fuzzing has become an essential part of the software development lifecycle. By feeding unexpected or random data into a program, fuzzing catches bugs that would otherwise slip through the most thorough manual checks and provides coverage that would take staggering human e...
Copy Link: http://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html   
Published: 2021 11 11 12:00:00
Received: 2022 07 09 03:11:51
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Exploring Container Security: A Storage Vulnerability Deep Dive - published almost 3 years ago.
Content: Posted by Fabricio Voznika and Mauricio Poppe, Google Cloud Kubernetes Security is constantly evolving - keeping pace with enhanced functionality, usability and flexibility while also balancing the security needs of a wide and diverse set of use-cases.Recently, the GKE Security team discovered a high severity vulnerability that allowed workloads to have acce...
Copy Link: http://security.googleblog.com/2021/12/exploring-container-security-storage.html   
Published: 2021 12 02 20:00:00
Received: 2022 07 09 03:11:51
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Improving OSS-Fuzz and Jazzer to catch Log4Shell - published almost 3 years ago.
Content: Posted by Jonathan Metzman, Google Open Source Security TeamThe discovery of the Log4Shell vulnerability has set the internet on fire. Similar to shellshock and heartbleed, Log4Shell is just the latest catastrophic vulnerability in software that runs the internet. Our mission as the Google Open Source Security Team is to secure the open source libraries the ...
Copy Link: http://security.googleblog.com/2021/12/improving-oss-fuzz-and-jazzer-to-catch.html   
Published: 2021 12 16 22:04:00
Received: 2022 07 09 03:11:51
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Summary

Article: Understanding the Impact of Apache Log4j Vulnerability - published almost 3 years ago.
Content: Posted by James Wetter and Nicky Ringland, Open Source Insights Team Editors Note:The below numbers were calculated based on both log4j-core and log4j-api, as both were listed on the CVE. Since then, the CVE has been updated with the clarification that only log4j-core is affected.The ecosystem impact numbers for just log4j-core, as of 19th December are over ...
Copy Link: http://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html   
Published: 2021 12 17 17:25:00
Received: 2022 07 09 03:11:51
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Apache Log4j Vulnerability - published almost 3 years ago.
Content: Like many other companies, we’re closely following the multiple CVEs regarding Apache Log4j 2. Our security teams are investigating any potential impact on Google products and services and are focused on protecting our users and customers.We encourage anyone who manages environments containing Log4j 2 to update to the latest version.Based on findings in our ...
Copy Link: http://security.googleblog.com/2021/12/apache-log4j-vulnerability.html   
Published: 2021 12 18 02:08:00
Received: 2022 07 09 03:11:51
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4 - published almost 3 years ago.
Content: Posted by Laurent Simon and Azeem Shaikh, Google Open Source Security Team (GOSST) Since our July announcement of Scorecards V2, the Scorecards project—an automated security tool to flag risky supply chain practices in open source projects—has grown steadily to over 40 unique contributors and 18 implemented security checks. Today we are proud to announce the...
Copy Link: http://security.googleblog.com/2022/01/reducing-security-risks-in-open-source.html   
Published: 2022 01 19 15:00:00
Received: 2022 07 09 03:11:51
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Article: Vulnerability Reward Program: 2021 Year in Review - published almost 3 years ago.
Content: Posted by Sarah Jacobus, Vulnerability Rewards Team Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of  vulnerabilities – helping keep our users and the internet safe. Thanks to these incredible researchers, Vulnerability Rewar...
Copy Link: http://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html   
Published: 2022 02 10 17:00:00
Received: 2022 07 09 03:11:51
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: 🌹 Roses are red, Violets are blue 💙 Giving leets 🧑‍💻 more sweets 🍭 All of 2022! - published almost 3 years ago.
Content: Posted by Eduardo Vela, Vulnerability Matchmaker Until December 31 2022 we will pay 20,000 to 91,337 USD for exploits of vulnerabilities in the Linux Kernel, Kubernetes, GKE or kCTF that are exploitable on our test lab.We launched an expansion of kCTF VRP on November 1, 2021 in which we paid 31,337 to 50,337 USD to those that are able to compromise our kCTF ...
Copy Link: http://security.googleblog.com/2022/02/roses-are-red-violets-are-blue-giving.html   
Published: 2022 02 14 17:07:00
Received: 2022 07 09 03:11:51
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Mitigating kernel risks on 32-bit ARM - published over 2 years ago.
Content: Posted by Ard Biesheuvel, Google Open Source Security Team Linux kernel support for the 32-bit ARM architecture was contributed in the late 90s, when there was little corporate involvement in Linux development, and most contributors were students or hobbyists, tinkering with development boards, often without much in the way of documentation.Now 20+ years lat...
Copy Link: http://security.googleblog.com/2022/02/mitigating-kernel-risks-on-32-bit-arm.html   
Published: 2022 02 23 17:00:00
Received: 2022 07 09 03:11:51
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Gold Score Certificate

Article: Find and $eek! Increased rewards for Google Nest & Fitbit devices - published over 2 years ago.
Content: Posted by Medha Jain, Program Manager, Devices & Services Security At Google, we constantly invest in security research to raise the bar for our devices, keeping our users safe and building their trust in our products. In 2021, we published Google Nest security commitments, in which we committed to engage with the research community to examine our produc...
Copy Link: http://security.googleblog.com/2022/04/find-and-eek-increased-rewards-for.html   
Published: 2022 04 05 13:00:00
Received: 2022 07 09 03:11:50
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Improving software supply chain security with tamper-proof builds - published over 2 years ago.
Content: Posted by Asra Ali and Laurent Simon, Google Open Source Security Team (GOSST)Many of the recent high-profile software attacks that have alarmed open-source users globally were consequences of supply chain integrity vulnerabilities: attackers gained control of a build server to use malicious source files, inject malicious artifacts into a compromised build p...
Copy Link: http://security.googleblog.com/2022/04/improving-software-supply-chain.html   
Published: 2022 04 07 13:00:00
Received: 2022 07 09 03:11:50
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: How to SLSA Part 1 - The Basics - published over 2 years ago.
Content: Posted by Tom Hennen, Software Engineer, BCID & GOSST One of the great benefits of SLSA (Supply-chain Levels for Software Artifacts) is its flexibility. As an open source framework designed to improve the integrity of software packages and infrastructure, it is as applicable to small open source projects as to enterprise organizations. But with this flex...
Copy Link: http://security.googleblog.com/2022/04/how-to-slsa-part-1-basics.html   
Published: 2022 04 12 16:00:00
Received: 2022 07 09 03:11:50
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Analysis

Article: How to SLSA Part 2 - The Details - published over 2 years ago.
Content: Posted by Tom  Hennen, software engineer, BCID & GOSST In our last post we introduced a fictional example of Squirrel, Oppy, and Acme learning to use SLSA and covered the basics of what their implementations might look like. Today we’ll cover the details: where to store attestations and policies, what policies should check, and how to handle key distribu...
Copy Link: http://security.googleblog.com/2022/04/how-to-slsa-part-2-details.html   
Published: 2022 04 13 16:00:00
Received: 2022 07 09 03:11:50
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: How to SLSA Part 3 - Putting it all together - published over 2 years ago.
Content: Posted by Tom Hennen, software engineer, BCID & GOSST In our last two posts (1,2) we introduced a fictional example of Squirrel, Oppy, and Acme learning to SLSA and covered the basics and details of how they’d use SLSA for their organizations. Today we’ll close out the series by exploring how each organization pulls together the various solutions into a ...
Copy Link: http://security.googleblog.com/2022/04/how-to-slsa-part-3-putting-it-all.html   
Published: 2022 04 14 17:28:00
Received: 2022 07 09 03:11:50
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: The Package Analysis Project: Scalable detection of malicious open source packages - published over 2 years ago.
Content: Posted by Caleb Brown, Open Source Security Team Despite open source software’s essential role in all software built today, it’s far too easy for bad actors to circulate malicious packages that attack the systems and users running that software. Unlike mobile app stores that can scan for and reject malicious contributions, package repositories have limited r...
Copy Link: http://security.googleblog.com/2022/04/the-package-analysis-project-scalable.html   
Published: 2022 04 28 16:05:00
Received: 2022 07 09 03:11:50
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Distribution

Article: Taking on the Next Generation of Phishing Scams - published over 2 years ago.
Content: Posted by Daniel Margolis, Software Engineer, Google Account Security Team Every year, security technologies improve: browsers get better, encryption becomes ubiquitous on the Web, authentication becomes stronger. But phishing persistently remains a threat (as shown by a recent phishing attack on the U.S. Department of Labor) because users retain the ability...
Copy Link: http://security.googleblog.com/2022/05/taking-on-next-generation-of-phishing.html   
Published: 2022 05 11 18:00:00
Received: 2022 07 09 03:11:50
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Privileged pod escalations in Kubernetes and GKE - published over 2 years ago.
Content: Posted by GKE and Anthos Platform Security Teams At the KubeCon EU 2022 conference in Valencia, security researchers from Palo Alto Networks presented research findings on “trampoline pods”—pods with an elevated set of privileges required to do their job, but that could conceivably be used as a jumping off point to gain escalated privileges.The research ment...
Copy Link: http://security.googleblog.com/2022/05/privileged-pod-escalations-in.html   
Published: 2022 05 18 13:03:00
Received: 2022 07 09 03:11:50
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Announcing the winners of the 2021 GCP VRP Prize - published over 2 years ago.
Content: Posted by Harshvardhan Sharma, Information Security Engineer, Google 2021 was another record-breaking year for our Vulnerability Rewards Program (VRP). We paid a total of $8.7 million in rewards, our highest amount yet. 2021 saw some amazing work from the security research community. It is worth noting that a significant portion of the reports we received we...
Copy Link: http://security.googleblog.com/2022/06/announcing-winners-of-2021-gcp-vrp-prize.html   
Published: 2022 06 03 19:03:00
Received: 2022 07 09 03:11:50
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Assesment

Article: SBOM in Action: finding vulnerabilities with a Software Bill of Materials - published over 2 years ago.
Content: Posted by Brandon Lum and Oliver Chang, Google Open Source Security TeamThe past year has seen an industry-wide effort to embrace Software Bills of Materials (SBOMs)—a list of all the components, libraries, and modules that are required to build a piece of software. In the wake of the 2021 Executive Order on Cybersecurity, these ingredient labels for softwar...
Copy Link: http://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html   
Published: 2022 06 14 16:00:00
Received: 2022 07 09 03:11:50
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Game on! The 2022 Google CTF is here. - published over 2 years ago.
Content: Posted by Jan Keller, Technical Entertainment Manager, Bug Hunters Are you ready to put your hacking skills to the test? It’s Google CTF time!The competition kicks off on July 1 2022 6:00 PM UTC and runs through July 3 2022 6:00 PM UTC. Registration is now open at http://goo.gle/ctf.In true old Google CTF fashion, the top 8 teams will qualify for our Hackcel...
Copy Link: http://security.googleblog.com/2022/06/game-on-2022-google-ctf-is-here.html   
Published: 2022 06 21 16:00:00
Received: 2022 07 09 03:11:50
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security

Article: Aerojet Rocketdyne to pay $9 mln to resolve U.S. cybersecurity allegations | Reuters - published over 2 years ago.
Content: After a 2013 cyberattack, Aerojet hired Markus as a senior cyber security official but Markus said he did not have the budget or staff Aerojet had ...
Copy Link: https://www.reuters.com/business/aerospace-defense/aerojet-rocketdyne-pay-9-mln-resolve-allegations-us-cybersecurity-violations-2022-07-08/   
Published: 2022 07 09 01:09:02
Received: 2022 07 09 03:03:25
Feed: Google Alert – "cyber security"
Source: Google Alert
Category: News
Topic: Cyber Security

Cyber Tzar Your Score Explained

Article: Graduates with a master's degree in cybersecurity are landing starting pay of $214000 and up - published over 2 years ago.
Content: When it comes to job demand, it's hard to beat the field of cybersecurity. By 2025 there will be an estimated 3.5 million unfilled cybersecurity ...
Copy Link: https://fortune.com/education/business/articles/2022/07/08/graduates-with-a-masters-degree-in-cybersecurity-are-landing-starting-pay-of-214000-and-up/   
Published: 2022 07 09 00:46:12
Received: 2022 07 09 03:03:22
Feed: Google Alert – cybersecurity
Source: Google Alert
Category: News
Topic: Cyber Security

Article: Artificial Intelligence-based Cybersecurity Market| Rapid increase in the use of mobile and ... - published over 2 years ago.
Content: Do you know the Artificial Intelligence-Based Cybersecurity Market size is expected to grow by USD 18.94 billion at a CAGR of 22.27% during the ...
Copy Link: https://finance.yahoo.com/news/artificial-intelligence-based-cybersecurity-market-012000410.html   
Published: 2022 07 09 01:42:48
Received: 2022 07 09 03:03:21
Feed: Google Alert – cybersecurity
Source: Google Alert
Category: News
Topic: Cyber Security

Article: Joint Cybersecurity Advisory provides information on Maui ransomware - published over 2 years ago.
Content: The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of the Treasury ...
Copy Link: https://homelandprepnews.com/stories/77633-joint-cybersecurity-advisory-provides-information-on-maui-ransomware/   
Published: 2022 07 09 01:51:27
Received: 2022 07 09 03:03:21
Feed: Google Alert – cybersecurity
Source: Google Alert
Category: News
Topic: Cyber Security

Cyber Tzar Risk Groups Explained

Article: Defense contractor Aerojet to pay $9 million over claims it lied to feds about cybersecurity - published over 2 years ago.
Content: California rocket engine maker Aerojet Rocketdyne agreed to pay $9 million to settle claims it lied to the feds about its cybersecurity ...
Copy Link: https://www.sacbee.com/news/business/article263300668.html   
Published: 2022 07 09 02:19:24
Received: 2022 07 09 03:03:21
Feed: Google Alert – cybersecurity
Source: Google Alert
Category: News
Topic: Cyber Security