A quick Chef way to detect and remediate PrintNightmare

A Microsoft publicly disclosed remote code execution zero-day vulnerability (CVE-2021-34527), now known as “PrintNightmare”, could allow attackers to run code, including malware or ransomware, and take full control of impacted vulnerable systems. Microsoft is urging Administrators to deploy the proper patches as quickly as possible or disable inbound remote printing until the patches can be applied. There are two generally accepted […]

Read More

Automating PCI-DSS Compliance with Chef

Any company that handles credit card data, especially in the United States, is subject to the Payment Card Industry Data Security Standard (PCI DSS), and already knows how difficult and time-consuming PCI audits can be.   Gathering relevant data that demonstrates how each and every configuration item in the cardholder data environment (CDE) is compliant and has been over time, is often a manual […]

Read More

Testing Windows DNS SIGRed Vulnerability with Chef InSpec

It’s not DNS.  There’s no way it’s DNS. It was DNS. A system administrator’s haiku, many have uttered before. Today it rings true once again. CVE-2020-1350 is a vulnerability found in _all_ versions of Windows Server DNS back to 2003. Found by the folks at Checkpoint, this is a highly critical vulnerability. Not only does […]

Read More

Cyber Security for Australian Government, National Critical Infrastructure providers and Enterprise using Chef Compliance

On Friday, June 19th 2020, the Australian Prime Minister Scott Morrison called a snap press conference to reveal that the nation was under cyber-attack by a state-based actor.  Following this, the nation’s infosec advice agency said that while the attacker had gained access to some systems it had not conducted “any disruptive or destructive activities […]

Read More

Automating MAS Technology Risk Management (TRM) Guidelines using Chef InSpec

I’m very privileged to work with a range of FSI organizations across Asia Pacific (APAC) as a Regional Solutions Architect at Chef. Customers in every vertical need help and assistance with continuously auditing their environments inline with industry standards, as well as those set by governments, and independent regulators. The Telecommunications industry is held accountable […]

Read More

Chef InSpec Profile for Critical Salt Vulnerabilities

On April 30, 2020, two critical security vulnerabilities were identified with the SaltStack open source project (github.com/saltstack/salt). These vulnerabilities are critical and must be patched to avoid potential take over of your systems. This vulnerability has been assigned the highest severity rating, 10.0, according to the Common Vulnerability Scoring System, an open framework for communicating […]

Read More

Chef for Compliance Announcement: Waivers Support

Today Chef announces compliance waiver support within Chef InSpec and Chef Automate. Using Chef for compliance provides a holistic solution for enterprises to achieve continuous compliance. Companies audit their various endpoints for compliance against CIS or DISA standards using Chef InSpec, while viewing the aggregate compliance state of their fleet in Chef Automate. Today, customers […]

Read More

An Award-Winning Way to Start 2020

Chef Rings in 2020 with Multiple Industry Award Wins for Chef EAS and Chef InSpec Chef is kicking off 2020 on a high note announcing five new industry awards signifying our ongoing recognition from the industry as the DevOps leader. These awards underscore the Chef team’s hard work and strong leadership, as well as the […]

Read More

Preparing for April End of Support Dates

This coming April will mark one year since the introduction of the Chef Enterprise Automation Stack. As part of this release, we announced that all of our products are now open source under the Apache 2 license and that Chef’s tested, enterprise-ready software distributions (binaries) are subject commercial license terms going forward.  Today anyone can […]

Read More