_811205.png)
_e196d8.png)
_32b3d9.png)
_1c53fe.png)
- 0 comments
- 50 views
-
Tech
Tech Articles from a wide variety of topics and categories
Want to try it out? Download Rovo Dev CLI here.
Unleash agentic AI in your terminal
Rovo Dev in the CLI is crafted for developers who thrive in the terminal environment. It transforms into an intelligent AI partner that understands, codes, and integrates seamlessly with your existing tools.
It addresses key challenges faced by software engineers through:
Code understanding and navigation: Gain insights into your codebase, generate documentation, and receive code explanations without leaving your terminal. Development acceleration: Speed up your development cycle with AI-assisted code completion, intelligent refactoring suggestions, automated testing, and interactive debugging. Atlassian ecosystem: Seamlessly work with Jira issues, update Confluence documentation, and manage your development tasks directly from the terminal – no more context switching between tools. Security and administration: Implement robust permission controls and protocols while efficiently tracking resource utilization and managing user access through role-based permissions. Maintain comprehensive usage monitoring and cost management. Extensibility and customization: Configure tool permissions, optimize your workflow, and extend functionality by connecting your MCP server to match your team’s specific needs. Raising the bar – Scoring #1 on SWE-bench
Rovo Dev CLI achieves the highest score on the SWE-bench full benchmark leaderboard, reaching 41.98% resolve rate across 2,294 tasks in the full dataset, surpassing all other submissions. Maintained by researchers at Princeton and Stanford, SWE-bench is the leading benchmark for evaluating AI agents on real-world issue resolution, testing their ability to make context-aware code edits across open-source projects.
This officially published score positions Atlassian at #1 on the leaderboard, demonstrating our leadership in practical AI applications for software development and underscoring Rovo Dev’s advanced capabilities in real-world code understanding and automated problem solving. See the full leaderboard here.
How teams are using Rovo Dev CLI
Teams using Rovo Dev CLI have quickly made it part of their daily workflow. Engineers rely on it to stay focused by offloading routine tasks like code navigation, feature implementation, and documentation generation. The agent helps developers understand new codebases, implement features with web-integrated research via MCP servers, and assist in complex code migrations, all without leaving the terminal environment.
By eliminating the need to switch between different tools and interfaces, Rovo Dev helps development teams stay in their flow state while working on what matters most.
Let’s explore how Rovo Dev brings intelligent assistance to your terminal through real-world development scenarios:
Explore and understand your codebase
Understanding your codebase is the first step to productive development. Watch as Rovo Dev analyzes entire repositories in seconds, answering natural language questions about code structure and technical implementations to help developers quickly navigate complex projects.
Connect to Jira, Confluence, and Bitbucket
See how you can connect MCP servers to Rovo Dev. In this example, we connect with Jira, Confluence, and Bitbucket to complete a work item end-to-end. From retrieving web data to updating the codebase, all in the terminal, with zero manual coding. And, if you’re using Jira with GitHub, we’ve got you covered, too.
Adaptive memory system
Rovo Dev’s intelligence grows with your project through its memory system. Watch how it uses memory files to retain project knowledge and adapt its behavior – you can even customize its personality to match your team’s style!
Code migration assistance
Finally, witness how Rovo Dev helps to tackle larger challenges like codebase migrations. Through structured analysis and step-by-step execution, it helps manage complex transitions while keeping developers in control of the process.
These demonstrations showcase just a few ways Rovo Dev can enhance your development workflow. Whether you’re exploring new codebases, implementing features, or managing large-scale changes, Rovo Dev serves as your intelligent partner in the terminal.
Join the future of development
Rovo Dev is your context-aware AI teammate for the entire software development lifecycle. Powered by Atlassian’s Teamwork Graph, Rovo Dev understands your company, your projects, and your goals, and connects the dots across Jira, Confluence, Bitbucket, Compass, and more.
Rovo Dev in the CLI is the first enterprise-ready agent experience available in your terminal, designed to enhance productivity and streamline your software development process.
We invite you to download Rovo Dev in the CLI and learn more about additional Rovo Dev capabilities. Your feedback will be invaluable in helping us refine and enhance this powerful tool. Welcome to the era of intelligent development on the command line!
Get started with Rovo Dev CLI The post Rovo Dev agent, now available in the CLI appeared first on Work Life by Atlassian.
View the full article
- 0 comments
- 54 views
-
Here’s our takeaways from the event about software supply chain security trends:
Software supply chain attacks reach unprecedented scale leveraging open source packages
An analysis of recent software supply chain attacks by JFrog’s CTO Asaf Karas shed light on how malicious actors leverage AI and software supply chains on their exploits. Recent attacks combine existing techniques, like phishing, in combination with AI prompts that recursively write and execute code in order to compromise hundreds of thousands of systems running popular open source packages. A few examples include Shai Hulud, Red Donkey, and the recent NPM package phishing attack. So far, despite these attacks’ scale, damages have been limited due to the still rudimentary nature of these exploits. Expect more software supply chain attacks as well as more sophistication in the coming year.
New Roles of Governance as a Security Layer
The best way to avoid software supply chain attacks is to not have malicious code entering software supply chains in the first place. That’s where governance comes into play. Taking control of gate points during the software development lifecycle, for example during dependency scanning, build pipelines, and deployments is not enough. It is necessary to block malicious or risky code before it enters the software supply chain. Not only that, but also tools need increased interoperability to detect all potential attack vectors.
Addressing MCP Challenges in AI Development
MCP’s ability to leverage both deterministic and non-deterministic outcomes by connecting an LLM client to many different servers seems to be the main reasons companies are betting on the technology to build applications that deliver value to customers. Moreover, because each server can run independently from one another, it becomes possible to add governance layers on MCP servers, reducing risks of hallucination or unexpected results. Overall, we agree with JFrog’s assessment and look forward to opportunities where Docker and JFrog MCP technologies can work together for a safer and smoother enterprise AI developer experience.
Building on Strong Open Source Foundations Is Core in the AI Era
The fireside chat between Gal Marder, JFrog’s Chief Strategy Officer, and Michael Donovan, Docker’s VP of Product, explored how organizations can protect themselves from risks in unverified open source dependencies. They emphasized the importance of starting with strong foundations: using hardened images, maintaining them throughout their lifecycle, including those that have reached end of life, and ensuring visibility and governance across every stage. Strong third-party integrations are essential to manage this complexity effectively and extend security and trust from development to delivery.
Conclusion: Build strong foundations, keep it consistent, stay ahead
Software development is changing fast as AI becomes part of everyone’s workflow, developers and attackers alike. The best way to stay ahead is to build protection early by starting with strong foundations and keep it consistent across every stage with governance, visibility, and strong partnerships. Only then can teams innovate with confidence and speed as the landscape evolves. Exciting times!
Learn more
Subscribe to the Docker Navigator Newsletter Explore the MCP Catalog: Discover containerized, security-hardened MCP servers Explore the DHI Catalog: Discover secure, minimal, production-ready container images Docker Partner Programs: Discover trusted partners, tools, and integrations New to Docker? Create an account Have questions? The Docker community is here to help View the full article
- 0 comments
- 51 views
-
CVE-2025-58181 affects SSH servers parsing GSSAPI authentication requests. The vulnerability allows attackers to trigger unbounded memory consumption by exploiting the server’s failure to validate the number of mechanisms specified in authentication requests. CVE-2025-47914 impacts SSH Agent servers that fail to validate message sizes when processing identity requests, potentially causing system panics when malformed messages arrive. (These two vulnerabilities came just days after CVE-2025-47913, a high-severity vulnerability affecting the same Golang component that Docker also quickly patched)
For teams running Go applications with SSH functionality in their containers, leaving these vulnerabilities unpatched creates exposure to denial-of-service attacks and potential system instability.
How Docker achieves lightning fast vulnerability response
When these CVEs hit the Golang project’s security feed, Docker Hardened Images customers had patched versions available in less than 24 hours. This rapid response stems from Docker Scout’s continuous monitoring architecture and DHI’s automated remediation pipeline.
Here’s how it works:
Continuous CVE ingestion: Unlike vulnerability scanning that runs on batch schedules, Docker Scout continuously ingests CVE information from upstream sources including GitHub security advisories, the National Vulnerability Database, and project-specific feeds. The moment CVE data becomes available, Scout begins analysis.
Instant impact assessment: Within seconds of CVE ingestion, Scout identifies which Docker Hardened Images are affected based in Scout’s comprehensive SBOM database. This immediate notification allows the remediation process to start without delay.
Automated patching workflow: Depending on the vulnerability and package, Docker either patches automatically or triggers a manual review process for complex changes. For these Golang SSH vulnerabilities, the team initiated builds immediately after upstream patches became available.
Cascading builds: Once the patched Golang package builds successfully, the system automatically triggers rebuilds of all dependent packages and images. Every Docker Hardened Image containing the affected golang.org/x/crypto/ssh package gets rebuilt with the security fix.
The entire process, from CVE disclosure to patched images available to customers, was completed in under 24 hours. Customers using Docker Scout received immediate notifications about the vulnerabilities and the availability of patched versions.
Why Docker’s Security Response Is Different
One of Docker’s key differentiators is its continuous, real-time monitoring, rather than periodic batch scanning. Traditional vulnerability management relies on daily or weekly scans, leaving containers exposed to known vulnerabilities for hours or even days.
With Docker Scout’s real-time CVE ingestion, detection starts the moment a vulnerability is published, enabling remediation within seconds and minimizing exposure.
This foundation powers Docker Hardened Images (DHI), where packages and dependencies are continuously tracked and automatically updated when issues arise. For example, when vulnerabilities were found in the golang.org/x/crypto library, all affected images were rebuilt and released within a day. Customers simply pull the latest tags to stay secure, no manual patching, emergency maintenance, or impact triage required.
But continuous monitoring is just the foundation. What truly sets Docker apart is how that real-time intelligence flows into an automated, transparent, and trusted remediation pipeline, built on over a decade of experience securing and maintaining the Docker Official Images program.These are the same images trusted and used by millions of developers and organizations worldwide, forming the foundation of countless production environments. That long-standing operational experience in continuously maintaining, rebuilding, and distributing secure images at global scale gives Docker a proven track record in delivering reliability, consistency, and trust few others can match.
Beyond automation, Docker’s AI guardrails add yet another layer of protection. Purpose-built for the Hardened Images pipeline, these AI systems continuously analyze upstream code changes, flag risky patterns, and prevent flawed dependencies from entering the supply chain. Unlike standard coding assistants, Docker’s AI guardrails are informed by manual, project-specific reviews, blending human expertise with adaptive intelligence. When the system detects a high-confidence issue such as an inverted error check, ignored failure, or resource mismanagement, it halts the release until a Docker engineer verifies and applies the fix. This human-in-the-loop model ensures vulnerabilities are caught long before they can reach customers, turning AI into a force multiplier for safety, not a replacement for human judgment.
Another critical differentiator is complete transparency. Consider what happens when a security scanner still flags a vulnerability even after you’ve pulled a patched image. With DHI, every image includes a comprehensive and accurate Software Bill of Materials (SBOM) that provides definitive visibility into what’s actually inside your container. When a scanner reports a supposedly remediated image as vulnerable, teams can verify the exact package versions and patch status directly from the SBOM instead of relying on scanner heuristics.
This transparency also extends to how Docker Scout handles CVE data. Docker relies entirely on independent, third-party sources for vulnerability decisions and prioritization, including the National Vulnerability Database (NVD), GitHub Security Advisories, and upstream project maintainers. This approach is essential because traditional scanners often depend on pattern matching and heuristics that can produce false positives. They may miss vendor-specific patches, overlook backported fixes, or flag vulnerabilities that have already been remediated due to database lag. In some cases, even vendor-recommended scanners fail to detect unpatched vulnerabilities, creating a false sense of security.
Without an accurate SBOM and objective CVE data, teams waste valuable time chasing phantom vulnerabilities or debating false positives with compliance auditors. Docker’s approach eliminates that uncertainty. Because the SBOM is generated directly from the build process, not inferred after the fact, it provides definitive evidence of what’s inside each image and why certain CVEs do or don’t apply. This transforms vulnerability management from guesswork and debate into objective, verifiable security assurance, backed by transparent, third-party data.
CVEs don’t have to disrupt your week
Managing vulnerabilities consumes significant engineering time. When critical CVEs drop, teams rush to assess impact, test patches, and coordinate deployments. Docker Hardened Images eliminate this overhead by continuously updating base images with complete transparency into their contents with rapid turnarounds to reduce your exposure window.
If you’re tired of vulnerability whack-a-mole disrupting your team’s roadmap, Docker Hardened Images offers a better path forward. Learn more about how Docker Scout and Hardened Images can reduce your vulnerability management burden, or contact our team to discuss your specific security requirements.
View the full article
- 0 comments
- 49 views
-
As AI and automation reshape modern cyber defense, SOC maturity assessments have become the critical lens through which organizations evaluate their operational effectiveness.
Understanding where your SOC stands on the AI maturity model isn’t about passing a test. It’s about knowing whether your technology, processes, and people are capable of supporting and scaling AI-driven operations.
View the full article
- 0 comments
- 47 views
-
Mozilla Monitor. Image Mozilla Monitor Plus video on Youtube.
In a statement published Tuesday, Mozilla said it will soon discontinue Monitor Plus, which offered data broker site scans and automated personal data removal from Onerep.
“We will continue to offer our free Monitor data breach service, which is integrated into Firefox’s credential manager, and we are focused on integrating more of our privacy and security experiences in Firefox, including our VPN, for free,” the advisory reads.
Mozilla said current Monitor Plus subscribers will retain full access through the wind-down period, which ends on Dec. 17, 2025. After that, those subscribers will automatically receive a prorated refund for the unused portion of their subscription.
“We explored several options to keep Monitor Plus going, but our high standards for vendors, and the realities of the data broker ecosystem made it challenging to consistently deliver the level of value and reliability we expect for our users,” Mozilla statement reads.
On March 14, 2024, KrebsOnSecurity published an investigation showing that Onerep’s Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search services since 2010, including a still-active data broker called Nuwber that sells background reports on people. Shelest released a lengthy statement wherein he acknowledged maintaining an ownership stake in Nuwber, a data broker he founded in 2015 — around the same time he launched Onerep.
View the full article
- 0 comments
- 75 views
-
At around 6:30 EST/11:30 UTC on Nov. 18, Cloudflare’s status page acknowledged the company was experiencing “an internal service degradation.” After several hours of Cloudflare services coming back up and failing again, many websites behind Cloudflare found they could not migrate away from using the company’s services because the Cloudflare portal was unreachable and/or because they also were getting their domain name system (DNS) services from Cloudflare.
However, some customers did manage to pivot their domains away from Cloudflare during the outage. And many of those organizations probably need to take a closer look at their web application firewall (WAF) logs during that time, said Aaron Turner, a faculty member at IANS Research.
Turner said Cloudflare’s WAF does a good job filtering out malicious traffic that matches any one of the top ten types of application-layer attacks, including credential stuffing, cross-site scripting, SQL injection, bot attacks and API abuse. But he said this outage might be a good opportunity for Cloudflare customers to better understand how their own app and website defenses may be failing without Cloudflare’s help.
“Your developers could have been lazy in the past for SQL injection because Cloudflare stopped that stuff at the edge,” Turner said. “Maybe you didn’t have the best security QA [quality assurance] for certain things because Cloudflare was the control layer to compensate for that.”
Turner said one company he’s working with saw a huge increase in log volume and they are still trying to figure out what was “legit malicious” versus just noise.
“It looks like there was about an eight hour window when several high-profile sites decided to bypass Cloudflare for the sake of availability,” Turner said. “Many companies have essentially relied on Cloudflare for the OWASP Top Ten [web application vulnerabilities] and a whole range of bot blocking. How much badness could have happened in that window? Any organization that made that decision needs to look closely at any exposed infrastructure to see if they have someone persisting after they’ve switched back to Cloudflare protections.”
Turner said some cybercrime groups likely noticed when an online merchant they normally stalk stopped using Cloudflare’s services during the outage.
“Let’s say you were an attacker, trying to grind your way into a target, but you felt that Cloudflare was in the way in the past,” he said. “Then you see through DNS changes that the target has eliminated Cloudflare from their web stack due to the outage. You’re now going to launch a whole bunch of new attacks because the protective layer is no longer in place.”
Nicole Scott, senior product marketing manager at the McLean, Va. based Replica Cyber, called yesterday’s outage “a free tabletop exercise, whether you meant to run one or not.”
“That few-hour window was a live stress test of how your organization routes around its own control plane and shadow IT blossoms under the sunlamp of time pressure,” Scott said in a post on LinkedIn. “Yes, look at the traffic that hit you while protections were weakened. But also look hard at the behavior inside your org.”
Scott said organizations seeking security insights from the Cloudflare outage should ask themselves:
1. What was turned off or bypassed (WAF, bot protections, geo blocks), and for how long?
2. What emergency DNS or routing changes were made, and who approved them?
3. Did people shift work to personal devices, home Wi-Fi, or unsanctioned Software-as-a-Service providers to get around the outage?
4. Did anyone stand up new services, tunnels, or vendor accounts “just for now”?
5. Is there a plan to unwind those changes, or are they now permanent workarounds?
6. For the next incident, what’s the intentional fallback plan, instead of decentralized improvisation?
In a postmortem published Tuesday evening, Cloudflare said the disruption was not caused, directly or indirectly, by a cyberattack or malicious activity of any kind.
“Instead, it was triggered by a change to one of our database systems’ permissions which caused the database to output multiple entries into a ‘feature file’ used by our Bot Management system,” Cloudflare CEO Matthew Prince wrote. “That feature file, in turn, doubled in size. The larger-than-expected feature file was then propagated to all the machines that make up our network.”
Cloudflare estimates that roughly 20 percent of websites use its services, and with much of the modern web relying heavily on a handful of other cloud providers including AWS and Azure, even a brief outage at one of these platforms can create a single point of failure for many organizations.
Martin Greenfield, CEO at the IT consultancy Quod Orbis, said Tuesday’s outage was another reminder that many organizations may be putting too many of their eggs in one basket.
“There are several practical and overdue fixes,” Greenfield advised. “Split your estate. Spread WAF and DDoS protection across multiple zones. Use multi-vendor DNS. Segment applications so a single provider outage doesn’t cascade. And continuously monitor controls to detect single-vendor dependency.”
View the full article
- 0 comments
- 56 views
-
View the full article
- 0 comments
- 41 views
-
View the full article
- 0 comments
- 96 views
-
Affected products this month include the Windows OS, Office, SharePoint, SQL Server, Visual Studio, GitHub Copilot, and Azure Monitor Agent. The zero-day threat concerns a memory corruption bug deep in the Windows innards called CVE-2025-62215. Despite the flaw’s zero-day status, Microsoft has assigned it an “important” rating rather than critical, because exploiting it requires an attacker to already have access to the target’s device.
“These types of vulnerabilities are often exploited as part of a more complex attack chain,” said Johannes Ullrich, dean of research for the SANS Technology Institute. “However, exploiting this specific vulnerability is likely to be relatively straightforward, given the existence of prior similar vulnerabilities.”
Ben McCarthy, lead cybersecurity engineer at Immersive, called attention to CVE-2025-60274, a critical weakness in a core Windows graphic component (GDI+) that is used by a massive number of applications, including Microsoft Office, web servers processing images, and countless third-party applications.
“The patch for this should be an organization’s highest priority,” McCarthy said. “While Microsoft assesses this as ‘Exploitation Less Likely,’ a 9.8-rated flaw in a ubiquitous library like GDI+ is a critical risk.”
Microsoft patched a critical bug in Office — CVE-2025-62199 — that can lead to remote code execution on a Windows system. Alex Vovk, CEO and co-founder of Action1, said this Office flaw is a high priority because it is low complexity, needs no privileges, and can be exploited just by viewing a booby-trapped message in the Preview Pane.
Many of the more concerning bugs addressed by Microsoft this month affect Windows 10, an operating system that Microsoft officially ceased supporting with patches last month. As that deadline rolled around, however, Microsoft began offering Windows 10 users an extra year of free updates, so long as they register their PC to an active Microsoft account.
Judging from the comments on last month’s Patch Tuesday post, that registration worked for a lot of Windows 10 users, but some readers reported the option for an extra year of updates was never offered. Nick Carroll, cyber incident response manager at Nightwing, notes that Microsoft has recently released an out-of-band update to address issues when trying to enroll in the Windows 10 Consumer Extended Security Update program.
“If you plan to participate in the program, make sure you update and install KB5071959 to address the enrollment issues,” Carroll said. “After that is installed, users should be able to install other updates such as today’s KB5068781 which is the latest update to Windows 10.”
Chris Goettl at Ivanti notes that in addition to Microsoft updates today, third-party updates from Adobe and Mozilla have already been released. Also, an update for Google Chrome is expected soon, which means Edge will also be in need of its own update.
The SANS Internet Storm Center has a clickable breakdown of each individual fix from Microsoft, indexed by severity and CVSS score. Enterprise Windows admins involved in testing patches before rolling them out should keep an eye on askwoody.com, which often has the skinny on any updates gone awry.
As always, please don’t neglect to back up your data (if not your entire system) at regular intervals, and feel free to sound off in the comments if you experience problems installing any of these fixes.
[Author’s note: This post was intended to appear on the homepage on Tuesday, Nov. 11. I’m still not sure how it happened, but somehow this story failed to publish that day. My apologies for the oversight.]
View the full article
- 0 comments
- 57 views
-
Data Residency and Processing Reference
Updated "Data Residency and Processing Reference" document to add Ireland to TAM Locations, removed observe from processing and storage heading, and removed timescale from sub-processors section due to Calypso AI acquisition. View the full article
- 0 comments
- 49 views
-
Changelogs
Added SaaS release changelogs for November 16, 2025 release.
WAAP Updates
Added new Enable API Discovery on BIG-IP Virtual Server guide.
Customer Edge Updates
Added new Deploy Secure Mesh Site v2 on Baremetal (ClickOps) guide to explain how to create a CE Site on a baremetal server.
Added new Events Reference guide, which lists new event notifications for CE deployments.
Updated the following guides for the launch instance options:
Deploy Secure Mesh Site v2 in AWS (ClickOps) Deploy Secure Mesh Site v2 in Azure (ClickOps) Deploy Secure Mesh Site v2 in GCP (ClickOps) Load Balancer Updates
Added new Create UDP Load Balancer guide to explain how to create a UDP load balancer.
Bot Defense Updates
Added new Configure the Bot Defense Infrastructure guide to explain how to add and configure the infrastructure that hosts your Bot Defense system.
Added new Configure Bot Defense on an HTTP Load Balancer guide.
Added new Bot Detection Rules Overview page to explain how to deploy and manage bot detection rules.
Updated the View Bot Defense Dashboards and Reports guide with information about the new Forensics Panel in the Traffic Analyzer, new filtering capabilities in all Bot Defense reports, and minor updates to the information displayed in each report.
CDN Updates
Updated the Observe and Optimize a CDN Distribution guide with information about monitoring cacheable content for a content delivery network (CDN). Miscellaneous Updates
Updated the Alerts Reference guide.
View the full article
- 0 comments
- 41 views
-
In a lawsuit filed in the Southern District of New York on November 12, Google sued to unmask and disrupt 25 “John Doe” defendants allegedly linked to the sale of Lighthouse, a sophisticated phishing kit that makes it simple for even novices to steal payment card data from mobile users. Google said Lighthouse has harmed more than a million victims across 120 countries.
A component of the Chinese phishing kit Lighthouse made to target customers of The Toll Roads, which refers to several state routes through Orange County, Calif.
Lighthouse is one of several prolific phishing-as-a-service operations known as the “Smishing Triad,” and collectively they are responsible for sending millions of text messages that spoof the U.S. Postal Service to supposedly collect some outstanding delivery fee, or that pretend to be a local toll road operator warning of a delinquent toll fee. More recently, Lighthouse has been used to spoof e-commerce websites, financial institutions and brokerage firms.
Regardless of the text message lure used or brand used, the basic scam remains the same: After the visitor enters their payment information, the phishing site will automatically attempt to enroll the card as a mobile wallet from Apple or Google. The phishing site then tells the visitor that their bank is going to verify the transaction by sending a one-time code that needs to be entered into the payment page before the transaction can be completed.
If the recipient provides that one-time code, the scammers can link the victim’s card data to a mobile wallet on a device that they control. Researchers say the fraudsters usually load several stolen wallets onto each mobile device, and wait 7-10 days after that enrollment before selling the phones or using them for fraud.
Google called the scale of the Lighthouse phishing attacks “staggering.” A May 2025 report from Silent Push found the domains used by the Smishing Triad are rotated frequently, with approximately 25,000 phishing domains active during any 8-day period.
Google’s lawsuit alleges the purveyors of Lighthouse violated the company’s trademarks by including Google’s logos on countless phishing websites. The complaint says Lighthouse offers over 600 templates for phishing websites of more than 400 entities, and that Google’s logos were featured on at least a quarter of those templates.
Google is also pursuing Lighthouse under the Racketeer Influenced and Corrupt Organizations (RICO) Act, saying the Lighthouse phishing enterprise encompasses several connected threat actor groups that work together to design and implement complex criminal schemes targeting the general public.
According to Google, those threat actor teams include a “developer group” that supplies the phishing software and templates; a “data broker group” that provides a list of targets; a “spammer group” that provides the tools to send fraudulent text messages in volume; a “theft group,” in charge of monetizing the phished information; and an “administrative group,” which runs their Telegram support channels and discussion groups designed to facilitate collaboration and recruit new members.
“While different members of the Enterprise may play different roles in the Schemes, they all collaborate to execute phishing attacks that rely on the Lighthouse software,” Google’s complaint alleges. “None of the Enterprise’s Schemes can generate revenue without collaboration and cooperation among the members of the Enterprise. All of the threat actor groups are connected to one another through historical and current business ties, including through their use of Lighthouse and the online community supporting its use, which exists on both YouTube and Telegram channels.”
Silent Push’s May report observed that the Smishing Triad boasts it has “300+ front desk staff worldwide” involved in Lighthouse, staff that is mainly used to support various aspects of the group’s fraud and cash-out schemes.
An image shared by an SMS phishing group shows a panel of mobile phones responsible for mass-sending phishing messages. These panels require a live operator because the one-time codes being shared by phishing victims must be used quickly as they generally expire within a few minutes.
Google alleges that in addition to blasting out text messages spoofing known brands, Lighthouse makes it easy for customers to mass-create fake e-commerce websites that are advertised using Google Ads accounts (and paid for with stolen credit cards). These phony merchants collect payment card information at checkout, and then prompt the customer to expect and share a one-time code sent from their financial institution.
Once again, that one-time code is being sent by the bank because the fake e-commerce site has just attempted to enroll the victim’s payment card data in a mobile wallet. By the time a victim understands they will likely never receive the item they just purchased from the fake e-commerce shop, the scammers have already run through hundreds of dollars in fraudulent charges, often at high-end electronics stores or jewelers.
Ford Merrill works in security research at SecAlliance, a CSIS Security Group company, and he’s been tracking Chinese SMS phishing groups for several years. Merrill said many Lighthouse customers are now using the phishing kit to erect fake e-commerce websites that are advertised on Google and Meta platforms.
“You find this shop by searching for a particular product online or whatever, and you think you’re getting a good deal,” Merrill said. “But of course you never receive the product, and they will phish that one-time code at checkout.”
Merrill said some of the phishing templates include payment buttons for services like PayPal, and that victims who choose to pay through PayPal can also see their PayPal accounts hijacked.
A fake e-commerce site from the Smishing Triad spoofing PayPal on a mobile device.
“The main advantage of the fake e-commerce site is that it doesn’t require them to send out message lures,” Merrill said, noting that the fake vendor sites have more staying power than traditional phishing sites because it takes far longer for them to be flagged for fraud.
Merrill said Google’s legal action may temporarily disrupt the Lighthouse operators, and could make it easier for U.S. federal authorities to bring criminal charges against the group. But he said the Chinese mobile phishing market is so lucrative right now that it’s difficult to imagine a popular phishing service voluntarily turning out the lights.
Merrill said Google’s lawsuit also can help lay the groundwork for future disruptive actions against Lighthouse and other phishing-as-a-service entities that are operating almost entirely on Chinese networks. According to Silent Push, a majority of the phishing sites created with these kits are sitting at two Chinese hosting companies: Tencent (AS132203) and Alibaba (AS45102).
“Once Google has a default judgment against the Lighthouse guys in court, theoretically they could use that to go to Alibaba and Tencent and say, ‘These guys have been found guilty, here are their domains and IP addresses, we want you to shut these down or we’ll include you in the case.'”
If Google can bring that kind of legal pressure consistently over time, Merrill said, they might succeed in increasing costs for the phishers and more frequently disrupting their operations.
“If you take all of these Chinese phishing kit developers, I have to believe it’s tens of thousands of Chinese-speaking people involved,” he said. “The Lighthouse guys will probably burn down their Telegram channels and disappear for a while. They might call it something else or redevelop their service entirely. But I don’t believe for a minute they’re going to close up shop and leave forever.”
View the full article
- 0 comments
- 86 views
-
AI readiness goes beyond adopting automation or integrating machine learning; it’s about creating the technical and organizational foundation that allows AI to perform safely, reliably, and at scale.
Many teams say they’re “AI-ready” when they deploy a new SOAR playbook or connect a threat intel API.
In reality, AI readiness means your entire security operation - from log ingestion to human workflows is truly designed to support, trust, and learn from AI decisions.
View the full article
- 0 comments
- 44 views
-
Network Firewall Updates
Updated the F5 Distributed Cloud Services IP Address and Domain Reference for Firewall or Proxy Settings reference guide to include new IP addresses for Regional Edge (RE) allowlisting. View the full article
- 0 comments
- 54 views
-
A TP-Link WiFi 6 AX1800 Smart WiFi Router (Archer AX20).
The Washington Post recently reported that more than a half-dozen federal departments and agencies were backing a proposed ban on future sales of TP-Link devices in the United States. The story said U.S. Department of Commerce officials concluded TP-Link Systems products pose a risk because the U.S.-based company’s products handle sensitive American data and because the officials believe it remains subject to jurisdiction or influence by the Chinese government.
TP-Link Systems denies that, saying that it fully split from the Chinese TP-Link Technologies over the past three years, and that its critics have vastly overstated the company’s market share (TP-Link puts it at around 30 percent). TP-Link says it has headquarters in California, with a branch in Singapore, and that it manufactures in Vietnam. The company says it researches, designs, develops and manufactures everything except its chipsets in-house.
TP-Link Systems told The Post it has sole ownership of some engineering, design and manufacturing capabilities in China that were once part of China-based TP-Link Technologies, and that it operates them without Chinese government supervision.
“TP-Link vigorously disputes any allegation that its products present national security risks to the United States,” Ricca Silverio, a spokeswoman for TP-Link Systems, said in a statement. “TP-Link is a U.S. company committed to supplying high-quality and secure products to the U.S. market and beyond.”
Cost is a big reason TP-Link devices are so prevalent in the consumer and small business market: As this February 2025 story from Wired observed regarding the proposed ban, TP-Link has long had a reputation for flooding the market with devices that are considerably cheaper than comparable models from other vendors. That price point (and consistently excellent performance ratings) has made TP-Link a favorite among Internet service providers (ISPs) that provide routers to their customers.
In August 2024, the chairman and the ranking member of the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party called for an investigation into TP-Link devices, which they said were found on U.S. military bases and for sale at exchanges that sell them to members of the military and their families.
“TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting,” the House lawmakers warned in a letter (PDF) to the director of the Commerce Department. “When combined with the PRC government’s common use of SOHO [small office/home office] routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming.”
The letter cited a May 2023 blog post by Check Point Research about a Chinese state-sponsored hacking group dubbed “Camaro Dragon” that used a malicious firmware implant for some TP-Link routers to carry out a sequence of targeted cyberattacks against European foreign affairs entities. Check Point said while it only found the malicious firmware on TP-Link devices, “the firmware-agnostic nature of the implanted components indicates that a wide range of devices and vendors may be at risk.”
In a report published in October 2024, Microsoft said it was tracking a network of compromised TP-Link small office and home office routers that has been abused by multiple distinct Chinese state-sponsored hacking groups since 2021. Microsoft found the hacker groups were leveraging the compromised TP-Link systems to conduct “password spraying” attacks against Microsoft accounts. Password spraying involves rapidly attempting to access a large number of accounts (usernames/email addresses) with a relatively small number of commonly used passwords.
TP-Link rightly points out that most of its competitors likewise source components from China. The company also correctly notes that advanced persistent threat (APT) groups from China and other nations have leveraged vulnerabilities in products from their competitors, such as Cisco and Netgear.
But that may be cold comfort for TP-Link customers who are now wondering if it’s smart to continue using these products, or whether it makes sense to buy more costly networking gear that might only be marginally less vulnerable to compromise.
Almost without exception, the hardware and software that ships with most consumer-grade routers includes a number of default settings that need to be changed before the devices can be safely connected to the Internet. For example, bring a new router online without changing the default username and password and chances are it will only take a few minutes before it is probed and possibly compromised by some type of Internet-of-Things botnet. Also, it is incredibly common for the firmware in a brand new router to be dangerously out of date by the time it is purchased and unboxed.
Until quite recently, the idea that router manufacturers should make it easier for their customers to use these products safely was something of an anathema to this industry. Consumers were largely left to figure that out on their own, with predictably disastrous results.
But over the past few years, many manufacturers of popular consumer routers have begun forcing users to perform basic hygiene — such as changing the default password and updating the internal firmware — before the devices can be used as a router. For example, most brands of “mesh” wireless routers — like Amazon’s Eero, Netgear’s Orbi series, or Asus’s ZenWifi — require online registration that automates these critical steps going forward (or at least through their stated support lifecycle).
For better or worse, less expensive, traditional consumer routers like those from Belkin and Linksys also now automate this setup by heavily steering customers toward installing a mobile app to complete the installation (this often comes as a shock to people more accustomed to manually configuring a router). Still, these products tend to put the onus on users to check for and install available updates periodically. Also, they’re often powered by underwhelming or else bloated firmware, and a dearth of configurable options.
Of course, not everyone wants to fiddle with mobile apps or is comfortable with registering their router so that it can be managed or monitored remotely in the cloud. For those hands-on folks — and for power users seeking more advanced router features like VPNs, ad blockers and network monitoring — the best advice is to check if your router’s stock firmware can be replaced with open-source alternatives, such as OpenWrt or DD-WRT.
These open-source firmware options are compatible with a wide range of devices, and they generally offer more features and configurability. Open-source firmware can even help extend the life of routers years after the vendor stops supporting the underlying hardware, but it still requires users to manually check for and install any available updates.
Happily, TP-Link users spooked by the proposed ban may have an alternative to outright junking these devices, as many TP-Link routers also support open-source firmware options like OpenWRT. While this approach may not eliminate any potential hardware-specific security flaws, it could serve as an effective hedge against more common vendor-specific vulnerabilities, such as undocumented user accounts, hard-coded credentials, and weaknesses that allow attackers to bypass authentication.
Regardless of the brand, if your router is more than four or five years old it may be worth upgrading for performance reasons alone — particularly if your home or office is primarily accessing the Internet through WiFi.
NB: The Post’s story notes that a substantial portion of TP-Link routers and those of its competitors are purchased or leased through ISPs. In these cases, the devices are typically managed and updated remotely by your ISP, and equipped with custom profiles responsible for authenticating your device to the ISP’s network. If this describes your setup, please do not attempt to modify or replace these devices without first consulting with your Internet provider.
View the full article
- 0 comments
- 60 views
-
Website: https://www.bharattechawards.com/
Bharat Tech Summit Awards 2025
8 November 2025 | Venue: Hotel Taj Ambassador, New Delhi
Organized by: Global Tech Policy Confederation (GTPC)
In collaboration with: Confederation of All India Traders (CAIT)
The Bharat Tech Summit & Awards 2025 stands as India’s most influential convergence of technology, policy, and leadership — an annual celebration that unites innovators, visionaries, and policymakers to shape Bharat’s $20-Trillion Digital Vision 2045.
Under the theme “Celebrating Visionaries • Igniting Innovation • Empowering Transformation,” this landmark event amplifies Bharat’s technological sovereignty, highlighting advances across Cybersecurity, AI, Cloud, IoT, Semiconductors, and Digital Infrastructure.
As Bharat accelerates its digital transformation, cyber resilience emerges as the backbone of national progress.
Sessions led by cybersecurity leaders from Tata Communications, Honda, Palo Alto Networks, PwC, and EY explore:
• Building Zero-Trust and resilient digital frameworks
• AI-driven cyber defense and intelligence
• Securing digital infrastructure for a $20-trillion economy
• Cyber education and upskilling for national readiness
The Bharat Tech Summit & Awards 2025 is not merely an event — it’s a movement towards a secure, scalable, and sustainable digital Bharat.
By fostering collaboration between government, industry, startups, and academia, the summit redefines India’s role in the global technology landscape.
Join us to celebrate Bharat’s technological evolution — where innovation meets integrity, and leadership inspires transformation.
Learn more at: https://www.bharattechawards.com/
The post Bharat Tech Summit Awards 2025 appeared first on CISO MAG | Cyber Security Magazine.
View the full article
- 0 comments
- 56 views
-
True AI maturity isn’t about the number of machine learning models you’ve deployed or how many alerts your SOAR can auto-close. It’s about how deeply AI is embedded into the SOC workflow, from data ingestion and enrichment to automated response and analyst decision support.
In other words, it’s not “Do you have AI?” — it’s “How well does your AI operate within your SOC?”
View the full article
- 0 comments
- 51 views
-
Accelerate time to value: Launch apps in weeks not months with Forge, and build powerful AI-powered agents and automations in Studio for any team, industry or workflow. Monetize faster: Reach 300,000+ customers—including 80% of the Fortune 500—and tap into $6B+ in Marketplace lifetime sales with built-in billing, analytics, and go-to-market support. Grow recurring revenue: Flexible pricing and ongoing service models help you scale your business. Build with trust: Rely on Atlassian’s enterprise-grade security, compliance, and governance—trusted by the world’s leading enterprises. Join the Atlassian Ecosystem, your launchpad for innovation, growth, and lasting impact.
The world of software is moving fast and AI is redefining what’s possible for teams everywhere. For Atlassian partners, this moment presents a once-in-a-generation opportunity to build smarter, more connected, and more valuable solutions for customers.
The Atlassian platform empowers partners to accelerate time to value, unlock new recurring revenue streams, and scale confidently, all on a foundation of enterprise-grade trust and governance. With Atlassian developer platform, you can go from idea to monetized solution in weeks, not months, and reach 300,000+ global customers through the Atlassian Marketplace.
Here’s how you can seize this next wave of opportunity:
Build and launch powerful products faster
Build faster on Atlassian’s platform—focus on your IP, not plumbing.
Forge gives you developer-grade infrastructure to rapidly build, launch and scale enterprise-ready apps—faster than ever before. With pre-built frameworks, APIs, and enterprise-ready tools, Forge accelerates your path from idea to production, embedding intelligence and automation directly into Jira, Confluence, and more.
Once your foundation is set, Rovo Studio empowers anyone to quickly build, customize, and deploy intelligent solutions across the Atlassian Ecosystem. Describe your solution in natural language, and Rovo Studio turns it into powerful agents and automations in minutes—moving you from idea to impact at unprecedented speed.
Result: ship innovative, AI-powered solutions faster and with less risk.
As partner and part of the Atlassian Ecosystem, we empower you to deliver solutions that meet the rigorous demands of global enterprises. By building on Atlassian’s secure, transparent, and compliant platform—the same trusted infrastructure that powers Jira, Confluence, and Bitbucket—you inherit enterprise-grade reliability, transparency & trust by default.
Enterprise-grade trust: Leverage Atlassian’s permission-aware platform, data residency compliant storage, and strict egress controls to raise the bar for customer trust. Performance and scalability: Deliver apps and solutions on infrastructure designed for millions of daily users, ensuring consistent reliability as you grow. Security by default: Rely on the same robust controls that safeguard Atlassian Cloud customers, giving enterprise clients peace of mind. Atlassian’s robust infrastructure and commitment to compliance enable you to unlock new opportunities, drive innovation, and deliver exceptional value to some of the world’s most trusted organizations.
By building on Atlassian and monetizing your solution through the Atlassian Marketplace, you can confidently assure enterprise customers that what you offer is built on a foundation they can depend on—enabling productivity, growth, and peace of mind.
Monetize through the Atlassian Marketplace
With a thriving ecosystem of millions of monthly active users and 6,000+ apps, the Atlassian Marketplace is a proven engine for partner growth, driving over $6B in lifetime sales and giving you access to 300,000+ customers worldwide.
Now, you can go beyond app listings to deliver ongoing, intelligent services that create recurring value and recurring revenue.
Flexible monetization: Reach a broader audience by offering both standard and advanced editions, empowering you to customize pricing and packaging for every customer segment. Simplified go-to-market: Access co-marketing opportunities, enablement programs, and Marketplace promotions to help scale your reach. Shared growth: Tap into Atlassian’s sales and partner success motions to bring your solution to joint customers. With flexible pricing options and building for new, advanced solutions that keep you at the forefront of innovation, your app becomes more than an add-on. It becomes a core part of how customers get work done across Atlassian products, accelerating teams into the future.
How to get started
Ready to build the next generation of intelligent solutions on Atlassian’s platform? Here’s how to start:
Define your value. Identify the problem you solve for Atlassian customers and how it fits within the ecosystem. Leverage the platform foundation. Use Atlassian’s APIs, app frameworks, and AI capabilities to build quickly and securely. Launch and monetize. Publish your app on the Atlassian Marketplace, tap into our partner programs, and scale through joint go-to-market opportunities. But don’t just take it from us.
Opus Guard, an Atlassian Marketplace Partner, leveraged Atlassian’s Forge platform and Rovo to build an AI-assisted Content Retention Manager for Confluence, enabling automated, secure, and scalable content classification and data governance. Using Forge, they developed a Rovo Agent module that integrates with Rovo Chat, allowing users to analyze, classify, and manage Confluence content directly within Atlassian Cloud, while ensuring data never leaves the secure environment. Rovo’s LLM-powered agents and actions, implemented as Forge functions, provide expert-level content analysis and recommendations, streamlining compliance and retention workflows for users.
This case demonstrates how partnering with and building on Atlassian empowers developers to rapidly deliver innovative, enterprise-grade solutions that seamlessly integrate with Atlassian’s trusted cloud ecosystem, unlocking new value for customers and partners alike.
The moment is now
The convergence of AI, automation, and collaboration is transforming how teams work, and as an Atlassian partner, you’ll be at the center of it all.
By building on the Atlassian platform, you gain the power to innovate faster, build with confidence, and grow your business alongside us. Whether you’re an established Marketplace leader or just starting your journey, this is your moment to shape the future of teamwork.
Build with speed. Build with trust. Build with Atlassian.
To get started, create your partner profile today.
The post Partner with Atlassian and unlock your next wave of growth appeared first on Work Life by Atlassian.
View the full article
- 0 comments
- 62 views
-
The #1 and #3 positions in this chart are Aisuru botnet controllers with their full domain names redacted. Source: radar.cloudflare.com.
Aisuru is a rapidly growing botnet comprising hundreds of thousands of hacked Internet of Things (IoT) devices, such as poorly secured Internet routers and security cameras. The botnet has increased in size and firepower significantly since its debut in 2024, demonstrating the ability to launch record distributed denial-of-service (DDoS) attacks nearing 30 terabits of data per second.
Until recently, Aisuru’s malicious code instructed all infected systems to use DNS servers from Google — specifically, the servers at 8.8.8.8. But in early October, Aisuru switched to invoking Cloudflare’s main DNS server — 1.1.1.1 — and over the past week domains used by Aisuru to control infected systems started populating Cloudflare’s top domain rankings.
As screenshots of Aisuru domains claiming two of the Top 10 positions ping-ponged across social media, many feared this was yet another sign that an already untamable botnet was running completely amok. One Aisuru botnet domain that sat prominently for days at #1 on the list was someone’s street address in Massachusetts followed by “.com”. Other Aisuru domains mimicked those belonging to major cloud providers.
Cloudflare tried to address these security, brand confusion and privacy concerns by partially redacting the malicious domains, and adding a warning at the top of its rankings:
“Note that the top 100 domains and trending domains lists include domains with organic activity as well as domains with emerging malicious behavior.”
Cloudflare CEO Matthew Prince told KrebsOnSecurity the company’s domain ranking system is fairly simplistic, and that it merely measures the volume of DNS queries to 1.1.1.1.
“The attacker is just generating a ton of requests, maybe to influence the ranking but also to attack our DNS service,” Prince said, adding that Cloudflare has heard reports of other large public DNS services seeing similar uptick in attacks. “We’re fixing the ranking to make it smarter. And, in the meantime, redacting any sites we classify as malware.”
Renee Burton, vice president of threat intel at the DNS security firm Infoblox, said many people erroneously assumed that the skewed Cloudflare domain rankings meant there were more bot-infected devices than there were regular devices querying sites like Google and Apple and Microsoft.
“Cloudflare’s documentation is clear — they know that when it comes to ranking domains you have to make choices on how to normalize things,” Burton wrote on LinkedIn. “There are many aspects that are simply out of your control. Why is it hard? Because reasons. TTL values, caching, prefetching, architecture, load balancing. Things that have shared control between the domain owner and everything in between.”
Alex Greenland is CEO of the anti-phishing and security firm Epi. Greenland said he understands the technical reason why Aisuru botnet domains are showing up in Cloudflare’s rankings (those rankings are based on DNS query volume, not actual web visits). But he said they’re still not meant to be there.
“It’s a failure on Cloudflare’s part, and reveals a compromise of the trust and integrity of their rankings,” he said.
Greenland said Cloudflare planned for its Domain Rankings to list the most popular domains as used by human users, and it was never meant to be a raw calculation of query frequency or traffic volume going through their 1.1.1.1 DNS resolver.
“They spelled out how their popularity algorithm is designed to reflect real human use and exclude automated traffic (they said they’re good at this),” Greenland wrote on LinkedIn. “So something has evidently gone wrong internally. We should have two rankings: one representing trust and real human use, and another derived from raw DNS volume.”
Why might it be a good idea to wholly separate malicious domains from the list? Greenland notes that Cloudflare Domain Rankings see widespread use for trust and safety determination, by browsers, DNS resolvers, safe browsing APIs and things like TRANCO.
“TRANCO is a respected open source list of the top million domains, and Cloudflare Radar is one of their five data providers,” he continued. “So there can be serious knock-on effects when a malicious domain features in Cloudflare’s top 10/100/1000/million. To many people and systems, the top 10 and 100 are naively considered safe and trusted, even though algorithmically-defined top-N lists will always be somewhat crude.”
Over this past week, Cloudflare started redacting portions of the malicious Aisuru domains from its Top Domains list, leaving only their domain suffix visible. Sometime in the past 24 hours, Cloudflare appears to have begun hiding the malicious Aisuru domains entirely from the web version of that list. However, downloading a spreadsheet of the current Top 200 domains from Cloudflare Radar shows an Aisuru domain still at the very top.
According to Cloudflare’s website, the majority of DNS queries to the top Aisuru domains — nearly 52 percent — originated from the United States. This tracks with my reporting from early October, which found Aisuru was drawing most of its firepower from IoT devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon.
Experts tracking Aisuru say the botnet relies on well more than a hundred control servers, and that for the moment at least most of those domains are registered in the .su top-level domain (TLD). Dot-su is the TLD assigned to the former Soviet Union (.su’s Wikipedia page says the TLD was created just 15 months before the fall of the Berlin wall).
A Cloudflare blog post from October 27 found that .su had the highest “DNS magnitude” of any TLD, referring to a metric estimating the popularity of a TLD based on the number of unique networks querying Cloudflare’s 1.1.1.1 resolver. The report concluded that the top .su hostnames were associated with a popular online world-building game, and that more than half of the queries for that TLD came from the United States, Brazil and Germany [it’s worth noting that servers for the world-building game Minecraft were some of Aisuru’s most frequent targets].
A simple and crude way to detect Aisuru bot activity on a network may be to set an alert on any systems attempting to contact domains ending in .su. This TLD is frequently abused for cybercrime and by cybercrime forums and services, and blocking access to it entirely is unlikely to raise any legitimate complaints.
View the full article
- 0 comments
- 53 views
-
View the full article
- 0 comments
- 35 views
-
Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of Donetsk, Ukraine, was previously referenced in U.S. federal charging documents only by his online handle “MrICQ.” According to a 13-year-old indictment (PDF) filed by prosecutors in Nebraska, MrICQ was a developer for a cybercrime group known as “Jabber Zeus.”
Image: lockedup dot wtf.
The Jabber Zeus name is derived from the malware they used — a custom version of the ZeuS banking trojan — that stole banking login credentials and would send the group a Jabber instant message each time a new victim entered a one-time passcode at a financial institution website. The gang targeted mostly small to mid-sized businesses, and they were an early pioneer of so-called “man-in-the-browser” attacks, malware that can silently intercept any data that victims submit in a web-based form.
Once inside a victim company’s accounts, the Jabber Zeus crew would modify the firm’s payroll to add dozens of “money mules,” people recruited through elaborate work-at-home schemes to handle bank transfers. The mules in turn would forward any stolen payroll deposits — minus their commissions — via wire transfers to other mules in Ukraine and the United Kingdom.
The 2012 indictment targeting the Jabber Zeus crew named MrICQ as “John Doe #3,” and said this person handled incoming notifications of newly compromised victims. The Department of Justice (DOJ) said MrICQ also helped the group launder the proceeds of their heists through electronic currency exchange services.
Two sources familiar with the Jabber Zeus investigation said Rybtsov was arrested in Italy, although the exact date and circumstances of his arrest remain unclear. A summary of recent decisions (PDF) published by the Italian Supreme Court states that in April 2025, Rybtsov lost a final appeal to avoid extradition to the United States.
According to the mugshot website lockedup[.]wtf, Rybtsov arrived in Nebraska on October 9, and was being held under an arrest warrant from the U.S. Federal Bureau of Investigation (FBI).
The data breach tracking service Constella Intelligence found breached records from the business profiling site bvdinfo[.]com showing that a 41-year-old Yuriy Igorevich Rybtsov worked in a building at 59 Barnaulska St. in Donetsk. Further searching on this address in Constella finds the same apartment building was shared by a business registered to Vyacheslav “Tank” Penchukov, the leader of the Jabber Zeus crew in Ukraine.
Vyacheslav “Tank” Penchukov, seen here performing as “DJ Slava Rich” in Ukraine, in an undated photo from social media.
Penchukov was arrested in 2022 while traveling to meet his wife in Switzerland. Last year, a federal court in Nebraska sentenced Penchukov to 18 years in prison and ordered him to pay more than $73 million in restitution.
Lawrence Baldwin is founder of myNetWatchman, a threat intelligence company based in Georgia that began tracking and disrupting the Jabber Zeus gang in 2009. myNetWatchman had secretly gained access to the Jabber chat server used by the Ukrainian hackers, allowing Baldwin to eavesdrop on the daily conversations between MrICQ and other Jabber Zeus members.
Baldwin shared those real-time chat records with multiple state and federal law enforcement agencies, and with this reporter. Between 2010 and 2013, I spent several hours each day alerting small businesses across the country that their payroll accounts were about to be drained by these cybercriminals.
Those notifications, and Baldwin’s tireless efforts, saved countless would-be victims a great deal of money. In most cases, however, we were already too late. Nevertheless, the pilfered Jabber Zeus group chats provided the basis for dozens of stories published here about small businesses fighting their banks in court over six- and seven-figure financial losses.
Baldwin said the Jabber Zeus crew was far ahead of its peers in several respects. For starters, their intercepted chats showed they worked to create a highly customized botnet directly with the author of the original Zeus Trojan — Evgeniy Mikhailovich Bogachev, a Russian man who has long been on the FBI’s “Most Wanted” list. The feds have a standing $3 million reward for information leading to Bogachev’s arrest.
Evgeniy M. Bogachev, in undated photos.
The core innovation of Jabber Zeus was an alert that MrICQ would receive each time a new victim entered a one-time password code into a phishing page mimicking their financial institution. The gang’s internal name for this component was “Leprechaun,” (the video below from myNetWatchman shows it in action). Jabber Zeus would actually re-write the HTML code as displayed in the victim’s browser, allowing them to intercept any passcodes sent by the victim’s bank for multi-factor authentication.
“These guys had compromised such a large number of victims that they were getting buried in a tsunami of stolen banking credentials,” Baldwin told KrebsOnSecurity. “But the whole point of Leprechaun was to isolate the highest-value credentials — the commercial bank accounts with two-factor authentication turned on. They knew these were far juicier targets because they clearly had a lot more money to protect.”
Baldwin said the Jabber Zeus trojan also included a custom “backconnect” component that allowed the hackers to relay their bank account takeovers through the victim’s own infected PC.
“The Jabber Zeus crew were literally connecting to the victim’s bank account from the victim’s IP address, or from the remote control function and by fully emulating the device,” he said. “That trojan was like a hot knife through butter of what everyone thought was state-of-the-art secure online banking at the time.”
Although the Jabber Zeus crew was in direct contact with the Zeus author, the chats intercepted by myNetWatchman show Bogachev frequently ignored the group’s pleas for help. The government says the real leader of the Jabber Zeus crew was Maksim Yakubets, a 38-year Ukrainian man with Russian citizenship who went by the hacker handle “Aqua.”
Alleged Evil Corp leader Maksim “Aqua” Yakubets. Image: FBI
The Jabber chats intercepted by Baldwin show that Aqua interacted almost daily with MrICQ, Tank and other members of the hacking team, often facilitating the group’s money mule and cashout activities remotely from Russia.
The government says Yakubets/Aqua would later emerge as the leader of an elite cybercrime ring of at least 17 hackers that referred to themselves internally as “Evil Corp.” Members of Evil Corp developed and used the Dridex (a.k.a. Bugat) trojan, which helped them siphon more than $100 million from hundreds of victim companies in the United States and Europe.
This 2019 story about the government’s $5 million bounty for information leading to Yakubets’s arrest includes excerpts of conversations between Aqua, Tank, Bogachev and other Jabber Zeus crew members discussing stories I’d written about their victims. Both Baldwin and I were interviewed at length for a new weekly six-part podcast by the BBC that delves deep into the history of Evil Corp. Episode One focuses on the evolution of Zeus, while the second episode centers on an investigation into the group by former FBI agent Jim Craig.
Image: https://www.bbc.co.uk/programmes/w3ct89y8
View the full article
- 0 comments
- 81 views
-
CQ Blue was built to solve that. It’s our AI-driven strategy designed to make SOCs more efficient, accurate, and agile — without losing the human expertise that defines great security.
At the center of CQ Blue is the SOC Triage Agent, an intelligent layer of automation that works alongside analysts to triage alerts, reduce fatigue, and improve detection outcomes. Across its four pillars — Efficiency, Accuracy, Speed, and Empowerment — it redefines what modern managed security looks like.
View the full article
- 0 comments
- 44 views
-
In this Threat Analysis report, Cybereason Security Services investigates the flow of a Tangerine Turkey campaign observed in Cybereason EDR. Tangerine Turkey is a threat actor identified as a visual basic script (VBS) worm used to facilitate cryptomining activity.
View the full article
- 0 comments
- 44 views
-
First identified in August 2024, Aisuru has spread to at least 700,000 IoT systems, such as poorly secured Internet routers and security cameras. Aisuru’s overlords have used their massive botnet to clobber targets with headline-grabbing DDoS attacks, flooding targeted hosts with blasts of junk requests from all infected systems simultaneously.
In June, Aisuru hit KrebsOnSecurity.com with a DDoS clocking at 6.3 terabits per second — the biggest attack that Google had ever mitigated at the time. In the weeks and months that followed, Aisuru’s operators demonstrated DDoS capabilities of nearly 30 terabits of data per second — well beyond the attack mitigation capabilities of most Internet destinations.
These digital sieges have been particularly disruptive this year for U.S.-based Internet service providers (ISPs), in part because Aisuru recently succeeded in taking over a large number of IoT devices in the United States. And when Aisuru launches attacks, the volume of outgoing traffic from infected systems on these ISPs is often so high that it can disrupt or degrade Internet service for adjacent (non-botted) customers of the ISPs.
“Multiple broadband access network operators have experienced significant operational impact due to outbound DDoS attacks in excess of 1.5Tb/sec launched from Aisuru botnet nodes residing on end-customer premises,” wrote Roland Dobbins, principal engineer at Netscout, in a recent executive summary on Aisuru. “Outbound/crossbound attack traffic exceeding 1Tb/sec from compromised customer premise equipment (CPE) devices has caused significant disruption to wireline and wireless broadband access networks. High-throughput attacks have caused chassis-based router line card failures.”
The incessant attacks from Aisuru have caught the attention of federal authorities in the United States and Europe (many of Aisuru’s victims are customers of ISPs and hosting providers based in Europe). Quite recently, some of the world’s largest ISPs have started informally sharing block lists identifying the rapidly shifting locations of the servers that the attackers use to control the activities of the botnet.
Experts say the Aisuru botmasters recently updated their malware so that compromised devices can more easily be rented to so-called “residential proxy” providers. These proxy services allow paying customers to route their Internet communications through someone else’s device, providing anonymity and the ability to appear as a regular Internet user in almost any major city worldwide.
From a website’s perspective, the IP traffic of a residential proxy network user appears to originate from the rented residential IP address, not from the proxy service customer. Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence. But they are massively abused for hiding cybercrime activity (think advertising fraud, credential stuffing) because they can make it difficult to trace malicious traffic to its original source.
And as we’ll see in a moment, this entire shadowy industry appears to be shifting its focus toward enabling aggressive content scraping activity that continuously feeds raw data into large language models (LLMs) built to support various AI projects.
‘INSANE’ GROWTH
Riley Kilmer is co-founder of spur.us, a service that tracks proxy networks. Kilmer said all of the top proxy services have grown substantially over the past six months.
“I just checked, and in the last 90 days we’ve seen 250 million unique residential proxy IPs,” Kilmer said. “That is insane. That is so high of a number, it’s unheard of. These proxies are absolutely everywhere now.”
Today, Spur says it is tracking an unprecedented spike in available proxies across all providers, including;
LUMINATI_PROXY 11,856,421
NETNUT_PROXY 10,982,458
ABCPROXY_PROXY 9,294,419
OXYLABS_PROXY 6,754,790
IPIDEA_PROXY 3,209,313
EARNFM_PROXY 2,659,913
NODEMAVEN_PROXY 2,627,851
INFATICA_PROXY 2,335,194
IPROYAL_PROXY 2,032,027
YILU_PROXY 1,549,155
Reached for comment about the apparent rapid growth in their proxy network, Oxylabs (#4 on Spur’s list) said while their proxy pool did grow recently, it did so at nowhere near the rate cited by Spur.
“We don’t systematically track other providers’ figures, and we’re not aware of any instances of 10× or 100× growth, especially when it comes to a few bigger companies that are legitimate businesses,” the company said in a written statement.
Bright Data was formerly known as Luminati Networks, the name that is currently at the top of Spur’s list of the biggest residential proxy networks. Bright Data likewise told KrebsOnSecurity that Spur’s current estimates of its proxy network are dramatically overstated and inaccurate.
“We did not actively initiate nor do we see any 10x or 100x expansion of our network, which leads me to believe that someone might be presenting these IPs as Bright Data’s in some way,” said Rony Shalit, Bright Data’s chief compliance and ethics officer. “In many cases in the past, due to us being the leading data collection proxy provider, IPs were falsely tagged as being part of our network, or while being used by other proxy providers for malicious activity.”
“Our network is only sourced from verified IP providers and a robust opt-in only residential peers, which we work hard and in complete transparency to obtain,” Shalit continued. “Every DC, ISP or SDK partner is reviewed and approved, and every residential peer must actively opt in to be part of our network.”
HK NETWORK
Even Spur acknowledges that Luminati and Oxylabs are unlike most other proxy services on their top proxy providers list, in that these providers actually adhere to “know-your-customer” policies, such as requiring video calls with all customers, and strictly blocking customers from reselling access.
Benjamin Brundage is founder of Synthient, a startup that helps companies detect proxy networks. Brundage said if there is increasing confusion around which proxy networks are the most worrisome, it’s because nearly all of these lesser-known proxy services have evolved into highly incestuous bandwidth resellers. What’s more, he said, some proxy providers do not appreciate being tracked and have been known to take aggressive steps to confuse systems that scan the Internet for residential proxy nodes.
Brundage said most proxy services today have created their own software development kit or SDK that other app developers can bundle with their code to earn revenue. These SDKs quietly modify the user’s device so that some portion of their bandwidth can be used to forward traffic from proxy service customers.
“Proxy providers have pools of constantly churning IP addresses,” he said. “These IP addresses are sourced through various means, such as bandwidth-sharing apps, botnets, Android SDKs, and more. These providers will often either directly approach resellers or offer a reseller program that allows users to resell bandwidth through their platform.”
Many SDK providers say they require full consent before allowing their software to be installed on end-user devices. Still, those opt-in agreements and consent checkboxes may be little more than a formality for cybercriminals like the Aisuru botmasters, who can earn a commission each time one of their infected devices is forced to install some SDK that enables one or more of these proxy services.
Depending on its structure, a single provider may operate hundreds of different proxy pools at a time — all maintained through other means, Brundage said.
“Often, you’ll see resellers maintaining their own proxy pool in addition to an upstream provider,” he said. “It allows them to market a proxy pool to high-value clients and offer an unlimited bandwidth plan for cheap reduce their own costs.”
Some proxy providers appear to be directly in league with botmasters. Brundage identified one proxy seller that was aggressively advertising cheap and plentiful bandwidth to content scraping companies. After scanning that provider’s pool of available proxies, Brundage said he found a one-to-one match with IP addresses he’d previously mapped to the Aisuru botnet.
Brundage says that by almost any measurement, the world’s largest residential proxy service is IPidea, a China-based proxy network. IPidea is #5 on Spur’s Top 10, and Brundage said its brands include ABCProxy (#3), Roxlabs, LunaProxy, PIA S5 Proxy, PyProxy, 922Proxy, 360Proxy, IP2World, and Cherry Proxy. Spur’s Kilmer said they also track Yilu Proxy (#10) as IPidea.
Brundage said all of these providers operate under a corporate umbrella known on the cybercrime forums as “HK Network.”
“The way it works is there’s this whole reseller ecosystem, where IPidea will be incredibly aggressive and approach all these proxy providers with the offer, ‘Hey, if you guys buy bandwidth from us, we’ll give you these amazing reseller prices,'” Brundage explained. “But they’re also very aggressive in recruiting resellers for their apps.”
A graphic depicting the relationship between proxy providers that Synthient found are white labeling IPidea proxies. Image: Synthient.com.
Those apps include a range of low-cost and “free” virtual private networking (VPN) services that indeed allow users to enjoy a free VPN, but which also turn the user’s device into a traffic relay that can be rented to cybercriminals, or else parceled out to countless other proxy networks.
“They have all this bandwidth to offload,” Brundage said of IPidea and its sister networks. “And they can do it through their own platforms, or they go get resellers to do it for them by advertising on sketchy hacker forums to reach more people.”
One of IPidea’s core brands is 922S5Proxy, which is a not-so-subtle nod to the 911S5Proxy service that was hugely popular between 2015 and 2022. In July 2022, KrebsOnSecurity published a deep dive into 911S5Proxy’s origins and apparent owners in China. Less than a week later, 911S5Proxy announced it was closing down after the company’s servers were massively hacked.
That 2022 story named Yunhe Wang from Beijing as the apparent owner and/or manager of the 911S5 proxy service. In May 2024, the U.S. Department of Justice arrested Mr Wang, alleging that his network was used to steal billions of dollars from financial institutions, credit card issuers, and federal lending programs. At the same time, the U.S. Treasury Department announced sanctions against Wang and two other Chinese nationals for operating 911S5Proxy.
The website for 922Proxy.
DATA SCRAPING FOR AI
In recent months, multiple experts who track botnet and proxy activity have shared that a great deal of content scraping which ultimately benefits AI companies is now leveraging these proxy networks to further obfuscate their aggressive data-slurping activity. That’s because by routing it through residential IP addresses, content scraping firms can make their traffic far trickier to filter out.
“It’s really difficult to block, because there’s a risk of blocking real people,” Spur’s Kilmer said of the LLM scraping activity that is fed through individual residential IP addresses, which are often shared by multiple customers at once.
Kilmer says the AI industry has brought a veneer of legitimacy to residential proxy business, which has heretofore mostly been associated with sketchy affiliate money making programs, automated abuse, and unwanted Internet traffic.
“Web crawling and scraping has always been a thing, but AI made it like a commodity, data that had to be collected,” Kilmer said. “Everybody wanted to monetize their own data pots, and how they monetize that is different across the board.”
Kilmer said many LLM-related scrapers rely on residential proxies in cases where the content provider has restricted access to their platform in some way, such as forcing interaction through an app, or keeping all content behind a login page with multi-factor authentication.
“Where the cost of data is out of reach — there is some exclusivity or reason they can’t access the data — they’ll turn to residential proxies so they look like a real person accessing that data,” Kilmer said of the content scraping efforts.
Aggressive AI crawlers increasingly are overloading community-maintained infrastructure, causing what amounts to persistent DDoS attacks on vital public resources. A report earlier this year from LibreNews found some open-source projects now see as much as 97 percent of their traffic originating from AI company bots, dramatically increasing bandwidth costs, service instability, and burdening already stretched-thin maintainers.
Cloudflare is now experimenting with tools that will allow content creators to charge a fee to AI crawlers to scrape their websites. The company’s “pay-per-crawl” feature is currently in a private beta, and it lets publishers set their own prices that bots must pay before scraping content.
On October 22, the social media and news network Reddit sued Oxylabs (PDF) and several other proxy providers, alleging that their systems enabled the mass-scraping of Reddit user content even though Reddit had taken steps to block such activity.
“Recognizing that Reddit denies scrapers like them access to its site, Defendants scrape the data from Google’s search results instead,” the lawsuit alleges. “They do so by masking their identities, hiding their locations, and disguising their web scrapers as regular people (among other techniques) to circumvent or bypass the security restrictions meant to stop them.”
Denas Grybauskas, chief governance and strategy officer at Oxylabs, said the company was shocked and disappointed by the lawsuit.
“Reddit has made no attempt to speak with us directly or communicate any potential concerns,” Grybauskas said in a written statement. “Oxylabs has always been and will continue to be a pioneer and an industry leader in public data collection, and it will not hesitate to defend itself against these allegations. Oxylabs’ position is that no company should claim ownership of public data that does not belong to them. It is possible that it is just an attempt to sell the same public data at an inflated price.”
As big and powerful as Aisuru may be, it is hardly the only botnet that is contributing to the overall broad availability of residential proxies. For example, on June 5 the FBI’s Internet Crime Complaint Center warned that an IoT malware threat dubbed BADBOX 2.0 had compromised millions of smart-TV boxes, digital projectors, vehicle infotainment units, picture frames, and other IoT devices.
In July, Google filed a lawsuit in New York federal court against the Badbox botnet’s alleged perpetrators. Google said the Badbox 2.0 botnet “compromised more than 10 million uncertified devices running Android’s open-source software, which lacks Google’s security protections. Cybercriminals infected these devices with pre-installed malware and exploited them to conduct large-scale ad fraud and other digital crimes.”
A FAMILIAR DOMAIN NAME
Brundage said the Aisuru botmasters have their own SDK, and for some reason part of its code tells many newly-infected systems to query the domain name fuckbriankrebs[.]com. This may be little more than an elaborate “screw you” to this site’s author: One of the botnet’s alleged partners goes by the handle “Forky,” and was identified in June by KrebsOnSecurity as a young man from Sao Paulo, Brazil.
Brundage noted that only systems infected with Aisuru’s Android SDK will be forced to resolve the domain. Initially, there was some discussion about whether the domain might have some utility as a “kill switch” capable of disrupting the botnet’s operations, although Brundage and others interviewed for this story say that is unlikely.
A tiny sample of the traffic after a DNS server was enabled on the newly registered domain fuckbriankrebs dot com. Each unique IP address requested its own unique subdomain. Image: Seralys.
For one thing, they said, if the domain was somehow critical to the operation of the botnet, why was it still unregistered and actively for-sale? Why indeed, we asked. Happily, the domain name was deftly snatched up last week by Philippe Caturegli, “chief hacking officer” for the security intelligence company Seralys.
Caturegli enabled a passive DNS server on that domain and within a few hours received more than 700,000 requests for unique subdomains on fuckbriankrebs[.]com.
But even with that visibility into Aisuru, it is difficult to use this domain check-in feature to measure its true size, Brundage said. After all, he said, the systems that are phoning home to the domain are only a small portion of the overall botnet.
“The bots are hardcoded to just spam lookups on the subdomains,” he said. “So anytime an infection occurs or it runs in the background, it will do one of those DNS queries.”
Caturegli briefly configured all subdomains on fuckbriankrebs dot com to display this ASCII art image to visiting systems today.
The domain fuckbriankrebs[.]com has a storied history. On its initial launch in 2009, it was used to spread malicious software by the Cutwail spam botnet. In 2011, the domain was involved in a notable DDoS against this website from a botnet powered by Russkill (a.k.a. “Dirt Jumper”).
Domaintools.com finds that in 2015, fuckbriankrebs[.]com was registered to an email address attributed to David “Abdilo” Crees, a 27-year-old Australian man sentenced in May 2025 to time served for cybercrime convictions related to the Lizard Squad hacking group.
Update, Nov. 1, 2025, 10:25 a.m. ET: An earlier version of this story erroneously cited Spur’s proxy numbers from earlier this year; Spur said those numbers conflated residential proxies — which are rotating and attached to real end-user devices — with “ISP proxies” located at AT&T. ISP proxies, Spur said, involve tricking an ISP into routing a large number of IP addresses that are resold as far more static datacenter proxies.
View the full article
- 0 comments
- 140 views
-
Website: https://www.biiafsc.com/west-africa-edition/
Africa Fraud, Security & Compliance (AFSC) Summit – West Africa 2025
28–29 October 2025 | Lagos Marriott Hotel, Ikeja, Nigeria
The Africa Fraud, Security & Compliance (AFSC) Summit – West Africa brings together the region’s leading regulators, banks, fintechs, and solution providers to strengthen the fight against financial crime and advance digital trust across Africa’s evolving financial ecosystem.
Now in its West Africa edition, the summit will host C-suite executives, compliance leaders, AML specialists, risk professionals, and technology innovators for two transformative days of insights, networking, and collaboration. Discussions will span key themes including AI-driven fraud prevention, AML/CFT innovation, regulatory technology, cyber resilience, and the psychology of fraud.
The event will also feature the prestigious AFSC Awards – West Africa, celebrating organizations and individuals who demonstrate excellence in compliance, innovation, and integrity.
With interactive panel sessions, fireside chats, and an exhibition showcasing cutting-edge technologies, AFSC West Africa 2025 is where strategy meets innovation shaping a secure, compliant, and inclusive financial future for the region.
The post Africa Fraud, Security & Compliance Summit – West Africa 2025 appeared first on CISO MAG | Cyber Security Magazine.
View the full article
- 0 comments
- 50 views
-
View the full article
- 0 comments
- 51 views
-
View the full article
- 0 comments
- 42 views
-
That’s not too surprising, straight up DevOps is last decade’s news – Gene Kim rebranded the DevOps Enterprise Summit and is publishing vibe coding books, the DevOps OGs like Patrick Debois and John Willis have been focusing on AI building, and so it makes sense that the DORA crew are also poking in that direction.
A lot of the shift in DevOps in recent years has been towards focusing on developer productivity. Whether that’s the rise of platforms to take burden and complexity away from devs, to Nicole Forsgren’s new SPACE metrics that extended her previous Accelerate/DORA metrics that were focused just on software delivery, everyone is keenly aware that unlocking the developers’ ability to create is important.
Companies I work with are really prioritizing that. At ServiceNow, they got Windsurf licenses for all and report a 10% productivity boost from it. And just “we have some AI” isn’t enough, Meta just cut one of their major AI teams because they had “gotten too bureaucratic” and slow so they wanted to move people to a newer team where they could get more done. So companies are taking developer productivity very seriously and spending real money and making big changes to get it.
Understanding Your Software Delivery Performance
As you read the report, you’ll notice that large chunks of it are NOT about AI directly. This first chapter, for example, recaps the important areas from previous DORA reports. It talks about metrics for software delivery and characterizes kinds of teams you see in the wild and their clusters of function and dysfunction. You don’t really get to AI till page 23.
Is this “AI-washing”? If so, it’s justified. People want “AI” to be the solution when they don’t understand their problem, or how to measure whether their problem is solved – AI can help with software engineering and DevOps but it does nothing to change the fundamental nature of any of it, so if you don’t understand the non-AI basics, if you’re handed AI to loose on your company you may as well be an armed toddler.
AI Adoption and Use
The report has good stats that dig deeper than news reports – while 90% of people are “using AI”, in general they use it maybe 1-2 hours out of their day and don’t go to it first all the time.
The thing I found the most surprising was what people were using it for. In my experience folks are using AI for the lighter work more often than actually writing code, but their research showed writing code was by far the most common use case (60%) and stuff like internal communication the least common task (48%) (outside calendar management at 25%, but the tools for that are terrible IMO).
Chatbots and IDEs are the vast majority of how people interact with AI still, integrated tool platforms only have 18% traction.
People do in general believe they’re being more productive from using AI, by a wide margin, and also believe their code quality has gone up! Pure vibe coding makes terrible quality code, I believe this is because how real coders are using AI is more thoughtful than just “write this for me.” And this is borne out in their trust metrics – most people do NOT trust AI output. 76% of respondents trust AI somewhat, a little, or not at all – despite 84% believing it has increased their productivity.
I think that’s super healthy – you should not trust AI output, but if you keep that in mind, it lets you use it and be more productive. You just have to double check and not expect magic. Consider that ServiceNow article I linked above about their Windsurf adoption, it’s not reastic to think AI is going to give you orders of magnitude of coding productivity increase – 10% is great though, more of an improvement than most other things you can do!
AI and Key Outcomes
That leads us into the meatier portion of the report, which is taking the research past “what people think” and trying to correlate real outcomes to these factors. Which is a little ticky, because developer morale is a part of what contributes to delivery and there may be a “placebo factor” where believing AI tools are making you better, makes you better whether or not the tool is contributing!
What they found is that while AI use does really improve individual effectiveness, code quality, and valuable work, it doesn’t help with friction and burnout, and has a significant negative effect on software delivery instability.
So what do we make of increased software delivery instability when we think we’re generating more and better code? And we think the org performance is still doing better? The report doesn’t know either.
My theory is similar to the answer to “why doesn’t everyone run multi-region systems when AWS us-east goes down from time to time?” Just to refresh you on the answer to that one, “it’s more expensive to do it right than to have an outage from time to time.” If you can cram more code down the pipe, you get more changes and therefore more instability. But just like companies gave up on shipping bug-free code long ago, some degree of failure with the tradeoff of shipping more stuff is a net financial win.
AI Capabilities Model
The reason I love DORA is they go deep and try to establish correlation of AI adoption best practices to outcomes. At page 49 is their big new framework for analysis of AI impact on an org. Here’s what they have so far on how specific practices correlate to specific outcomes, with caveats that it’ll take another year of data to know for sure (though AI innovation cycles are month by month, I hope they’ll find a way to get more data more quickly than a yearly cadence).
Platform Engineering
The report then takes another turn back to earlier DORA topics and talks about platform engineering, the benefits, and how to not suck at it.
For those who are unclear on that, you get wins from a platform that is user centric. So many organizations don’t – or deliberately mis- – understand that. You could call all the old centralized IT solutions from previous decades a “platform” – Tivoli, HP WhateverCenter, and so on – but they were universally hateful and got in the way of progress in the name of optimizing the work of some commodity team behind a ticket barrier. (I’ll be honest, there’s a lot of that at my current employer.)
I’m going to go a step farther than the report – if you don’t have a product manager guidlign your platform based on its end users’ needs, your platform is not really a platform, it’s a terrible efficiency play that is penny wise but pound foolish. Fight me.
Anyway, they then say “platforms, you know, it’s the place you can plug in AI.” Which is fine but a little basic.
Value Stream Management
Is important. The premise here is that given the basic premise of value flow (if you don’t know about lean and value streams and stuff, I’ve got a LinkedIn Learning course for you: DevOps Foundations: Lean and Agile), systems thinking dictates that if you accelerate pieces in your workflow you can actually harm your overall throughput, so major changes mean you need to revisit the overall value stream to make sure it’s still the right flow, and measure so you understand how speeding up pieces (like oh say making code) affects other pieces (like oh say release stability).
They find that AI adoption gets you a lot more net benefit in organizations that understand and engineer their value stream.
The AI Mirror
This section tries to address the mix of benefits and detriments we’ve already talked about with AI. It basically just says hey, rethink how you do stuff and see if you can use AI in a more targeted way to improve the bad pieces, so for software delivery try using it more for code reviews and in your delivery pipelines. It’s fine but pretty handwavey.
That’s understandable, I don’t think anyone’s meaningfully figured out how to bring AI to bear on the post-code writing part of the software delivery pipeline. There’s a bunch of hopefuls in this space but everything I’ve kicked the tires on seems still pretty sketch.
Metrics Frameworks
You need metrics to figure out if what you’re doing is helping or not. They mention frameworks like SPACE, DevEx, HEART, and DORA’s software delivery metrics, and note that you should be looking at developer experience, product excellence, and organizational effectiveness. “Does AI change this?” Maybe, probably not as much as you think.
And that’s the end at page 96, there’s 50 pages of credits and references and data and methodology if you want to get into it.
Those last 4 chapters feel more like an appendix, they don’t really flow with the rest of the report. The AI methodology talks about things to do specifically boost your AI capabilities (Clear and communicated AI stance… Working in small batches) which somewhat overlap (Quality internal platforms, User-centric focus) with these later chapters but to a degree don’t. If value stream management is shown to improve your AI outcomes then – why’s it not in the capability model?
I assume the answer is, to a degree, “Hey man this is a work in progress” which is fair enough.
Conclusion
I find two major benefits from reports like this, and judge their success based on how well they achieve them.
Showing clear benefits of something, so you can use it to influence others to adopt it. This report does very well there. One of my complaints about the DORA reports is that in recent years they’d become more about the “next big thing” than about demonstrating the clear benefits of core DevOps practices, so I’d often go back and refer to older reports instead of the newer ones. But here – are people getting benefit from AI? Yes, and here’s what, and here’s what not. Very cleaar and well supported. Telling you how to best go about doing something, so you can adopt it more effectively. The report also does well here, with the caveat of “so much of this is still emerging and moving at hyperspeed that it’s hard to know.” They’ve identified practices within AI adoption and in the larger organization that are correlated to better outcomes, and that’s great. And I do like the mix of old and new in this report. You have to wave the new shiny at people to get them to pay attention, but in the end there are core truths about running a company and a technology organization within a company – value streams, metrics, developer experience, release cadence and quality – that AI or any new silver bullet may change the implementation of, but does not change fundamentally, and it’s a good reminder that adopting sound business basics is the best way to take advantage of any new opportunity, in this case AI.
TL;DR – Good report, use it to learn how people are benefitting from AI and to understand specific things you can do to make your organization benefit the most from it!
View the full article
- 0 comments
- 53 views
-
I want one.
View the full article
- 0 comments
- 80 views
-
Location: Olympia, London, United Kingdom
Website: https://www.cybersecuritycloudexpo.com/global/
Join 9,000+ cybersecurity and tech leaders for two days of expert insights, high-level discussions, and premium networking.
CTOs, IT Directors, Government Officials, Developers, Investors, and industry innovators will gather to explore the latest in cybersecurity and digital transformation.
With 200+ speakers and hundreds of exhibitors, the event delivers real-world strategies, cutting-edge solutions, and actionable knowledge.
The dedicated Cyber Security Expo stage will tackle Europe’s most pressing cybersecurity challenges, from emerging threats to industry-specific innovations. Key sectors covered include finance, healthcare, legal, retail, energy, government, and more.
Don’t miss the chance to expand your expertise, discover new technologies, and connect with decision-makers shaping the future of digital security. Register Now.
While the event is free to attend, the Gold Pass offers all-access benefits, including enhanced networking opportunities. The code is: MP20
Book Your Seat The post Cyber Security & Cloud Expo Global 2026 appeared first on CISO MAG | Cyber Security Magazine.
View the full article
- 0 comments
- 53 views
-
View the full article
- 0 comments
- 50 views
-
premiere gateway for tech creators, investors and enthusiasts to collaborate. This year, the event scales new heights, spanning
across two mega venues – Dubai World Trade Centre & Dubai Harbour. It offers an unprecedented 40 halls of exhibition space,
showcasing tech giants and innovative startups in fields like AI, Data Centres, Digi Health & Biotech, Cybersecurity, Intelligent
Connectivity, Green Impact and more.
Prepare for five exhilarating days filled with conferences, live-action workshops, matched concierge networking and business
partnerships. Discover the latest and unseen tech innovations that continue to shape our world.
The GITEX GLOBAL ecosystem encompasses 11 co-located shows: GITEX GLOBAL, GITEX Cyber Valley, GITEX Digi Health & Biotech,
GITEX Green Impact, GITEX Quantum Expo, Global Devslam, Expand North Star, GITEX ScaleX, House of Finance, Marketing Mania,
North Star Green Impact. Central to these shows are innovation, collaboration, and discovery. 200,000+ visitors will explore real-
world applications of AI and source latest innovations that reduce operating costs and enhance business efficiency.
For More Information: Visit GITEX GLOBAL 2025
The post GITEX GLOBAL 2025 appeared first on CISO MAG | Cyber Security Magazine.
View the full article
- 0 comments
- 58 views
-
That’s why Empowerment is the fourth pillar of the CQ Blue AI strategy — and the true heart of the SOC Triage Agent. While the first three pillars (Efficiency, Accuracy, and Speed) transform operations, Empowerment ensures analysts remain at the center of it all. This is AI that amplifies human intelligence, not replaces it.
View the full article
- 0 comments
- 45 views
-
Location: Marina Bay Sands Expo and Convention Centre, Singapore
Website: https://www.singaporetechnologyweek.com/cyber-security-world/
Cyber Security World Asia 2025 returns on 8 – 9 October 2025!
Over two days, you can:
Explore leading technologies that safeguard your enterprise Benchmark solutions side by side for resilience and risk management Get practical insights from experts on securing your digital future If strengthening your cyber resilience, protecting customer trust, and ensuring compliance are on your agenda this year, this is the place to make it happen.
See you this 8-9 October, together with thousands of other cybersecurity professionals representing organisations such as A*STAR, Airbus, Coalition of Cybersecurity in Asia-Pacific, DSTA, Prudential, The Coca-Cola Company and more.
Register Today The post Cyber Security World Asia 2025 appeared first on CISO MAG | Cyber Security Magazine.
View the full article
- 0 comments
- 65 views
-
July 2025, Oracle releases security updates including 309 patches, which included nine that addressed flaws/vulnerabilities in Oracle E-Business Suite (EBS). July 2025 (end of) through September 2025 (beginning of), Cybereason has assessed based on emerging evidence and ongoing forensic investigations, that CL0P orchestrated an Intrusion Path that allowed for unauthorized access to on-premise, customer-managed Oracle E-Business Suite (EBS) solutions, enumerated accessible and stored data, and conducted data exfiltration. September 2025 (end of) through October 2025 (beginning of), a widespread orchestrated email extortion campaigns emerged targeting users of on-premise, customer-managed Oracle E-Business Suite (EBS) and requesting contact with CL0P in order to not expose data allegedly exfiltrated. October 2025 (beginning of), Cybereason is aware of ongoing investigations in which CL0P has provided proof of data. CL0P does not appear to have named new victims associated with this incident as of October 4, 2025. October 5, 2025, Oracle confirms CVE-2025-61882 in Oracle E-Business Suite (EBS). This vulnerability was remotely exploitable without authentication (i.e., it can be exploited over a network without the need for a username and password). Successful exploitation can lead to remote code execution (RCE). October 7, 2025, Cybereason confirms earliest evidence of threat actor activity occurred August 9, but is subject to change based on ongoing investigations. View the full article
- 0 comments
- 43 views
-
View the full article
- 0 comments
- 42 views
-
View the full article
- 0 comments
- 109 views
-
Changelogs
Added SaaS Release Changelogs for Sep 20,2025 Release Site Updates
Added new Maintenance and Deployment Schedules guide to inform customers about planned upgrade windows. View the full article
- 0 comments
- 59 views
-
View the full article
- 0 comments
- 43 views
-
AI causes layoffs! AI causes bad journalism! AI causes headaches for recruiters! AI causes ethics violations! But here’s the truth, AI doesn’t cause any of this – people do.
All these things are human decisions. “AI” didn’t cause that layoff or any of these other things. It’s a handy technology, and just like the PC or mobile, it allows us to disrupt and change things, but it’s not “causing” anything.
And to be honest, most “AI-caused layoffs” are a barefaced lie. Just like most RTO mandates are clandestine layoffs, CEOs have realized that you can now have a layoff or hiring freeze and say “because of our use of AI” and your stock goes up instead of down. So that’s what they say. Speaking as a technology consultant whose team is involved in a lot of large AI implementations, except for large call center or “digital piecework” shops, no one is really using AI enough already that it’s truly laid off large numbers of staff, and certainly all developer layoffs attributed to AI so far are layoffs they just wanted to do regardless.
Every decade has its new technology silver bullet. In the after-times, we remind ourselves that there is no such thing as a silver bullet and it’s always more complicated than that. Then we forget and fall in love with the newest silver bullet, and the shinest teflon-coated hollow-point silver bullet is AI. But that’s just tech business as usual.
The core problem here is that personification of AI is very deliberately being used to shift blame and pass the buck.
Remember when Mark Zuckerberg went before Congress and kept trying to blame “the algorithm” for fanning political extremism, as if it wasn’t just software his company had built? This is the same playbook, scaled out, substituting in “AI” as the boogeyman.
Whenever any AI exec talks about AGI or “we the tech oligarchs are also scared of AI, it may be alive and coming to get us!” they are very deliberately trying to play a shell game of brandishing something that you all can identify as a blame-bearing entity in front of them so that they, their company, and their practices can have plausible deniability. No no, it’s “the AI” that stole all of your IP, or told you to drive your car off a cliff, not us. But the only reason you think it’s different than “a person at that company told you to do that” is the use of disinformation, wealth, and power to snooker you.
In many use cases, AI isn’t better, it’s just cheaper, and it’s only cheaper right now when trillions of dollars are being poured into defraying its cost. No one wants an AI drive-through – it’s slower and harder to fix mistakes. Companies only pitch it as the ‘better option’ when the alternative is an underpaid, burned-out worker. That’s a false choice.
This false choice is set up for you by companies that don’t care about your experience but want to save money. They’re the ones who only want to pay minimum wage, or have your support phone calls go to another country, or whatnot, and have already done that at the expense of you as a customer. The real option, doing it well in the first place, is always on the table. Don’t let them play you like a toddler and ask you “which of these two shirts you want to wear today.”
Over the millennia, people have always found a scapegoat for exploitation. First it was “the gods,” then “the laws,” then “the algorithm,” and now it’s “the AI.” Always keep in mind that all of these are only masks for one person – The Man. It’s not the mask taking the actions, it’s the people hiding behind them. Don’t get suckered into the shell game. Hold the real decision-makers accountable.
Demand better. Don’t be decieved into framing decisions and outcomes as being “caused by” AI. Journalists are the *worst*, they gave up on real reporting already in favor of “what someone said on Twitter,” and they are now happily replacing that with “ChatGPT says”, as if that’s thoughtful analysis.
View the full article
- 0 comments
- 91 views
-
I will be organizing a reading group on AI security in the fall. I will be teaching my cybersecurity policy class in the Spring. I will be working with Citizen Lab, the Law School, and the Schwartz Reisman Institute. And I will be enjoying all the multicultural offerings of Toronto.
It’s all pretty exciting.
View the full article
- 0 comments
- 109 views
-
Location: Hilton London Canary Wharf, London, United Kingdom
Website: https://cybersecureforum.co.uk/
Cyber Secure Forum – Your One-Day Gateway to High-Value Connections
Celebrating 10 years of bringing industry leaders and innovative solution providers together for a day of powerful networking, insights, and business growth.
This year marks our 10th anniversary, and we’re making it our biggest and most impactful Cyber Secure Forum yet.
We know your time is valuable, so we make it count. Simply tell our team who you’d like to meet, and we’ll create a personalised itinerary of one-to-one meetings matched to your needs, preferences, and live projects – so you can focus on what matters most.
As a buyer, your FREE pass includes:
A tailored itinerary of pre-arranged one-to-one meetings Full hospitality throughout the day, including lunch & refreshments Multiple networking opportunities with industry peers Access to our expert-led educational seminar programme Flexible attendance options to suit your schedule Register your FREE pass here via our quick booking form.
For more details on what you can expect as a buyer, contact Josh Kingsmill on 01992 374100 or [email protected] .
Are you a supplier to the industry?
Meet face-to-face with pre-qualified, senior decision-makers who have asked to meet you specifically to discuss your products and services – and are actively seeking solutions for upcoming projects.
Your supplier package includes:
A schedule of one-to-one meetings with your chosen prospects A fully equipped stand with electrics, furniture & name board Lunch & refreshments for the full day Detailed delegate profiles in advance Your logo featured in all event marketing Inclusion in our supplier networking sessions Buyers attending are seeking solutions in areas such as:
UK Cyber Strategy Data Protection Access Control Authentication Cloud Business Continuity Identity Access Management Multi-Factor Authentication AI & Machine Learning Application Security …and much more.
For more information on supplier partner packages, contact our Event Manager:
[email protected] | 01992 374078
Book Your Seat The post Cyber Secure Forum appeared first on CISO MAG | Cyber Security Magazine.
View the full article
- 0 comments
- 49 views
-
Location: JW Marriott, Juhu, Mumbai
CISO Connect India 2025 is a premier cybersecurity leadership summit bringing together top CISOs, cybersecurity leaders, and technology innovators to discuss emerging threats, best practices, and future strategies. The Mumbai edition will serve as a high-impact networking platform where decision-makers from leading enterprises, government bodies, and global security providers converge to share insights and drive collaborations.
This year’s event will feature keynote sessions by industry veterans, panel discussions on next-gen cybersecurity trends, and interactive workshops. With a curated audience of over 120 security leaders, the event ensures an exclusive opportunity for thought leadership, meaningful engagement, and brand visibility for participating partners.
The post CISO India Connect 2025 – Mumbai appeared first on CISO MAG | Cyber Security Magazine.
View the full article
- 0 comments
- 50 views
-
What is DevEx
First, let’s quickly review what DevEx is and briefly touch on why it’s important.
There’s even a Knuth quote about DevEx:
Knuth says:
“The enjoyment of one’s tools is an essential ingredient of successful work.”
DevEx is important because developers working in an environment with a good developer experience spend more time building software and solving problems for their customers, and less time doing other less valuable work.
State of DevEx Report 2025
Atlassian produces a State of DevEx report every year. We interview thousands of developers and development leaders and ask questions about their teams’ development experiences. I want to focus on two stats from the 2025 report.
First:
“50% of developers now report losing more than 10 hours of their working week due to inefficiencies.“
This stat is wild to me. If a developer works a 40-hour week, that means 25% of their time is lost to friction in the development process. Developers tend to work long hours to hit project deadlines. If these 10 hours a week could be recouped, we’d be happier and get more done.
Second:
“Developers are only spending 16% of their time every week writing code.“
This means that developers spend 84% of their time searching for information, context switching between tools, in meetings, and fighting with tech debt. If we could shift even a fraction of that time to building software and solving problems, we’d all be happier and better able to ship features to our customers.
Please keep these two stats in mind as you continue.
What it takes to get a new Jenkins box up and running
I decided to setup a new Jenkins box on AWS, integrate it with Bitbucket, and get it building, testing, and deploying my code using a Jenkinsfile. The following sections provide some insight into the setup process and future work I’d be taking on to continue using Jenkins.
Create an EC2 box and install Jenkins and its dependencies
The first thing I did was create an AWS EC2 box in ca-central-1. Then, I installed Jenkins and its dependencies following the Jenkins documentation. The image above shows some of the AWS infrastructure I created and some of the commands necessary to install and configure Jenkins and its dependencies.
This was fairly straightforward, as the documentation was good. When I finished this process, I had a single Jenkins box running on a single AWS EC2 server. However, there are problems with what I had setup. A single node isn’t highly available, resilient, or durable. I’d need additional infrastructure to make this a service I could roll out to my team and other teams.
Also, I’m not an expert in AWS EC2 networking or Linux security, and I’m unsure if I implemented security best practices. I will likely have security vulnerabilities to address in the future, and I will definitely have to patch the box and the software as new vulnerabilities arise.
I’ve created tech debt for myself.
Install some plugins
https://dam-cdn.atl.orangelogic.com/AssetLink/sa3hc0ll272qbw4huwq01mc3dmw84x20.mp4 After I got the Jenkins box up and running, I needed to install some plugins to make it work the way I wanted it to. I didn’t know I needed to install these plugins so I spent some time fumbling around Stack Overflow and the Jenkins documentation until I figured it out.
I eventually installed plugins for Git, Docker, and Bitbucket. The plugin install process is simple and none of the plugins I installed required plugin specific setup. Going through the UI to install the plugins I noticed that there are literally hundreds of plugins available. While having all these plugins available for Jenkins is great, it seems like a lot of them simply provide functionality that Bitbucket Cloud and Pipelines offers out of the box.
For example:
Git is available in every build by default and the Bitbucket Pipelines runtime automatically clones relevant repos. Bitbucket Pipelines is entirely docker-native with full support for “Docker-in-Docker” setups and docker buildx. Bitbucket Pipelines comes fully integrated with Bitbucket Cloud and all the other Atlassian tools by default. The key takeaway for me is that, although Jenkins’ library of plugins is vast, many of them exist to provide the bare essentials. The idea of managing a system with potentially hundreds of plugins enabled, that all needed to be updated from time to time, gave me anxiety.
Integrate Jenkins with Bitbucket
https://dam-cdn.atl.orangelogic.com/AssetLink/pq13lfi747pqw44kisj8y7e2u8p587bv.mp4 After I got the plugins installed I setup the integration between Bitbucket and Jenkins. I wanted Jenkins to run the pipeline defined in my Jenkinsfile whenever I pushed to a branch, created a pull request, or merged a branch to my production branch. This was easy to setup and get working.
At this point I had two separate systems up and running, Bitbucket Cloud and Jenkins, and an integration between them. Now, I could move on to actually setting up a Jenkins pipeline to build, test, and deploy my software.
Configure a Jenkins pipeline
From the Jenkins main page I had the option to create a New Item.
From here I had to choose from one of the six options.
I wasn’t sure sure what I wanted so I was off to the Jenkins documentation to learn. I guessed that I wanted a Pipeline so I started reading about that, and luckily I was correct. The pipeline screen provided a bunch of configuration checkboxes and options to setup what I wanted. After some reading, I got what I needed setup.
https://dam-cdn.atl.orangelogic.com/AssetLink/3475vk611sp26m5r40jiwul5g5qfw463.mp4 This part of the process is pretty similar to every other CI/CD product on the market. Setup some data in the product and write a config file that lives in the repository that details the various analysis, build, test, and deploy steps you want. All that was left was to write a proper Jenkinsfile.
Write a Jenkinsfile; Time to learn Groovy
https://dam-cdn.atl.orangelogic.com/AssetLink/a3q4x5q6i80xffuftj6kmn15vh2ih813.mp4 While Bitbucket and other vendors use YAML for their CI/CD configuration, Jenkins uses Groovy. This means I have to learn a completely separate language just to use Jenkins, in addition to learning the Jenkinsfile syntax. I don’t know Groovy, and I don’t want to pick up yet another language just to use one specific tool. Luckily, I had Rovo Dev CLI to help me write the Jenkinsfile.
Rovo is Atlassian’s platform-wide AI solution. Rovo Dev CLI is a terminal-based way of interacting with the Atlassian platform. It provides all of the expected coding support that other AI tools provide, AND it lets me interact with my Atlassian products.
After I got it to build a Jenkinsfile for me, I told it to update the Jira issue I was using to track my work. This is pretty handy as it saves me from having to jump into Jira, search for the Jira issue, and manually type the updates. This improves my DevEx because I spend less time clicking around a UI in my browser and more time in my dev tools.
Now, I want to talk about a couple other bits of work that came up as part of the process of standing up a Jenkins box.
Emergent work
At this point I had Jenkins up and running and building, testing, and deploying my code. I suspected that my networking and EC2 setup were probably not up to standards and would require some attention.
Tickets from Cloud Engineering
Turns out I was right.
My new EC2 box wasn’t standards-compliant. Atlassian Cloud Engineering maintains standards for infrastructure running in AWS. I got three tickets from cloud engineering for things I needed to patch, update, and install on my EC2 box to make it compliant with Atlassian standards.
The wiki pages describing the required steps for each of the tickets were substantial. The work wasn’t hard to complete, but it pulled me away from building software and solving problems for my customers. I was spending time administering Jenkins. This is a prime example of that 16% / 84% statistic from the State of DevEx report I reference earlier.
Every company I’ve worked for has had their own standards for how to setup and configure infrastructure, so this isn’t an Atlassian specific problem.
User access control? Availability? Reliability? Durability?
My current setup has only a single Jenkins node. That isn’t production ready. I need more nodes for redundancy and I need to setup some kind of a backup process to recover from failures.
Another problem is scaling. I don’t want to pay for multiple EC2 boxes when no one is running builds. I also don’t want to be compute constrained when my team is trying to run hundreds of concurrent builds, or running extensive test suites in QA.
Setting up more nodes, backup and recovery, and auto-scaling is going to be a ton of work that I just don’t have to do with modern SAAS systems like Bitbucket Cloud.
Bitbucket Pipelines features that improve the DevEx
Now, let’s switch gears for a second and look at some features of Bitbucket Pipelines that improve the developer experience. We’ll start off with an extremely powerful tool called Dynamic Pipelines.
Dynamic Pipelines
https://dam-cdn.atl.orangelogic.com/AssetLink/0a0s5t6460u1e2le5yu7upuwb1y57w6o.mp4 Dynamic Pipelines are a way for engineering or platform teams to create standards-compliant pipelines and then push them out across one or more Bitbucket workspaces. Dynamic Pipelines are defined in code using Atlassian’s Forge platform. They can be as simple as injecting a single step into the pipelines of repositories in a workspace or as complex as dynamically generating standards compliant, always up to date, best practice workflows from nothing but a few labels in a YAML file.
As you might guess, there are numerous benefits to this capability.
For example, using Dynamic Pipelines, a central security or compliance team can guarantee that a set of static analysis and security scanning steps are executed in every pipeline that runs in a workspace. What’s even better is that those static analysis and security scanning steps don’t need to be defined in the bitbucket-pipelines.yml file in each repository; The steps are injected by dynamic pipelines at runtime, using configuration defined by the central team.
Furthermore, when the organization decides to change the set of static analysis and security scanning steps they want to run, they can update the dynamic pipeline once and all pipelines in the workspace will automatically start running the new steps without engineers having to manually update individual bitbucket-pipelines.yml files. This reduces maintenance work and helps organizations quickly adapt to changing requirements and technologies.
In addition, engineers are no longer required to know the exact process to use each of the static analysis and security scanning tools since the correctly configured steps are injected automatically at runtime.
Critical to note though, is that Dynamic Pipelines do not prevent teams from still writing their own YAML workflows if they want to. Dynamic Pipelines are smart enough to enable centralized standards compliance whilst still retaining individual team autonomy.
Dynamic Pipelines improve the developer experience by reducing the number of lines of YAML they have to maintain, and frees up engineers’ cognitive capacity to focus on building software and solving problems for customers by reducing the amount of brain power they spend maintaining CI/CD.
You can learn more about Dynamic Pipelines here, here, and here.
AI assisted pipelines
https://dam-cdn.atl.orangelogic.com/AssetLink/8c6p6013m67w5s7hq6802ss8342cp0c2.mp4 AI-assisted pipelines are like having a build engineering sitting beside you to help you fix problems in your pipeline. When a pipeline step fails, Rovo will look at things like the code being deployed, the pipeline’s configuration, and pipeline logs to determine what happened and how to fix it.
Without AI, we all have to do this manually, and it can be awful. I don’t like looking through 230570238509 lines of logs to figure out what broke and neither does any other engineer I know. I’d rather have someone else solve this kind of problem for me so I can focus on building stuff.
AI-assisted pipelines directly addresses the 16% / 84% stat mention earlier by reducing the amount of time I spend digging through logs and searching for information.
Self-Hosted Runners
By default, Bitbucket Pipelines executes all steps on Atlassian cloud hardware. This works well for many customers, but some customers have compliance regimes meaning they need to run some of their steps on their own hardware, behind their firewall. Bitbucket Cloud’s self-hosted runners makes this simple, allowing teams to run a single step, all the way up to an entire pipeline, on their infrastructure – still orchestrated from Bitbucket Cloud.
To use self-hosted runners, teams create a runner and register it with Bitbucket. This process is a couple of clicks in the UI.
Once the runner is registered in Bitbucket, teams can add the runs-on tag to their bitbucket-pipelines.yml file to tell Bitbucket Pipelines to execute that particular step on the runner. Teams can also give specific runners unique tags and then add those tags to the same runs-on section to distribute specific pipelines or steps to specific individual runners.
In this way teams can setup as many runners as they need, with specific resources and access for the task they’re going to perform, and Bitbucket will ship work to them as required. With this approach teams can run most of theirs steps on Atlassian hardware whilst distributing specialized workloads onto their own hardware. This hybrid approach gives them the best of both worlds.
Size parameter
Different steps in a CI/CD pipeline can require different amounts of memory and take different amounts of time to execute. With the size parameter, teams can control the amount of CPU and memory resources available to each individual step. This lets them fine tune their resource usage.
By default, if the size parameter is not specified, Bitbucket runs the step with a 1x size parameter, which is a runner with 2 CPUs and 4 GB of memory and is the least expensive runner to use. This helps keep costs to a minimum by default.
When a team has a step that is taking too long to execute or requires more memory, they can add the size parameter to the step and get access to up to 32 CPUs and 64 GB of memory. In this way, teams can tailor their resource usage to have sufficient performance while being as inexpensive as possible.
DORA metrics in Jira and Compass
Bitbucket is tightly integrated with the rest of the Atlassian platform. For developers, that means it automatically ships CI/CD metric information to other Atlassian products. In particular, it is easy to get access to DORA metrics in both Jira, and Compass. The data is available in Jira, and Compass automatically, with no additional configuration.
This means you can add DORA metrics to your Compass components.
And you can view DORA metrics in Jira reports.
With the tight integration of Bitbucket with the Atlassian platform, teams don’t have to setup yet another tool to track and calculate their DORA metrics. They get them for free, out of the box.
How to migrate to Bitbucket Pipelines from Jenkins
I strongly encourage everyone who is using both Bitbucket and Jenkins to consider migrating to Bitbucket Pipelines. Doing this will improve your developer experience, allow you to spend more time building software and solving problems for your customers, and spend less time on server setup, configuration, and maintenance.
To that end, Atlassian provides a tool to help migrate declarative Jenkins pipelines to Bitbucket Pipelines by converting Jenkinsfiles to bitbucket-pipelines.yml files. You can find information about this process by following the QR code or the link above.
You can also try converting Jenkinsfiles to bitbucket-pipelines.yml files yourself using the Rovo Dev CLI, which is currently in Beta.
Useful Links
Rovo Dev CLI
Bitbucket Cloud
Bitbucket Pipelines
Dynamic Pipelines
How to migrate Jenkins to Bitbucket Pipelines
Why Bitbucket Pipelines over Jenkins
The post To Bitbucket from Jenkins: Enhancing Developer Experience appeared first on Work Life by Atlassian.
View the full article
- 0 comments
- 61 views
-
Some really great stuff here.
View the full article
- 0 comments
- 101 views
-
Site Updates
Added new IP addresses for Data Intelligence in the F5 Distributed Cloud Services IP Address and Domain Reference for Firewall or Proxy Settings reference guide. View the full article
- 0 comments
- 50 views
-
In this post, we highlight 12 real‑world cyber resilience wins where we tackled client challenges and enabled them to mature in their cybersecurity strategies.
View the full article
- 0 comments
- 245 views
-
Two zero-day vulnerabilities discovered in on-premise Microsoft SharePoint servers, tracked as CVE‑2025‑53770 and CVE‑2025‑53771. Affected versions include: Subscription Edition – KB5002768, SharePoint 2019 – KB5002754, SharePoint 2016 – KB5002760. If exploited, these vulnerabilities could allow for remote code execution (RCE). Cybereason has observed ongoing active exploitation attempts of these vulnerabilities through our Global SOC monitoring. With this exploit, we recommend taking an “assume compromised” posture, immediately patching impacted versions, and conducting incident response historical look back. View the full article
- 0 comments
- 237 views
-
Data Residency and Processing Reference
Updated the “Data Residency and Processing Reference” document to include MongoDB, Inc sub-processor for F5 Distributed Cloud Services user data. View the full article
- 0 comments
- 46 views
-
Changelogs
Added SaaS Release Changelogs for July 13,2025 Release Site Updates
Added new F5 Customer Edge IP Address and Domain Reference for Firewall or Proxy Settings guide. This new reference guide lists all required domains and IP addresses to allow. Non-Site firewall requirements now solely in the F5 Distributed Cloud Services IP Address and Domain Reference for Firewall or Proxy Settings guide. View the full article
- 0 comments
- 46 views
-
Delivering high-quality software fast is an excellent goal, but do developers have what they need to achieve this?
This survey represents our opportunity to hear directly from developers and their leaders on how these advancements are changing their experience.
Last year, we found that developers and their leaders weren’t aligned on what causes friction in developers’ daily work. This year, we surveyed 3,500 developers and managers across six countries to understand how the developer experience is evolving in the age of AI.
Here are some key takeaways.
AI adoption is up, and so are the hours saved
Let’s start with the good news. During our 2024 survey, the overwhelming majority of developers had yet to experience any real productivity gains using AI tools.
That has dramatically changed.
Almost all developers (99%) now report time savings by using AI tools, with 68% saving more than 10 hours a week! While numerous reports already study time savings on coding tasks, this survey focused on the holistic impact of GenAI across the entire working week.
While it’s not surprising that developers save time using AI, the amount of time being saved is a huge jump from 2024, particularly for non-coding tasks.
It’s important to remember that saving time on tasks is great, but it’s only really valuable if the time saved is put to good use. And this is where the good news continues: developers are using the saved time to focus on improving code, developing new features, and developing documentation.
But developers are still losing time across the software development lifecycle…
Last year, I somewhat controversially said AI can enhance developer experience without necessarily improving it. At the time, most companies were investing heavily in coding assistants. Developers only spend 16% of their time coding, and coding is not a friction point for developers, which is why coding assistants can enhance the experience without improving it.
The insufficient investment in resolving actual friction points for developers has come through clearly in our 2025 survey results. Developers are losing valuable time to non-coding tasks: 50% report losing 10+ hours per week, and 90% lose 6+ hours or more, largely due to organizational inefficiencies.
So we’re right back where we started, with developers saving 10 hours a week using AI and losing 10 hours a week to inefficiencies. Improving the developer experience requires a systematic approach to understanding and resolving developer friction points.
Developers report the top time-wasters as: finding information (services, docs, APIs), adapting new technology, and context switching between tools. Interestingly, tech debt fell out of the top 5 this year, but collaboration with other teams has moved up as a friction point.
You’ll notice that coding wasn’t listed in 2024 or 2025 as a source of time wasting.
AI is a fantastic way to improve developer experience if it’s used to address friction points across the SDLC.
…And the empathy gap is getting wider
All of this is somewhat explained by the growing empathy gap between developers and their leaders.
63% of developers now say leaders don’t understand their pain points, up sharply from 44% last year. This is likely caused by leaders banking time savings achieved through AI without addressing existing points of friction.
To understand friction points, you need to start by speaking with developers. This is the foundation of improving developer experience and productivity across an engineering organization. In an organization that gets this right, we expect to see a high percentage of developers confirming that their leaders understand their pain points, and developers losing fewer hours to inefficiencies.
What can teams do?
The data is clear: AI is a powerful lever, but it’s not a silver bullet.
We’ve seen evidence that AI can improve developer experience if it’s used to address developer pain points. Without this focus on resolving friction, a false economy is created with unfair expectations to deliver faster while navigating increased levels of unaddressed friction.
Step 1 is (always) to speak with your developers.
Gain a deep understanding of developer friction points and test potential solutions with them. In many cases, AI will be part of the answer; in others, it could be something simple like creating self-serve enablement materials.
But this doesn’t mean developers are off the hook.
Developers should help leaders become aware of their challenges, framing them in terms of impact. This makes it easier for leaders to prioritize the challenges to be resolved. It helps reframe the conversation from a complaint to be dismissed to a challenge with action required.
Both developers and leaders bring valuable perspectives. When communication flows both ways – regularly and with intent – teams can surface issues early, build trust, and stay aligned on what matters most.
Get the report The post Atlassian research: AI adoption is rising, but friction persists appeared first on Work Life by Atlassian.
View the full article
- 0 comments
- 56 views
-
Security risk assessments are now required by all federal and state regulations that include provisions for security safeguards as well as by all major cybersecurity frameworks and accepted cybersecurity standards. If your organization is governed by any of these regulations, frameworks, or standards, you should be no stranger to security risk assessments. The question is, what don’t you know?
View the full article
- 0 comments
- 45 views
-
TechCrunch has more commentary, but no more information.
View the full article
- 0 comments
- 55 views
-
The FBI has announced 15 arrests, indictments, seizures, and prison sentences this year in its war on cybercrime
As the investigative arm of the U.S. Department of Justice, the Federal Bureau of Investigation is charged with exploring cyberattacks and intrusions that affect organizations such as power utilities, telecommunications networks, hospitals, schools, and other infrastructure vital to our communities. The FBI leads law enforcement actions against individuals engaging in cybercrime, collaborates with international agencies to address transnational crimes, and works with U.S. Attorneys to prosecute cybercriminals.
Year-to-date, the FBI has announced 15 arrests, seizures, indictments, operational disruptions, and prison sentences for cybercriminals. The small sample below offers a sense of the scale and variety of these cybercrimes and the associated penalties.
Cryptocurrency and money laundering played a role in financing a number of these cybercrimes, and in multiple cases criminals operated online marketplaces for the purpose of selling cybercrime tools and stolen data.
View the full article
- 0 comments
- 53 views
-
Network Firewall Allowlist
Updated the network firewall reference document to include Bot Defense Standard domains for allowlisting View the full article
- 0 comments
- 47 views
-
Changelogs
Added SaaS Release Changelogs for June 05,2025 Release Mobile App Shield
Added new Mobile App Shield Service document DDoS
Updated L7 DDoS Docs. New option for custom service policy. CE Site Deployment
Updated Secure Mesh Site v2 ClickOps documents. WAAP and Platform
Added new document for automated API security testing Added new reference document for API namespace checks and corresponding endpoints reference document Network Firewall Allowlist
Updated the network firewall reference document to include Bot Defense Standard domains for allowlisting View the full article
- 0 comments
- 45 views
-
Recent reports quantify scope of challenges affecting systems security
Fewer than 15% of organizations are confident that they have both the people and the skills necessary to meet their cybersecurity objectives, according to a 2025 report by the World Economic Forum. More than 65% of organizations report a moderate to critical cyberskills gap. The report also cites a global staffing shortage of four million cybersecurity professionals.
The 2024 ISC2 Cybersecurity Workforce Study produced similar findings, although it estimates the global staffing shortage at 4.8 million. Most respondents reported concerns that their cybersecurity teams lack sufficient numbers or the right range of skills to meet organizational objectives. Almost 60% of respondents indicate that cyberskills gaps have significantly affected their ability to secure their organizations. According to the study, even as demand rises for cyber professionals needed to adequately secure their companies, employers are cutting back on both hiring new personnel and developing their existing cybersecurity teams. These combined actions are reducing cyber resilience around the world, including in the U.S.
According to multiple reports, a lack of distinct career paths, the rising cost of professional certifications, outdated training content, stress on the job, and the threat of being replaced by AI applications are discouraging individuals from pursuing careers in cybersecurity—creating shortfalls in qualified cybersecurity personnel and cybersecurity expertise.
View the full article
- 0 comments
- 45 views
-
Wired article, behind a paywall.
View the full article
- 0 comments
- 60 views
-
HITRUST readiness is a critical step to smooth, successful certification
An undisputed leader in cybersecurity assurance, HITRUST offers a complete and efficient approach to regulatory compliance and security risk management. Becoming HITRUST certified inspires confidence among your customers, partners, and other stakeholders. By demonstrating your all-in commitment to data security, HITRUST Certification enhances your credibility and provides a keen competitive edge. Small wonder that HITRUST Certification is considered the gold standard for healthcare cybersecurity and third-party assurance.
This blog explores important aspects of HITRUST Certification to help you determine HITRUST is right for you, and will guide you in preparing for HITRUST Certification.
View the full article
- 0 comments
- 248 views
-
Domino’s before Compass
Article in DevOps Why developer experience is more important than productivity
This article was originally featured in TechCrunch on January 29, 2024. The unhealthy obsession with measuring developer productivity There’s an unhealthy obsession with companies looking for a way to measure developer productivity. The desire to measure productivity is understandable; senior leaders have been under pressure to deliver results while capitalizing on their investments in teams […]
Domino’s Pizza Enterprises Ltd (Domino’s) is the largest franchisee for the Domino’s brand – holding exclusive master franchise rights in 12 markets across Europe and Australasia, and boasting over 3,800 stores globally.
Domino’s first realized their need for an internal developer portal after they shifted their software development teams to a product delivery model in 2022. As they reorganized their org to build and ship numerous products concurrently, documentation became scattered across project spaces – resulting in team and information silos. Lacking shared components and best practices, their IT environment quickly became a state of software sprawl.
The shift in responsibilities also meant teams inherited supportive services for many components they had never worked on before. When issues arose, the proliferation of components cost developers precious time as they searched across various corners of their Confluence instance to find ownership information, delaying incident response and damaging system reliability.
Further, teams lacked critical insight into the health and performance of their systems. New projects were often interrupted by urgent issues related to tech debt, and developers lacked the ability to report the quality of their work. It was clear to Domino’s software leaders that they needed to find a way to reduce their developers’ cognitive load while simultaneously building out implementation patterns, automated pipelines, quality gates, and other improvements.
Why Domino’s chose Compass
To evaluate internal developer portal (IDP) providers, Domino’s had four requirements:
The ability for teams to understand their product and ownership The ability to drive quality at the team level. Improved onboarding and accessible source of truth. Quality tracking at a component and team level. Andrew found that Compass went beyond these requirements by allowing his teams to simplify onto a single platform to reduce integration challenges and tool sprawl. The familiar interface and seamless integration of Compass with Jira, Confluence, and other Atlassian experiences meant developers could get up-to-speed quickly and easily, and streamlined the collaboration with other teams who relied on the same system of information.
How Compass improves DevEx at Domino’s
Domino’s uses standardized components in Compass to drive system uniformity, which allows engineers to onboard quickly and maintain best practices with minimal disruption – even with annual team changes. Additionally, the ability to configure Jira projects to use Compass components affords the ability to track issues across payment APIs, teams, and projects.
The Compass software catalog’s unified source of truth lets teams quickly locate component documentation and ownership information, driving faster incident response and improving system uptime and reliability.
Further, the DevEx Dashboard helps engineering managers understand team performance metrics and identify areas to improve dev productivity.
What’s next for Domino’s?
As the Domino’s brand expands its global influence, their engineering team’s ability to scale developer efficiency and system performance becomes increasingly important. Critical to these efforts is the ability to use Compass to map related software components. Compass has become a key information source that sits at the center of Jira and Confluence, allowing all teams to catalog their components in one unified source of truth. Domino’s plans to continue consolidating their system of work on Atlassian, integrating Compass with their Jira Service Management instance by mapping business services to Compass components. This will allow teams to quickly correlate support desk issues to the underlying software components, providing teams with information they need to further reduce incident response times and support system reliability as they test, build and support more products around the world.
Ready to uplevel your team’s DevEx? Try Compass today for free.
Watch the Domino’s TEAM ‘25 session replay
The post From Dough to Deployment: Domino’s Recipe for Success appeared first on Work Life by Atlassian.
View the full article
- 0 comments
- 12 views
-
Site Updates
Updated “Data Residency and Processing Reference” document to add Microsoft Azure as a sub-processor for F5 Distributed Cloud due to its use by AI Assistant and removed NGINX Ltd from F5 Affiliates list. View the full article
- 0 comments
- 50 views
-
View the full article
- 0 comments
- 55 views
-
Site Updates
Updated “Data Residency and Processing Reference” document to add Microsoft Azure as a sub-processor for F5 Distributed Cloud due to its use by AI Assistant and removed NGINX Ltd from F5 Affiliates list. View the full article
- 0 comments
- 45 views
-
This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from. Losing it will bring us back to a world where there’s no single way to talk about vulnerabilities. It’s kind of crazy to think that the US government might damage its own security in this way—but I suppose no crazier than any of the other ways the US is working against its own interests right now.
More similar quotes in the article.
My guess is that we will somehow figure out how to transition this program to continue without the US government. It’s too important to be at risk.
EDITED TO ADD: Another good article.
View the full article
- 0 comments
- 101 views
-
Hackers and other adversaries have found hot new targets in AI and machine learning apps
Although some of us are adapting faster than others, most of us are getting used to the notion that artificial intelligence and machine learning are beginning to make our lives a bit easier, even while we recognize some of the downsides of AI. (Let’s face it, if today’s typical chatbot experience was our only contact with AI, the future would look pretty grim.)
Unhelpful, poorly trained chatbots aside, AI and machine learning bring us conveniences like traffic predictions and alternate route suggestions, converting speech to text, online shopping recommendations, language translations, image recognition and object detection functions, some decent customer service triage, and those notorious self-driving vehicles, to name just a few. Most of these, and a whole lot more, are here to stay.
View the full article
- 0 comments
- 54 views
-
This is the access that the Chinese threat actor Salt Typhoon used to spy on Americans:
View the full article
- 0 comments
- 97 views
-
Fake CAPTCHA screens, document error alerts, and phony Facebook messages infect user PCs with data-stealing malware
A clever new cyberscam is wreaking havoc among businesses, hospitality venues, healthcare providers, and other organizations. The scam uses the psychology of social engineering to exploit our human desire to fix little computer problems ourselves, rather than calling IT or opening a ticket. Instead, a pop-up screen on your computer offers simple instructions to fix the document, reload the webpage, or simply prove you are not a robot. Sounds easy enough for the typical computer user, right?
In truth, the easy part is falling for the scam. And no computer user is safe.
View the full article
- 0 comments
- 42 views
-
Changelogs
Added SaaS Release Changelogs for March 21,2025 Release Site Deployments
GCP, OCI, and OpenStack providers are now available for site deployments View the full article
- 0 comments
- 48 views
-
When patients use credit cards to pay for health services, providers must meet the requirements of the payment card industry’s new Data Security Standard
As a healthcare provider, you are governed by the Payment Card Industry’s Data Security Standard (PCI DSS) if you process, transmit, or store cardholder data. In the same way that your compliance with HIPAA is required to protect your patients’ health information, compliance with PCI DSS is required to protect your patients’ payment information. This is true:
When you accept a co-pay by credit card When a patient hands you a debit card to cover their office visit When you accept a prepaid card in payment for a medical supply, such as a brace the patient needs, or for a service When a patient provides their credit card information online to pay their medical bill. There are numerous other payment card acceptance scenarios that require your compliance with the PCI Data Security Standard. You have a responsibility to know and understand them, just as you are required to understand and comply with HIPAA.
View the full article
- 0 comments
- 43 views
-
Navigating compliance with the new PCI DSS, CMMC, and HIPAA Security Rule
Looming compliance deadlines, relentless cyberthreats, and a shifting regulatory landscape have combined to make 2025 a challenging year for cybersecurity.
While the effects of an evolving regulatory climate are yet to be determined, here’s what we know about impending security updates from the payment card industry (PCI DSS 4.0.1), the Department of Defense (CMMC 2.0), and the HHS Office for Civil Rights (HIPAA Security Rule).
CMMC 2.0 and the new HIPAA Security Rule represent updates to previous versions of these federal security regulations; PCI DSS 4.0.1 is an update to the industry’s previous security standard. All three of these security updates have key implementation milestones in 2025. PCI DSS 4.0.1 addresses formatting and typographical errors discovered in v4.0 and provides additional implementation guidance for users, with minimal changes to the existing security requirements of v4.0. CMMC 2.0 significantly streamlines security requirements to three levels of cybersecurity, aligns the requirements at each level with well-known NIST cybersecurity standards, and relieves the smallest contractors of unnecessary compliance burdens. The new HIPAA Security Rule aims to further strengthen cybersecurity safeguards for electronic protected health information, or ePHI, in the most substantial healthcare security update in more than a decade.
View the full article
- 0 comments
- 40 views
-
Actively managing your human security risk is essential to effective cybersecurity
Human vulnerabilities, leading to human failures, were responsible for more than two thirds of data breaches (68%) in 2024. The failures were not malicious or deliberate. Instead, they resulted from employees falling victim to phishing schemes and other social engineering attacks, and making human errors that affected company security. These two top examples of human security risk were spotlighted in Verizon’s 2024 Data Breach Investigations Report.
Cybersecurity tools and technologies have evolved to their most effective levels ever. So it’s no surprise that cybercriminals have turned increasingly to the weakest link in the security chain by exploiting our human vulnerabilities. Fortunately, that link is gradually being strengthened thanks to more effective management of human security risk, including regular cybersecurity training.
View the full article
- 0 comments
- 47 views
-
import openai import os from dotenv import load_dotenv, find_dotenv _ = load_dotenv(find_dotenv()) # read local .env file openai.api_key = os.getenv('OPENAI_API_KEY') def get_completion(prompt, model="gpt-3.5-turbo", temperature=0): messages = [{"role": "user", "content": prompt}] response = openai.ChatCompletion.create( model=model, messages=messages, temperature=temperature, ) return response.choices[0].message["content"] prompt = f""" Translate the following letter from a legal firm to a delinquent client, Fred 'The Cincinnati Strangler' Johnson, from hostile slang to a friendly business letter: 'Attention criminal pervert: Where the hell is my dough, you twisted goon? Don't forget who got you sprung on that technicality. I want the money. Now. P.S. Have you strangled your wife yet, psycho-brain?' """ response = get_completion(prompt) print(response) I still have to give it to Opus by a flipper, mainly for the P.S., but OpenAI got into the right general headspace! And it’s too hot here in Texas for me to keep a penguin around to translate what I want to say into more acceptable terms, and I sure get tired of doing it.
I miss my old Eudora email client that would put little hot peppers next to my email if it thought it was too spicy…
View the full article
- 0 comments
- 92 views
-
I think many engineers believe a blocker is “something that prevents me from doing any work whatsoever on this entire project.” This in my experience leads to a lot of project delays and unaddressed issues because something was not identified and communicated widely enough to be swiftly resolved.
This is unfortunately encouraged by some Agile wonks who start hairsplitting with terms. “Well, there’s a blocker and then there’s an impediment,” they say. As I google this, it turns out you can differentiate between “delays, impediments, blockers, and roadblocks. Oh, and dependencies.” And boards, reports, etc. have to do/in progress/done and blockers, not 10 other categories.
Here’s the deal. Most teams out there are not formally trained on PM or agile and have essentially figured out what they know via osmosis. And there’s one term they even vaguely understand, which is “blocker”. (I have never seen a team distinguish formally between blockers and impediments in decades of doing this.).
While I love wordplay as much as the next person, I don’t think this attempt to categorize bad things on the infinite spectrum of bad things is practical, and best belongs as an organic explanation of the impact. Does it prevent you from proceeding on that piece of work? On any work? You can proceed on it but it can’t become done until the thing is resolved? Or it doesn’t technically stop work but it does put the project a week behind? Sure, say it. It’s important to know the impact but it does not change the nature of the existence of an issue and the need to swarm on or escalate it.
The practical definition of a blocker from a team member level is “anything not entirely in my control that is stopping or delaying work now or in the very near future.”
The practical definition of a blocker from a management point of view is “anything that is getting in the way of the team that I need to know about or do something about.”
We have to go back to the entire reason to have a term like “blocker”, which is to allow the team, or failing that their management escalation, to resolve issues that prevent the continued timely flow of work. Period, end of story, if process definition hairsplitting isn’t serving that core goal then do what does.
Definition people love to say something’s not “technically a blocker – yet.” “Well not having a cloud accout to use as the required test fixture isn’t technically a blocker because I won’t need it for another two days, even though there’s been no obvious headway on the request we made to IT for it.” Can anyone seriously contend that’s not a blocker? It’s a problem that is clearly visible on the road ahead, you don’t have to run into it first like my cheap Roomba does in order to escalate it, and doing so is antithetical to the overall agile goal of ensuring smooth and continuous flow. I don’t tolerate “technically true” when it becomes “wilfully dumb.”
Underlying this seems to be some unstated assumption that blockers are “bad” and you are bad for having one or reporting one. And I get it, there’s plenty of bad scrum masters/managers/etc. out there that operate unthinkingly on some Neanderthal level and react as “person say thing I don’t like, person is bad.” (Or the modern tech bro Neanderthal who has some variation of this like “well I need to discourage people from reporting blockers to make them use their masculine energy to pull themselves up by their bootstraps blah blah.”) Sure, toxic people can drive any process off track, that shouldn’t be the default however.
I believe in a healthy Agile environment team members should be encouraged to bring up anything threatening to slow or stop work. It can be a small thing, but it creates an opening for help from the team. Even “I haven’t used this tool before and it’s taking a little longer and I am not sure I’ll get this task done by sprint end” – that’s an opportunity for someone to hop on for a half hour to pair with you or train you.
If you’re off schedule there’s some blocker around, whether it can be handled in the team or needs escalation. You don’t have to escalate everything, though even if the team handled it, schedule or other impacts need to be communicated. For escalations, make it clear it’s an escalation and who to, don’t just assume everyone who gets a status report will seize on all the blocker lines as to dos. “Blocker: No headway on Azure text fixture, it’s needed to complete our work this sprint and will delay us if it’s not in place in 2 days – @ernest we need your help with this one” is perfect.
As someone providing oversight for a lot of sprint teams working on consulting engagements often with client-prescribed milestone deliverables, I keep getting into situations where a sprint full of reporting “no blockers” suddenly turns into “well but of course we won’t have any of the deliverables at sprint end tomorrow.” That makes everyone unhappy, especially me if it’s something I could have urged the client or an external team to provide for the team more promptly. Give people the opportunity to intervene to keep you on track!
I’m going to start adding “definition of blocker” right after “definition of done” in kickoff discussions because of how chronic this issue is – I venture to say I’ve seen it everywhere, it’s just more tolerated in environments where schedules aren’t taken too seriously.
Let me know how you handle this issue, if you encourage a wide definition of blocker, and your experiences on this!
View the full article
- 0 comments
- 53 views
-
Who cares about tags? I do. They are the only persistent source of information you can trust (as much as you can trust anything in this fallen world) to communicate information about an infrastructure asset beyond what the cloud or virtualization fabric it’s running in knows. You may have a terraform state, you may have a database or etcd or something that knows what things are – but those systems can go down or get corrupted. Tags are the one thing that if someone can see the infrastructure – via console or CLI or API or integrated tool – that they can always see. Server names are notoriously unreliable – ideally in a modern infrastructure you don’t reuse servers from one task to another or put multiple workloads on one, but that’s a historical practice that pops up all to often, and server names have character limits (even if they don’t, the management systems around them usually enforce one).
Many powerful tools like Datadog work by exclusively relying on tags. It simplifies operation and prevents errors if, when you add a new production app server, that automatically gets pulled into the right monitoring dashboards and alerting schemes because it is tagged right.
I’ve run very large complex cloud environments using this scheme as the primary means to drive operations.
Top level tag rules:
Tag everything. Tagging’s not just for servers. Every cloud element that can take a tag, tag. Network, disk images, snapshots, lambdas, cloud services, weird little cloud widgets (“S3 VPC endpoint!”). Use uniform tags. It’s best to specify “all lower case, no spaces” and so on. If people decide to word a tag slightly differently in two places, the value is lost. Both the key and the value, but especially the key – teach people that if you say “owner” that means “owner” not “Owner” and “owning party” and whatever else. Don’t overtag with attributes you can easily see. Instance size, what AZ it’s in, and so on is already part of the cloud metadata so it’s inefficient to add tags for it. Use standard tags. This is what I’ll cover in the rest of this article. At the risk of oversimplifying, you need two things out of your systems environment – compliance and management. And tags are a great way to get it.
Compliance
Attribution! Cost! Security! You need to know where infrastructure came from, who owns it, who’s paying for it, and if it’s even supposed to be there in the first place.
Who owns it?
Tag all cloud assets with an owner (email address) basically whatever is required to uniquely identify who owns an asset. Should be a team email for persistent assets, if it’s a personal email then the assumption should be if that person leaves the company those assets get deleted (good for sandboxes etc).
The amount of highly paid engineer time I’ve seen wasted over the last decade of people having to go out and do cattle calls of “Hey who owns these… we need to turn some off for cost or patch them for security or explain them for compliance… No really, who owns these…” is shocking.
owner:[email protected]
Who’s paying for it
This varies but it’s important. “Owner” might not be sufficient in an environment – often some kind of cost allocation code is required based on how your company does finances. Is it a centralized expense or does it get allocated to a client? Is it a production or development expense, those are often handled differently from a finance perspective. At scale you may need a several-parter – in my current consulting job there’s a contract number but also a specific cost code inside that contract number that we need all expenses divvied up between.
billing:CUCT30001
Where did it come from
Traceability both “up” and “down” the chain. When you go look at a random cloud instance, even if you know who it belongs to you can’t tell how it got there. Was it created by Terraform? If so where’s the state file? Was it created via some other automation system you have? Github? Rundeck? Custom python app #25?
Some tools like Cloudformation do this automatically. Otherwise, consider adding a source tag or set of tags with sufficient information to trace the live system back to the automation. Developers love tagging git commits and branches with versions and JIRA tickets and release dates and such, same concept applies here. Different things make sense depending on your tech stack – if you GitOps everything then the source might be a specific build, or you want to say which s3 bucket your tfstate is in… Here as an example, I’m working with a system that is terraform instantiated from a gitops pipeline so I’ve made a source tag that says github and then the repo name and then the action name. And for the tfstate I have it saved in an s3 bucket named “mystatebucket.”
source:github/myapp/deploy-action
sourcestate:s3/mystatebucket
When does it go
OK, I know the last two sound like the lyrics to “Cotton-Eyed Joe”, which is a bonus. But a major source of cost creep is infrastructure that was intended to be there for a short time – a demo, a dev cycle – that ends up just living forever. And sure, you can just send nag-o-grams to the owner list, but it’s better to tag systems with an expires tag in date format (ideally YYYY-MM-DD-HH-MM as God intended). “expires:never” is acceptable for production infrastructure, though I’ve even used it on autoscaling prod infrastructure to make sure systems get turned over and don’t live too long.
expires:2025-02-01-00-00-00
or
expires:never
Management
Operations! Incidents! Cost and security again! Keep the entire operational cycle, including “during bad production incidents”, in mind when designing tags. People tear down stacks/clusters, or go into the console and “kill servers”, and accidentally leave other infrastructure – you need to be able to identify and clean up orphaned assets. Hackers get your AWS key and spin up a huge volume of bitcoin miners. Identifying and actioning on infrastructure accurately and efficiently is the goal.
As in any healthy system, the “compliance” tags above aren’t just useful to the beancounters, they’re helpful to you as a cloud engineer or SRE. But beyond that, you want a taxonomy of your systems to use to manage them by grouping operations, monitoring, and so on.
This scheme may differ based on your system’s needs, but I’ve found a general formula that fits in most cases I come across. Again, it assumes virtual systems where servers have one purpose – that’s modern best practice. “Sharing is the devil.”
EARFI
I like to pronounce this “errr-feee.” It’s a hierarchy to group your systems.
environment – What environment does this represent to you, e.g. dev, test, production, as this is usually the primary element of concern to an operator. “environment:uat” vs “environment:prod”. application – What application or system is this hosting? The online banking app? The reporting system? The security monitoring server? The mobile game backend? GenAI training? “application:banking”. role – What function does this specific server perform? Webserver dbserver, appserver, kafka – systems in an identical role should have identical loadouts. “role:apiserver” vs “role:dbserver”. Keep in mind this is a hierarchy and you won’t have guaranteed uniqueness across it – for example, “application:banking,role:dbserver” may be quite different from “application:mobilegame,role:dbserver” so you would usually never refer to just “role:dbserver.” flavor – Optional, but useful in case you need to differentiate something special in your org that is a primary lever of operation (Windows vs Linux? CPU vs GPU nodes in the same k8s cluster? v2 vs v2?). I usually find there’s only one of these (besides of course region and things you shouldn’t tag because they are in other metadata). For our apiserver example, consider that maybe we have the same code running on all our api servers but via load balancer we send REST queries to one set and SOAP queries to another set for caching and performance reasons. “flavor:rest” vs “flavor:soap”. instance – A unique identifier among identical boxes in a specific EARF set, most commonly just an integer. “instance:2”. You could use a GUID if you really need it but that’s a pain to type for an operator. This then allows you to target specific groups of your infrastructure, down to a single element or up to entire products.
“Run this week’s security patches on all the environment:uat, application:banking, role:apiserver, flavor:rest servers.” Once you verify, you can do the same on environment:prod.” “The second of the three servers in that autoscaling group is locked up. Terminate environment:uat, application:banking, role:apiserver, flavor:rest, instance:2“ “We seem to be having memory problems on the apiservers. Is it one or all of the boxes? Check the average of environment:prod, application:banking, role:apiserver, flavor:rest and then also show it broken down by instance tag. It’s high on just some of the servers but not all? Try flavor:rest vs flavor:soap to see if it’s dependent on that functionality. Is it load do you think? Compare to the aggregate of environment:uat to see if it’s the same in an idle system.” “Set up an alert for any environment:prod server that goes down. And one for any environment:prod, application:banking, role:apiserver that throws 500 errors.” “Security demands we check all our DB servers for a new vulnerability. Try sending this curl payload to all role:dbservers, doesn’t matter what application. They say it won’t hurt anything but do it to environment:uat before environment:prod for safety.” So now a random new operator gets an alert about a system outage and logs into the AWS console and sees not just “i-123456 started 2 days ago,” they see
owner:[email protected]
billing:CUCT30001
source:github/myapp/deploy-action
sourcestate:s3/mystatebucket
expires:never
environment:prod
application:mobilegame
role:dbserver
flavor:read-only
instance:2
That operator now has a huge amount of information to contextualize their work, that at best they’d have to go look up in docs or systems and at worst they’d have to just start serially spamming. They know who owns it, what generates it, what it does and has hints at how important it is. (prod – probably important. A duplicate read secondary – could be worse.) And then runbooks can be very crisp about what to do in what situation by also using the tags. “If the server is environment:prod then you must initiate an incident <here>… If the server is a role:dbserver and a role:read-only it is OK to terminate it and bring up a new one but then you have to go run runbook <X> and run job <y> to set it up as a read secondary…”
Feel free and let me know how you use tags and what you can’t live without!
View the full article
- 0 comments
- 55 views
-
Changelogs
Added SaaS Release Changelogs for January 28,2025 Release View the full article
- 0 comments
- 50 views
-
Changelogs
Added SaaS Release Changelogs for January 28,2025 Release View the full article
- 0 comments
- 7 views
-
Changelogs
Added SaaS Release Changelogs for December 10,2024 Release View the full article
- 0 comments
- 53 views
-
Changelogs
Added SaaS Changelogs for October 07, 2024 Release View the full article
- 0 comments
- 33 views
-
Data Residency and Processing Reference
Restructured and Updated the Subprocessors View the full article
- 0 comments
- 44 views
-
Changelogs
Added SaaS Changelogs for August 13, 2024 Release View the full article
- 0 comments
- 46 views
-
Changelogs
Added Changelogs for May 28,2024 Release View the full article
- 0 comments
- 45 views
-
Changelogs
Added Changelogs for March 26,2024 SaaS Release View the full article
- 0 comments
- 47 views
-
Changelogs
Added Changelogs for January 16,2024 SaaS Release Firewall or Proxy Reference for Network Cloud
Added public IPv4 Range 159.60.180.0/24 for Americas Zone View the full article
- 0 comments
- 39 views
-
Data Residency and Processing Reference
Updated Sub Processors Reference by Including CommVault View the full article
- 0 comments
- 45 views
-
Changelogs
Added Changelogs for January 16,2024 SaaS Release Firewall or Proxy Reference for Network Cloud
Added public IPv4 Range 159.60.180.0/24 for Americas Zone View the full article
- 0 comments
- 6 views
-
Identify Version
tcpdump --version The general syntax for the tcpdump command is as follows:
tcpdump [options] [expression] The command options allow you to control the behavior of the command. The filter expression defines which packets will be captured.
Use the -D option to print a list of all available network interfaces that tcpdump can collect packets from:
sudo tcpdump -D For each interface, the command prints the interface name, a short description, and an associated index (number)
To specify the interface on which you want to capture traffic, invoke the command with the -i option followed by the interface name or the associated index. For example, to capture all packets from all interfaces, you would specify the any interface:
sudo tcpdump -i any
By default, tcpdump performs reverse DNS resolution on IP addresses and translates port numbers into names. Use the -n option to disable the translation:
sudo tcpdump -n
Instead of displaying the output on the screen, you can redirect it to a file. Two options and its important you use the correct one depending on how you plan on reading the output.
OPTION 1: text file
This is great if you just want what would be displayed on the screen to be captured in a text file. NOTE: this will more then likely not be readable by any of the software packages designed to analyze captures like the very popular Wireshark
sudo tcpdump -n -i any > file.out You can also watch the data while saving to a file using the tee command:
sudo tcpdump -n -l | tee file.out The -l option in the command above tells tcpdump to make the output line buffered. When this option is not used, the output will not be written on the screen when a new line is generated.
OPTION 2: binary file
This is the way you want to go if you plan on sending to someone or even yourself to analyze the capture in a tool such as Wireshark.
sudo tcpdump -w <filename> Example
sudo tcpdump -n -i any -w file.pcap or a more intense version of the command
tcpdump -s0 -nnnvi 0.0:nnnp -vw /var/tmp/appname_$(date +%d_%b_%H_%M_%S)_$HOSTNAME.pcap host 10.47.78.103
Capture Filters
WORKING DOCUMENT... sorry for how incomplete it is
- 0 comments
- 14,729 views
SCP Syntax
scp [OPTIONS] [[user@]src_host:]file1 [[user@]dest_host:]file2 scp - It initializes the command and ensures a secure shell is in place. OPTIONS - They grant different permissions depending on how they have been used. Some of the most common options include: P(Caps) - specifies the port to establish connection with the remote host. p(lowercase) - preserves the times-tamp for ease of modification and access. r - copies the entire directory recursively q - copies files quietly, doesn't display the progress messages. Also known as quiet mode. C - for compression of data during transmission. To understand more about OPTIONS read scp options src_host - where the file is hosted. The source can either be a client or server depending on the origin of the file. dest_host - where the file will be copied to. Examples
Copy File from Local Host to Remote Host
scp test.txt user@destination:/location Copy all files ending in php to Remote Host
scp *.php user@destination:/~/ *.php - copies all the files with the .php extension in the currently specified folder. /~/ - means copy them to the home directory. Copy a file with one name but save it on remote host with a different filename
scp -P 8080 test.txt user@destination:/user/home/test2.txt
Copy Files from Remote Host to Local Host
scp <remote_username>@<IPorHost>:<PathToFile> <LocalFileLocation> Copy File test2.txt from Remote Host to Local Host
scp user@remotehost:test2.txt . Copy Files from Remote Host to another Remote Host
scp [email protected]:/files/test.txt [email protected]:/files Copy Multiple Files
scp file1 file2 ... user@<ip_address_of_user>: Destination So SCP is a very powerful tool when needing to move files around between systems over the network
- 0 comments
- 444 views
Syntax:
curl [options] [URL...] URL: The most basic use of curl is typing the command followed by the URL.
curl https://www.hosangit.com This should display the content of the URL on the terminal. The URL syntax is protocol dependent and multiple URLs can be written as sets like:
curl http://site.{one, two, three}.com URLs with numeric sequence series can be written as:
curl ftp://ftp.example.com/file[1-20].jpeg Progress Meter: curl displays a progress meter during use to indicate the transfer rate, amount of data transferred, time left, etc.
curl -# -O ftp://ftp.example.com/file.zip curl --silent ftp://ftp.example.com/file.zip If you like a progress bar instead of a meter, you can use the -# option as in the example above, or –silent if you want to disable it completely.
Options:
-o: saves the downloaded file on the local machine with the name provided in the parameters.
Syntax:
curl -o [file_name] [URL...] Example:
curl -o hello.zip ftp://speedtest.tele2.net/1MB.zip
- 0 comments
- 349 views
Requirements
Let's first start with my least liked POS but it didn't start that way...
Mobi POS
At the beginning this was a great little POS with some custom options but its really focused around a restaurant which I'm not but made it work. A few years back they introduced the cloud version which I loved the idea of.. build everything in the cloud and push your changes down to your Terminals. MOBI is not good at this at all. Originally (and they still have) a peer network where you have one iPad acting as the server and another iPad can be a terminal but that extra terminal is very limited on what it can do.
Pricing was okay but still pricey for what you get. I found for the same price you can get into a nicer POS but MOBI was very easy to get up and going quickly if you have on one register. They do offer a 14 day risk free trial at the time of this writing so give them a look, maybe they'll work for what you need. Unfortunately MOBI isn't strong enough with features to do what we need a POS to do so they are now no longer a part of our infrastructure.
AirPOS
This POS felt like a step up from MOBI but more so in the cloud aspect. Getting multiple terminals up is easy as well as configuring your products but it felt still like the feature set was lacking. For example there is no discount or coupon area to add pre-populated information or an ability to run reports on discounts.
When you log in via an assigned PIN there was a huge lag between each press of the number to where you would continue to enter the wrong number because the lag is so bad.
Pricing I never got into but they are currently very generous with there trial period of 30days which I was blown away with. Thank You! Support wasn't horrible but needs improvement but that could be because airpos is headquartered in Northern Ireland. I'm sure the time difference has something to do with it.
Again, like MOBI if you have a simple setup then airpos may be fine for your needs but when you run into complicated environments like ours then it just won't do.
talech
My next attempt was talech which was found off a google search for a Point of Sale system that would work on an iPad. I have much frustration with talech for mainly they have promise but I should of known I was in trouble right from the start. Salesman did a nice demo of the system and showed what I could do. My staff and I brought up questions to the salesman which was answered no problem, talech can do that. SOLD! Paid for the product but it took a days to get the login information and to process the purchase. Once I received the information I learned that you don't get all the features as demonstrated without purchasing the upgraded premium package. Also an odd thing but you cant apply discount coupon to one item. It says you can but if you have 5 of the same product and you only want to discount 2 of them you can't, the system applies the discount to all 5 of the same item. Weird. Also trying to edit items on the backend in the browser the system would just spin. Also I can not run the reports on discount/coupons used. It took awhile but I learned that talech, yet more feature reach than the other two, wasn't going to be our Point of Sale system.
iConnect
With the 7 day free trial of iConnect POS I thought I may of found a winner. It is very feature rich and pretty easy to use. In fact it had the most features of any POS I tested. Also impressed with the support for iOS, Android and Web based. So it sounds great right? Nope, just a dress on a pig.
You will get different features based on what operating system you use so since you have three possible ways to connect to iConnect you also get three different environments. For example the Android and Web interface supports drop down discounts but the iPad does not. The iPad will support USB Printer where the Android Tablets do not... just to name a few differences.
Something I definitely did not like is if you apply a discount to an item it spreads the discount all over every items (like a percentage off). It looks ugly and not sure who would want that.
Finally a feature that I feel is a serious bug. If you process a refund on a sale it doesn't mark it in the system that you refunded an item off that ticket so that customer can go back as many times as they want and get a refund on the same ticket. That was the final straw that broke the iConnect POS back. I can easily see this happening in our environment.
I did love the ability to place an order on HOLD and pull it back up. I could see the ladies in the office doing sales during the week enter all these sales in a HOLD pattern and finalize it on the weekend when they customer comes to the gate.
ShopKeep
Thank goodness for shopkeep. I have tried all these and lost alot of money in the process. The staff is very friendly and helpful. After introduction from Nick which handed me off to a specialist named Tim which showed me what I needed to see. I was up and running in less than an hour.
Now no one is perfect and I didn't see the ability to get a free trial of the system to play around. I had to pay $138 for two terminals/month which is the most expensive of all that I tried but it works. iConnect does have more features than shopkeep but Shopkeep just does what I need it to do. Sometimes more isn't always better. Unlike Revel we can shut down the terminals when not in use and I don't get billed the $69 for each terminal a month but if you want access to your reports still and keep all your products entered then you may a small price of $10/month. When your season starts back up you pay the $69/terminal and it downloads what you need.
For me its a no brainer and I'm still on my first day with the product but what I learned from using all the other POS systems, this product is really great.
- 0 comments
- 366 views
-
How Mutual Authentication Works
Client sends ClientHello message proposing SSL options.
Server responds with ServerHello message selecting the SSL options. Server sends Certificate message, which contains the server's certificate. Server requests client's certificate in CertificateRequest message, so that the connection can be mutually authenticated. Server concludes its part of the negotiation with ServerHelloDone message. Client responds with Certificate message, which contains the client's certificate. Client sends session key information (encrypted with server's public key) in ClientKeyExchangemessage. Client sends a CertificateVerify message to let the server know it owns the sent certificate. Client sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send. Client sends Finished message to let the server check the newly activated options. Server sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send. Server sends Finished message to let the client check the newly activated options. How the Client and Server Accomplish Each of the Checks for Client Authentication
Digital Signature: The client sends a "Certificate Verify" message that contains a digitally signed copy of the previous handshake message. This message is signed using the client certificate's private key. The server can validate the message digest of the digital signature by using the client's public key (which is found in the client certificate). Once the digital signature is validated, the server knows that the public key belonging to the client matches the private key used to create the signature.
Certificate Chain: The server maintains a list of trusted Client Authorities (CAs), and this list determines which certificates the server will accept. The server will use the public key from the CA certificate (which it has in its list of trusted CAs) to validate the CA's digital signature on the certificate being presented. If the message digest has changed or if the public key does not correspond to the CA's private key used to sign the certificate, the verification fails and the handshake terminates.
Expiration Date and Validity Period: The server compares the current date to the validity period listed in the certificate. If the expiration date has not passed and the current date is within the period, then this check succeeds. If it is not, then the verification fails and the handshake terminates.
Certificate Revocation Status: The server compares the client certificate to the list of revoked certificates on the system. If the client certificate is on the list, the verification fails and the handshake terminates.
Additional Information
Verify the Client Certificate with auth-root
Run the following command to verify the client certificate:
openssl verify -purpose sslclient -CAfile auth-root.crt testcert.crt
Test Connection with Client Cert
Run the following command to test the connection with the client:
openssl s_client -servername example.com -connect example.com:443 -key client-cert.key -cert client-cert.crt
Below is an example of two-way SSL authentication on the BIG-IP system and how to configure mutual or two-way (mutual) authentication using a Client SSL profile to protect application traffic.
One-way authentication
Using one-way authentication, clients perform SSL handshakes when initiating a new connection with SSL protected applications.
During the SSL handshake, the protected application sends its public SSL certificate to the remote client for validation (referencing the photo on the right the remote client is shown as Server).
The remote client (Server) validates the application's public SSL certificate by searching for the signing Certificate Authority (CA) certificate in its trusted CA store.
If the remote client (Sever) is unable to validate or find the signing CA for the public SSL certificate, it should not complete the SSL handshake and abandon the new connection attempt.
Two-way authentication
Two-way authentication is a less popular method for protecting application traffic as it requires an additional layer of security. When using two-way authentication, clients perform a slightly modified SSL handshake when initiating a new connection with SSL-protected applications. During the modified SSL handshake, the protected application sends its public SSL certificate to the remote client for validation and requests that the remote client sends its Client SSL certificate for validation as well. Both the remote client and protected application validate the SSL certificates they receive by searching for the signing CA certificates in their respective trusted CA stores. If the remote client or the protected application is unable to validate the received SSL certificate, they should not complete the SSL handshake and abandon the new connection attempt.
REFERENCE:
K12140946 K15137
- 0 comments
- 4,160 views
Obviously some downfalls come with using overseas
no face to face via in office conversations no participation in out of office gatherings biggest issue many times is language barrier as recorded below
- 0 comments
- 354 views
-
There are a few different great tools to use to build/customize your site and one of them I like to use is called Elementor. Here is a great starter guide/video that is a bit older but he does a great job at walking you through building a wordpress site.
This video focuses mainly on how to use Elementor to customize the site for you
This video is more about creating everything for an eCommerce site using Woo Commerce (the free plugin) installed on the free Wordpress.com
And you can Google search Elementor Wordpress Theme and come across lots and lots of video tutorials. No other Web platform has as many tutorials available.
Going to add that you should leverage helpful free tools to evaluate your site to make it more SEO compliant so you show on searches.
You should make sure you have meta content on everything, especially your photos.
Make sure your website is using Google Developer Tools (formerly known as webmaster)
Also check out this tool that goes through and check out your site for issue/errors.
Meta Data Google Developer Tools WAVE
- 0 comments
- 321 views
Yes you can import stencils
Yes you can import Visio diagrams, OmniGraffle, Gliffy, Draw.io
Yes you can export Visio
Is it free? No but its very affordable or I wouldn't be using it. I haven't done the compare in cost but I'm fairly confident it's less expensive than the subscription to Visio and no obligation. As you can see I use the Individual plan which runs $95/year but includes more than enough to be a competitor with Visio and other similar tools.
- 0 comments
- 422 views
USDETMNBSJEMD6R:~ iSupport$ git xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun So in reading about others having this issue they just run
USDETMNBSJEMD6R:~ iSupport$ xcode-select --install xcode-select: note: install requested for command line developer tools This popped open a window showing the install (which isn't a fast install at all)
Eventually it will give you a pop up like the one shown below that states the software is installed.
For my own sanity I just check version to see if the command git will work now and it does
USDETMNBSJEMD6R:~ iSupport$ git --version git version 2.30.1 (Apple Git-130)
- 0 comments
- 365 views
The open source compliance network software. Freely available : www.netfishers.onl/netshot
- 0 comments
- 287 views
Changelogs
Added Changelogs for December 12,2023 SaaS Release View the full article
- 0 comments
- 39 views
-
Changelogs
Added Changelogs for November 7,2023 SaaS Release View the full article
- 0 comments
- 41 views
-
Briefly here is how you can create the routine to backup your website regardless
1st concentrate on the Database backups since many times you could reinstall the software but much of the content you can find in the database.
BACKUP DATABASE in cPANEL with CRON JOB
OPTION 1
cpanel
cronjobs
/usr/bin/mysqldump -u dbusername -p 'dbpassword' dbname > /path/backup.sql
OPTION 2
file manager
+ file
.my.cnf
edit .my.cnf
[client]
user = dbusername
password = "dbpassword"
host = localhost
SAVE CHANGES
cronjobs
mysqldump dbname > /path/backup.sql >/dev/null 2>&1
Now let's concentrate how to backup the files for your website since many of us have files/attachments and we want them to retur
- 0 comments
- 393 views
-
|
|
|