Archive

Archive for February, 2020

Docker Registries Expose Hundreds of Orgs to Malware, Data Theft | Threatpost

February 10, 2020 Leave a comment

If you were wondering how an attacker can gain access to your organization when you were so careful to validate your software and your laptops and your employees, what out for how they run your software.

Docker base images have long been the target of the more sophisticated attacker now. Let’s face it, creating and setting up tomcat to run your platform isn’t really something that any development team can do so why not use a prebuilt image? It can be so easy to setup a repository and start with a known good base image but watch out for the wolf in sheep’s clothing.

https://threatpost.com/docker-registries-malware-data-theft/152734/

Categories: General

Certificate Expiry – Doh

February 8, 2020 Leave a comment

Don’t you just hate when that happens – you have a nice, professional website that is generating revenue for your company and someone forgets to renew the TLS certificate!

Packt Publishing sure does today when it seems clear that almost all of its visitors will not be able to connect to their website.

It happens to many of us and it is due to poor certificate management. Microsoft Teams announced that they had surpassed Slack as the number one platform for messaging and collaboration but recently experienced an outage due to an expired certificate. Imagine how that affected their reputation and think of the brand impact that could have resulted in incalculable loss!

Whether you have 1 SSL/TLS Certificate protecting your website or you have setup an extensive server farm both inside and outside your organization, managing certificate renewal can bite you in the A$$.

Think strongly about a certificate management program that can alert you to thinks like certificate expiry for items like websites, Internet of Things and even network devices. With the push to ensure that we adopt https everywhere, you will need to manage certificates for almost every endpoint we use for mail, for file and print services and of course for all of the applications that use web based browsers. Even some of the desktop application are just shells that use a custom shell to deliver http based content so you may also have outage associated with certificates for some of the popular applications like Slack and Teams on your desktop.

Prevent outage by discovering and being aware of all of your certificates before someone else tells you!

Categories: General Tags: ,