In the final section of my series on creating a comprehensive security program around Docker [https://nullsweep.com/building-a-docker-security-program], I'll be looking at some ideas and best practices around patching running containers.

In the previous articles, I talked about running static analysis on containers [https://nullsweep.com/docker-static-analysis-with-clair] and rolling

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Free and open source, Gemini CLI brings Gemini directly into developers’ terminals — with unmatched access for individuals.

EuroBSDcon 2024: Stability? Predictability? Reliability? Where's the fun in that?

The Internet Archive has suffered a data breach affecting 31 million accounts and is now offline after its site was defaced and DDoS’d.

While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens that Microsoft uses in their backend for service-to-service (S2S) communication, called “Actor tokens”, and a critical vulnerability in the (legacy) Azure AD Graph API that did not properly validate the originating tenant, allowing these tokens to be used for cross-tenant access.

Spotify recently introduced its security vulnerability management platform, Kitsune. Right from vulnerability detection to providing insights based on metrics, Kitsune manages the overall security vul

Learn how to use the apnea-hypopnea index (AHI) to better understand sleep apnea severity in testing.

When they say "everywhere", do they mean worldwide?

Capture verifiably real moments in the age of Generative AI

The latest tips, tutorials, new, and release info about Elasticsearch, Kibana, Beats, and Logstash...

Nobl9 has released an open specification for defining SLOs and, in addition, has defined a repeatable SLO methodology.

For those who code

Google Photos is getting a tweaked UI and new video editing tools, including AI-powered presets we reported on a while back.

Researchers at the University of New South Wales have made a world-first research breakthrough demonstrating quantum entanglement between two atoms, a crucial underpinning for scaling quantum computers. Entanglement between at least two qubits is the phenomena that enables information to be encoded on a quantum computer and the information to be processed. This was demonstrated by the UNSW-led team between two electrons on separate phosphorus atoms.The phosphorus atoms were implanted on a silicon chip similar to those in the computers and electronics of today, potentially enabling future manufacturing scale up using existing chip fabrication techniques.

Put away your word processor and start writing from the command line using these open source tools.