Updated Beta 4 of iOS 18 & iPadOS 18 Released
Apple has issued updated 4th beta versions for iOS 18 and iPadOS 18. The new build is 22A5316k. It’s unclear what the purpose of the newly released 4th beta build is, but given it’s small size and quick release, it’s reasonable to assume it’s either a bug fix or security patch. If you have already … Read More ⌘ Read more

3 Ways CARIAD Configures Docker Business for Security and Compliance
Find out how CARIAD configures Docker for security and compliance using Docker Single Sign-On, Image Access Management, and Windows Subsystem for Linux 2. ⌘ Read more

Empowering Developers with Docker: Simplifying Compliance and Enhancing Security for SOC 2, ISO 27001, FedRAMP, and More
With a Docker Business subscription, Docker customers have access to granular controls and a full product suite to help them maintain compliance and improve security. ⌘ Read more

Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine
Certain versions of Docker Engine have a security vulnerability that could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users. ⌘ Read more

Release Candidate for iOS 17.6, macOS Sonoma 14.6, iPadOS 17.6 Available for Testing
Apple has issued the Release Candidate builds for iOS 17.6 for iPhone, ipadOS 17.6 for iPad, and macOS Sonoma 14.6 for Mac. Release Candidate builds are typically the last finalized beta build, which, assuming there are no significant bugs or security issues found, often matches the final version of that software to be released to … [Read More](https://osxdaily.com/20 … ⌘ Read more

Authentication vs authorization: understanding the difference
Member post originally published on the Cerbos blog by Omu Inetimi Authentication vs Authorization: Understanding the Difference In recent times, security in modern applications cannot be overemphasized. It is extremely important to ensure our applications have proper security… ⌘ Read more

Lessons from CrowdStrike’s Buggy Update: The Critical Importance of Robust Release Processes
Community post by Andrés Vega, CNCF TAG Security Recent events involving CrowdStrike’s Falcon security software have underscored a critical lesson across the industry : the importance of having a robust, secure release process. This incident serves as a… ⌘ Read more

How to Measure DevSecOps Success: Key Metrics Explained
Discover two key metrics to measure your DevSecOps progression effectively. Learn how tracking security vulnerabilities over time and ensuring compliance with security policies can enhance your organization’s security posture, driving continuous improvement in your DevSecOps practices. ⌘ Read more

Gajim: Gajim 1.9.1
Gajim 1.9.1 introduces a menu button, adds improvements for Security Labels, and fixes some bugs. Thank you for all your contributions!

Since Gajim 1.9.0, you can toggle Gajim’s main menu bar by pressing Ctrl+M. In order to have a proper replacement for when the menu bar is hidden, we added a menu button to the top left, which contains all of the menu bar’s items.

If you are using Security Labels ( XEP-0258) with Gajim, you ca … ⌘ Read more

Mastering DevSecOps with Devtron: a strategic approach
Member post originally published on the Devtron blog by Nishant As the adoption of Kubernetes continues to grow, organizations encounter numerous challenges in securing their software development and deployment processes. Integrating security practices into DevOps, known as DevSecOps,… ⌘ Read more

GitHub Enterprise Server 3.13 is now generally available
With this version, customers can choose how to best scale their security strategy, gain more control over deployments, and so much more.

The post GitHub Enterprise Server 3.13 is now generally available appeared first on The GitHub Blog. ⌘ Read more

Where AI meets cloud native security
Not sure where to get started when it comes to cloud native security and artificial intelligence? Look no further than CloudNativeSecurityCon North America 2024 in Seattle, which opens up with the co-located Secure AI Summit on June 25,… ⌘ Read more

The New Stack: “A Chat With CloudNativeSecurityCon North America 2024 Co-chairs”
Conference leaders share their thoughts on the latest trends and challenges in cloud native security, and the sessions they are most looking forward to. ⌘ Read more

Erlang Solutions: Top 5 Tips to Ensure IoT Security for Your Business
In an increasingly tech-driven world, the implementation of IoT for business is a given. According to the latest data, there are currently 17.08 billion connected IoT devices– and counting. A growing number of devices requires robust IoT security to maintain privacy, protect sensitive data and prevent unauthorised access to connected devices.

A si … ⌘ Read more

10 years of the GitHub Security Bug Bounty Program
Let’s take a look at 10 key moments from the first decade of the GitHub Security Bug Bounty program.

The post 10 years of the GitHub Security Bug Bounty Program appeared first on The GitHub Blog. ⌘ Read more

Status 2024-06-08
Evening, hackers! I feel a column coming on!

TL;DR: In which we learn about the EU parliament election, some
ruminations about the death of XMPP, MC’s flat being without drains
for two months, a visit at the Lund Linux Conference, another at the
Security Fest conference, fighting against a Supermicro server, and
some other recent shenanigans,

I voted today. Yes, I know. The EU is still a strange marvel of
functional bureaucracy and not the federated worker’s Union of Europe
we all would lik … ⌘ Read more

Erlang Solutions: 10 Unusual Blockchain Use Cases
When Blockchain technology was first introduced with Bitcoin in 2009, no one could have foreseen its impact on the world or the unusual cases of blockchain that have emerged. Fast forward to now and Blockchain has become popular for its ability to ensure data integrity in transactions and smart contracts.

Thanks to its cost-effectiveness,  transparency, speed and top security, it has found its way into many industries, with blockchain spending exp … ⌘ Read more

ProcessOne: Understanding messaging protocols: XMPP and Matrix
In the world of real-time communication, two prominent protocols often come into discussion: XMPP and Matrix. Both protocols aim to provide robust and secure messaging solutions, but they differ in architecture, features, and community adoption. This article delves into the key differences and similarities between XMPP and Matrix to help you understand which might be better suited for your needs.

XMPP (Extensible Messaging and … ⌘ Read more

ProcessOne: Understanding messaging protocols: XMPP and Matrix
In the world of real-time communication, two prominent protocols often come into discussion: XMPP and Matrix. Both protocols aim to provide robust and secure messaging solutions, but they differ in architecture, features, and community adoption. This article delves into the key differences and similarities between XMPP and Matrix to help you understand which might be better suited for your needs.

XMPP (Extensible Messaging and … ⌘ Read more

ProcessOne: Understanding messaging protocols: XMPP and Matrix
In the world of real-time communication, two prominent protocols often come into discussion: XMPP and Matrix. Both protocols aim to provide robust and secure messaging solutions, but they differ in architecture, features, and community adoption. This article delves into the key differences and similarities between XMPP and Matrix to help you understand which might be better suited for your needs.

XMPP (Extensible Messaging and … ⌘ Read more

ProcessOne: Understanding messaging protocols: XMPP and Matrix
In the world of real-time communication, two prominent protocols often come into discussion: XMPP and Matrix. Both protocols aim to provide robust and secure messaging solutions, but they differ in architecture, features, and community adoption. This article delves into the key differences and similarities between XMPP and Matrix to help you understand which might be better suited for your needs.

XMPP (Extensible Messaging and … ⌘ Read more

Docker Announces SOC 2 Type 2 Attestation & ISO 27001 Certification
Docker demonstrates commitment to security by achieving SOC 2 Type 2 attestation and ISO 27001:2022 certification. ⌘ Read more

Remko Tronçon: Packaging Swift apps for Alpine Linux
While trying to build my Age Apple Secure Enclave plugin, a small Swift CLI app, on Alpine Linux, I found out that Swift isn’t able to create musl binaries. This means none of the pre-built Linux binaries (nor the Swift compiler) work on Alpine. The assumption that Linux implies glibc apparently runs deep into the Swift internals, so although some work i … ⌘ Read more

Police investigate large-scale healthcare data breach
Australia’s National Cyber Security Coordinator has not named the company, but says federal police and government agencies are probing the hack. ⌘ Read more

Police investigate large-scale healthcare data breach
Australia’s National Cyber Security Coordinator has not named the company, but says federal police and government agencies are probing the hack. ⌘ Read more

MacOS Ventura 13.6.7 & macOS Monterey 12.7.5 Updates Available
macOS Ventura 13.6.7, macOS Monterey 12.7.5, and Safari 17.5 are now available as software updates for Mac users who are not running the macOS Sonoma operating system and the just released MacOS Sonoma 14.5 update. macOS Ventura 13.6.7, macOS Monterey 12.7.5, and Safari 17.5 focus on security fixes and are not expected to include any … [Read More](https://osxdaily.com/2024/05/14/macos-ventura-13-6-7-macos- … ⌘ Read more

Securing Git: Addressing 5 new vulnerabilities
Git is releasing several new versions to address five CVEs. Upgrading to the latest Git version is essential to protect against these vulnerabilities.

The post Securing Git: Addressing 5 new vulnerabilities appeared first on The GitHub Blog. ⌘ Read more

MacOS Ventura 13.6.7 & macOS Monterey 12.7.5 Updates Available
macOS Ventura 13.6.7 and macOS Monterey 12.7.5 are now available as software updates for Mac users who are not running the macOS Sonoma operating system and the just released MacOS Sonoma 14.5 update. macOS Ventura 13.6.7 and macOS Monterey 12.7.5 focus on security fixes and are not expected to include any significant changes, bug fixes, … [Read More](https://osxdaily.com/2024/05/14/macos-ventura-13-6-7-ma … ⌘ Read more

iOS 16.7.8 & iPadOS 16.7.8 Updates for Older iPhones & iPads Available
Alongside iOS 17.5 and iPadOS 17.5, Apple has also released iOS 16.7.8 and iPadOS 16.7.8 updates for older model iPhone and iPads. iOS 16.7.8 and iPadOS 16.7.8 include security fixes and do not appear to have any other changes. iOS 16.7.8 and iPadOS 16.7.8 are available for iPhone 8, iPhone 8 Plus, iPhone X, iPad … [Read More](https://osxdaily.com/2024/05/14/ios-16-7-8-ipados-16-7-8-upda … ⌘ Read more

Docker Desktop 4.30: Proxy Support with SOCKS5, NTLM and Kerberos, ECI for Build Commands, Build View Features, and Docker Desktop on RHEL Beta
Read about new features in Docker Desktop 4.30, such as improved SOCKS5 proxy support, advanced integration with NTLM and Kerberos, and extended Enhanced Container Isolation to secure build environments. ⌘ Read more

iOS 17.5 & iPadOS 17.5 Updates Released with Bug Fixes
iOS 17.5 for iPhone, and iPadOS 17.5 for iPad, have been released by Apple. The new software updates are available with bug fixes, security enhancements, enhancements to Apple News, and a new Pride Radiance wallpaper from Apple to celebrate the LGBTQIA2S++ communities for Pride month. Separately, updates are also available for watchOS 10.5, tvOS 17.5, … [Read More](https://osxdaily.com/2024/05/13/ios-17-5-ipados-17-5-update-download … ⌘ Read more

MacOS Sonoma 14.5 Update Released with Security Fixes
Apple has released MacOS Sonoma 14.5 for Mac users running the Sonoma operating system. The MacOS 14.5 update includes bug fixes, security enhancements, and some changes and improvements to add various word games to the paid Apple News+ service. Mac users running earlier versions of system software will find MacOS Ventura 13.6.7 and MacOS Monterey … [Read More](https://osxdaily.com/2024/05/13/macos-sonoma-14-5-update-released- … ⌘ Read more

A step-by-step guide to securely upgrading your EKS clusters
Member post originally published on Fairwinds’s blog by Stevie Caldwell As an agile open source project, Kubernetes continues to evolve, as does the cloud computing landscape. Keeping up with the latest versions isn’t practical for many organizations, and… ⌘ Read more

A new course: how to use Dapr and WebAssembly to build scalable and secure cloud apps
If it’s time to expand your skill set and master relevant new technologies, Linux Foundation Training and Certification and the Cloud Native Computing Foundation have a new course, Dapr with WebAssembly (LFD233). At a time when technology is… ⌘ Read more

Wasm vs. Docker: Performant, Secure, and Versatile Containers
Learn what WebAssembly is, why to use it, and how Docker and Wasm work together. ⌘ Read more

How AI enhances static application security testing (SAST)
Here’s how SAST tools combine generative AI with code scanning to help you deliver features faster and keep vulnerabilities out of code.

The post How AI enhances static application security testing (SAST) appeared first on The GitHub Blog. ⌘ Read more

Get the first look at CloudNativeSecurityCon North America 2024’s schedule, add-on events, and more
The schedule for CloudNativeSecurityCon North America 2024 is now live, and is filled with 75 sessions offering practical solutions and thoughtful discussions of some of the biggest challenges in security today. The conference will be held June 26… ⌘ Read more

CloudNativeSecurityCon North America 2024 Schedule Highlights Innovations in Modern Security Approaches
The premier conference for cloud native security reunites the leading minds to share solutions to the most pressing challenges through innovative technologies SAN FRANCISCO, Calif. – May 8, 2024– The Cloud Native Computing Foundation® (CNCF®), which builds sustainable… ⌘ Read more

Is your supply chain secure? Double check with our framework
A secure supply chain is a critical piece of cloud native security, and it can be tricky to get right because it covers such a broad expanse of factors from code to pipelines and beyond. Join us on… ⌘ Read more

5 tips to supercharge your developer career in 2024
From mastering prompt engineering to leveraging AI for code security, here’s how you can excel in today’s competitive job market.

The post 5 tips to supercharge your developer career in 2024 appeared first on The GitHub Blog. ⌘ Read more

Where does your software (really) come from?
GitHub is working with the OSS community to bring new supply chain security capabilities to the platform.

The post Where does your software (really) come from? appeared first on The GitHub Blog. ⌘ Read more

Docker and JFrog partner to further secure Docker Hub and remove millions of imageless repos with malicious links
Docker and JFrog partner further secure Docker Hub by removing millions of imageless repos with malicious links. ⌘ Read more

CodeQL zero to hero part 3: Security research with CodeQL
Learn how to use CodeQL for security research and improve your security research workflow.

The post CodeQL zero to hero part 3: Security research with CodeQL appeared first on The GitHub Blog. ⌘ Read more

Securing millions of developers through 2FA
We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.

The post Securing millions of developers through 2FA appeared first on The GitHub Blog. ⌘ Read more

Cloud Custodian completes audit to strengthen security posture and enable continuous assessment
Project post by Cloud Custodian maintainers The Cloud Custodian maintainers are happy to complete a successful security audit with Ada Logics. The Open Source Technology Improvement Fund (OSTIF) facilitated this audit, which was generously funded by the Cloud… ⌘ Read more

Linux-Compatible DEBIX Infinity with PCIe x1 & Dual GbE Ports
Linux ready Debix Infinity with PCIe x1 & Dual GbE ports
At Embedded World 2024, OKdo and DEBIX unveiled the DEBIX Infinity Industrial Single Board Computer, featuring the NXP i.MX 8M Plus Quad Lite processor. This device is designed for a variety of industrial applications such as smart robotics, Industry 4.0, edge computing, IoT gateways, and security systems. ⌘ Read more

Docker Desktop 4.29: Docker Socket Mount Permissions in ECI, Advanced Error Management, Moby 26, and New Beta Features
Docker Desktop 4.29 introduces enhancements to secure and streamline the development process and to improve error management and workflow efficiency. With the integration of Enhanced Container Isolation (ECI) with Docker socket mount permissions, the debut of Moby 26 within Docker Desktop, and exciting features such as Docker Compose enhancements via synchronized file shares reaching Beta, we’re equipp … ⌘ Read more

K8s Benchmark Report: are organizations meeting NSA hardening checks?
Member post originally published on Fairwinds’s blog by Joe Pelletier The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) continue to update their Kubernetes hardening guidance, making recommendations to help organizations ensure they are hardening their Kubernetes clusters. This… ⌘ Read more

My experience with Secure Scuttlebutt ⌘ Read more

Debian’s Dedication to Security: A Robust Foundation for Docker Developers
We outline how and why Debian operates as a secure basis for development and makes a good choice for Docker Official Images. ⌘ Read more