It’s not DNS. There’s no way it’s DNS. It was DNS. A system administrator’s haiku, many have uttered before. Today it rings true once again. CVE-2020-1350 is a vulnerability found in _all_ versions of Windows Server DNS back to 2003. Found by the folks at Checkpoint, this is a highly critical vulnerability. Not only does […]
Read MoreCategory: security
Cyber Security for Australian Government, National Critical Infrastructure providers and Enterprise using Chef Compliance
On Friday, June 19th 2020, the Australian Prime Minister Scott Morrison called a snap press conference to reveal that the nation was under cyber-attack by a state-based actor. Following this, the nation’s infosec advice agency said that while the attacker had gained access to some systems it had not conducted “any disruptive or destructive activities […]
Read MoreSurvey Results: DevSecOps Drives Efficiency, Security, and Agility
Recently, Chef commissioned a survey of security professionals in order to provide greater insight into what security leaders are most concerned with and how collaboration with I&O (Infrastructure & Operations) is needed within enterprise-sized organizations. We sought out to determine how important DevSecOps is within the Software Development Life Cycle (SDLC), the importance of Audits […]
Read MoreChefConf 2020 Registration is Now Open!
Registration for ChefConf 2020 is now open. Join us in Seattle or London (or both) this June! ChefConf provides a unique opportunity for technology practitioners, DevOps engineers, application delivery engineers, and IT security professionals to hear from some of the world’s largest companies about how they are driving innovation and capturing more value from their […]
Read MoreEmpowering DevSecOps on Google Cloud
October’s nearly over, and for many of us that means an evening full of cobwebs, costumes, candy, tricks, and treats as we prepare for Halloween night. It also means that today is the final day of National Cybersecurity Awareness Month! It’s a fitting pairing, as few things are scarier to an IT professional than the […]
Read MoreProtect Yourself From the RubyGems Backdoor by InSpec’ing Your Fleet
Chef has invested a lot with the Enterprise Automation Stack in security. With Chef InSpec you can easily scan your systems for potential vulnerabilities and then leverage Chef Infra to run remediation across your entire fleet. This is important because last week’s RubyGems vulnerability likely affected other software you have deployed that uses Ruby. To […]
Read MoreChef Confirms No Products Affected by Backdoored RubyGems
At Chef, we have a cross-functional security team who evaluates and responds to potential security incidents. Because a significant portion of our code uses Ruby and Ruby libraries (known as “gems”), we have been paying close attention to the reports of malicious code insertion into several gems. Shortly after the news of the compromise became […]
Read MoreCloud Security Assessments in AWS
In our most recent webinar, Cloud Security Assessment for AWS Instances, we took a look at how Chef can help to secure environments in Amazon Web Services. While our previous webinar focused on providing a high-level overview of the challenges organizations face when securing workloads in the cloud, this time around we gave a hands-on […]
Read More5 Steps for Scaling DevOps
During a webinar delivered by Chef’s SVP of Products and Engineering Corey Scobie, the following five common practices used by DevOps high performers were described: Adopt a coded approach Make it easy to work with code Use the right tool for the right job Enable one way to production Shift risk mitigation left During the […]
Read MoreDon’t Leave Your S3 Buckets Wide Open
IT security can feel like an endless war against the unknown. Especially when your big old comfortable monolith with one access point gets spread out into a million small microservice pieces all over the place. Securing distributed systems is a challenge that requires constant vigilance and attention to detail. It’s more than a single person […]
Read More