Unit 42 released a threat report from analyzed data from a variety of public data sources around the world to draw conclusions about the growing threats organizations face today in their software supply chains. In the analysis, Unit 42 found:
63% of third-party code templates used in building cloud infrastructure contained insecure configurations.
96% of third-party container applications deployed in cloud infrastructure contain known vulnerabilities.
Saumitra Das, CTO and Cofounder, Blue Hexagon had this to say:
“Given business pressure on developer teams, it is impractical to assume you can harden yourself to be fully secure via IaC checking and vulnerability management. Organizations are unable to enforce IaC companywide and even known CVEs can take weeks and months to patch just on external facing workloads. Even simpler fixes like misconfigurations take days and weeks to fix even after detection. This report is in line with what we see at organizations trying to be secure in the cloud. The key is not to put all your eggs in the shift-left basket but perform continuous lifecycle threat detection and response in the cloud.”
Companies should have a look at this and take the advice of Saumitra to ensure that they stay safe and do not become the next headline.
Posted in Commentary with tags BPTN on September 30, 2021 by itnerd
Toronto-based BPTN (Black Professionals In Tech Network) will host its third annual Global Tech Summit BFUTR (Be Future) 2021, the world’s largest virtual tech summit for Black professionals and allies on October 28th-29th. This year’s Summit features over 60+ Black professionals and allies participating in keynote addresses, workshops, and panel discussions, while boasting an exciting lineup of movers and shakers from major corporations across North America.
This year’s lineup is stronger than ever, and features industry titans from across sectors and industries; from D.L. Hughley(actor, broadcaster, comedian), Michelle C. Meyer-Shipp (MLB – Major League Baseball executive), and Janeen Uzzell (CEO, National Society of Black Engineers), all the way to Canadian tech stars including Lola Oyelayo-Pearson (Shopify) and Gladstone Grant (Microsoft).
At this year’s Summit, attendees will get exclusive access to the impressive list of local and international speakers from leading global organizations who are shaping the future of technology, and leading the way in diversity and inclusive leadership. You don’t want to miss it!
Posted in Products with tags Spigen on September 30, 2021 by itnerd
When Apple shipped the iPhone 12 series, they brought forward “Ceramic Shield” to make the screen far more shatter resistant. However shatter resistance is inversely proportional to scratch resistance. In other words, your new and really expensive iPhone 13 has a screen that is more likely to scratch. Which means that you need a screen protector. That’s where the Spigen EZ FIT GLAS.tR SLIM Screen Protector For The iPhone 13 comes in.
It claims to be an extremely to easy to apply 9H hardness screen protector that will protect your iPhone 13. Let’s test that to find out. Here’s what you get in the box:
Inside the box you get two screen protectors, a pack of screen cleaning wipes, microfibre cloth, dust removal tape, and instructions. The cool thing about this screen protector is that it is built into the tray which is exactly sized for your iPhone. Not pictured is a squeegee.
All of this means that installation should be pretty straightforward. At it is…. For the most part:
First you need to remove your old screen protector if you have one and use one of the screen cleaning wipes to clean the screen. Then use the dust removal tape to remove any dust that’s left on the screen.
Next is to put the installation tray on the screen after removing the backing tape on the screen protector.
Then you need to slide your finger up and down the channel in the middle of the screen protector to get rid of as many bubbles as possible. Wait 30 seconds then pull the tab off. Then you remove the front tape and use the squeegee to get rid of any remaining bubbles. In my case there were a few. Once you do that, you can declare victory and have a beer. Although my installation wasn’t 100% perfect. I had a couple of specks of dust that I didn’t clean. So I had to redo it with the second screen protector to get this result:
One other thing that you should note is that this screen protector is not an edge to edge screen protector. That’s because it’s designed to be used with cases as an edge to edge screen protector may pop off if you use a case with it. In my case my wife’s daily driver is this Spigen Tough Armor case and because it is from the same company, it works very well as that case does not interfere with it. The last thing that I note is that thus far, this screen protector seems to resist smudges and fingerprints, is easy to clean, and interacting with it doesn’t feel any different. All of which is a good thing. Now I didn’t test scratching it and seeing if it survives an impact. That’s because I would argue most of these screen protectors advertise 9H hardness as this one does and they tend to scratch with a 6 or 7 pick on the MOHS scale which is pretty tough. So any testing in this regard in my opinion is kind of irrelevant as you will get a decent amount of protection out of it as long as you don’t abuse it as long as you don’t buy something that’s too low on the food chain. Which this one is not.
The Spigen EZ FIT GLAS.tR SLIM Screen Protector For The iPhone 13 goes for $34.99 USD. It’s relatively easy to install, gives you great clarity, and should give you the protection that you need for the screen of your new iPhone 13.
Unit 42 Threat Report Shows The Full Scope Of Supply Chain Attacks In The Cloud
Posted in Commentary with tags Security on September 30, 2021 by itnerdUnit 42 released a threat report from analyzed data from a variety of public data sources around the world to draw conclusions about the growing threats organizations face today in their software supply chains. In the analysis, Unit 42 found:
Saumitra Das, CTO and Cofounder, Blue Hexagon had this to say:
“Given business pressure on developer teams, it is impractical to assume you can harden yourself to be fully secure via IaC checking and vulnerability management. Organizations are unable to enforce IaC companywide and even known CVEs can take weeks and months to patch just on external facing workloads. Even simpler fixes like misconfigurations take days and weeks to fix even after detection. This report is in line with what we see at organizations trying to be secure in the cloud. The key is not to put all your eggs in the shift-left basket but perform continuous lifecycle threat detection and response in the cloud.”
Companies should have a look at this and take the advice of Saumitra to ensure that they stay safe and do not become the next headline.
Leave a comment »