433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps

GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose protection settings, and required templates go missing. An open-source tool called Plumber automates the detection of those conditions by scanning pipeline configuration and repository settings directly. What Plumber checks Plumber reads a project’s .gitlab-ci.yml file and queries the GitLab API to produce a compliance report. It includes eight controls that teams can … More → The post Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps appeared first on Help Net Security.
http://news.poseidon-us.com/TRf0Jm

NIST updates its DNS security guidance for the first time in over a decade

DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more than twelve years. NIST published SP 800-81r3, the Secure Domain Name System Deployment Guide, superseding a version that dates to 2013. The document covers three main areas: using DNS as an active security control, securing the DNS protocol itself, and protecting the servers and infrastructure that run DNS services. … More → The post NIST updates its DNS security guidance for the first time in over a decade appeared first on Help Net Security.
http://news.poseidon-us.com/TRdzPM

Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What smart factories keep getting wrong about cybersecurity In this Help Net Security interview, Packsize CSO Troy Rydman breaks down the biggest vulnerabilities in smart factory environments today, from IoT devices and legacy systems to human error. He explains how unmanaged devices, from sensors to robotic components, often go unpatched and become entry points for attackers. Certificate lifespans are shrinking … More → The post Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw appeared first on Help Net Security.
http://news.poseidon-us.com/TRdNk7

As HHS limits telework, disabled veterans say they’re running out of options for accommodations

HHS recently required employees to swipe their ID badges when entering and leaving the office, to get “real-time visibility into building occupancy.”
http://news.poseidon-us.com/TRd54d