General - ITOps
Discuss the latest and Greatest in the ITOps world at large!
- 11 Topics
- 1 Reply
What is a CVE?F.A.Q.
CVEs are a critical part of the cybersecurity knowledge base, but if you’re new to the industry it can be a little confusing at first. Let’s break it down! What does CVE stand for?CVE stands for “Common Vulnerabilities and Exposures”. Clear as mud? But that does really hit the nail on the head. If there is a security vulnerability identified in a product that can be fixed, it will be tied to a CVE. But a CVE is a numeric identifier, formatted as CVE-YYYY-XXXXX, where YYYY is the year and XXXXX can be a 4 to 6 digit unique number.What is a CVE number?A CVE number is a universally used numeric identifier assigned to one, and only one, vulnerability. This allows the community to have clarity on issues as they discuss them, rather than relying on vendor-specific identifiers. Sometimes vulnerabilities are given a name (typically by the party who identified it), like “Dirty Cow” or “Dirty Pipe”, but the CVE number is always assigned and is universal. With the ever-increasing number of vulner
Patch Tuesday Rundown - April 2022
How do you automate your IT world?F.A.Q.
Automation is another one of those buzzwords you read everywhere. It’s the 21st century, so we must automate everything! But how do we take it from the theoretical to the practical? Keep reading, and I’ll give you some ideas and examples of how you can automate. Add your thoughts in the comments below so we can all learn best practices from each other! For the sake of this discussion, let’s narrow the scope of automation. After all, we live so much of our lives online, the idea of automating every single thing gets overwhelming. For today, let’s focus specifically on how to automate IT workflows and tasks. I’ve broken this list down by method of automation. The way I see it, we can automate with tools or by writing our own code. Automate with ToolsThis is a tricky one. We all know tools can make our lives easier and eliminate repetitive tasks, but sometimes we can introduce so many different tools that we end up with an overload of annoyance. There’s a balance to strike here: Carefull
What is a Zero-Day Vulnerability?F.A.Q.
Keeping an ear out for new vulnerabilities is part of the daily routine for those of us in the IT/cybersecurity world. But when we see a new one, how do we know if it’s a “drop your coffee and get to it” type of scenario or not? One keyword to help is “zero-day”. Sounds pretty intense. Let’s explain it! What does Zero-Day mean?Zero-day is the identifier for “a vulnerability in a system or device that has been disclosed but is not yet patched.” That’s because, according to Wired, “The term "zero-day" refers to the number of days that the software vendor has known about the hole.” As you can imagine, this can be cause for concern since it can’t be patched, leaving systems vulnerable to exploitation by the bad guys.What can I do in response to a Zero-Day?Unfortunately, it can feel frustrating to see a zero-day when you know there’s no fix to implement. The good news is, even though no patch is released, sometimes there are other actions that the researcher offers to mitigate the possibili
Patch Tuesday Rundown - March 2022
Hello Community - Happy Spring! I don’t know if it’s spring quite yet for you, but let’s just pretend like it is. It’s time to review Patch Tuesday, so let’s get right into it! Microsoft had 71 vulnerabilities this month - inline with the 12-month rolling average of 73 per month we’ve seen. Only 3 of these are rated critical. And more good news, no exploited vulnerabilities so far this year! That being said, updates should not be delayed. Apple disclosed multiple vulnerabilities throughout last month requiring updates to iOS, iPad, watchOS and macOS. Since Apple doesn’t discuss or confirm vulnerabilities until they’ve conducted their own investigation, we recommend prioritizing these updates for your organization. Google released Chrome 99, and if you haven’t updated yet, be aware that there is an actively exploited zero-day in Chrome 99. They also released a total of 34 security fixes for the month. Be sure to update your instances of Chrome as soon as possible. Adobe has released upd
What is cloud-native, really?F.A.Q.
Whether you’ve been around the IT world, or you’re new to it, you know that there are a ton of buzzwords thrown around in the industry. I’ve found that they tend to be stretched and bent to mean slightly different things, so it gets very confusing. We know what they say about making assumptions, so let’s make sure we’re all on the same page. In general, the cloud refers to servers that are accessed via the internet. If you recall those server rooms from 90s movies, or for me, from going with my mom to work at midnight to fix a server issue, “the cloud” still ultimately leads to those servers. The difference is that instead of every single business having a server room that they have to build and manage, solutions like AWS and Azure have become that server stack, and they sell usage of it.If someone is using “the cloud” that means they are using the internet to access a product* as the end user. If a product is “in the cloud” it means that their product is accessed via the internet.What
What is an Agent?F.A.Q.
Serverless. Cloud-computing. Agent. All this IT lingo, but what does it really mean? It seems like each term has a million different definitions. And I don’t know about you, but when I hear agent I’m thinking, Bond, James Bond. But I don't think 007 is fighting crime on our computers, so who is this Agent? What is an Agent? Let’s do the boring thing first and see what official definitions there are out there. One definition is “a computer program that performs various actions continuously and autonomously on behalf of an individual or an organization”. Another definition specifically for software agents is “pieces of software running on the exhibit device, assisting with, or responsible for, the physical data acquisition. These agents run on the normal operating system of the device and use Application Programming Interface (API) calls for low-level memory access, or they use a dedicated operating system for data acquisition.” In layman's terms, it’s a lightweight computer program th
Patch Tuesday Rundown - February 2022
Happy February everybody! I can’t believe it’s already February, where did the time go?? It’s time for a Patch Tuesday rundown, so let’s get into it! This month we do have some good news - Microsoft had zero critical vulnerabilities this month, yay! They did, however, release 48 high severity patches, which will keep folks busy this month for sure. One of these vulnerabilities was publicly disclosed, CVE-2022-21989.Adobe released security bulletins for five of their products, with 17 CVEs in total.Apple’s updates included fixes for 16 CVEs, one of with is critical for iOS and may have been exploited already.Google released a new version of Chrome for Mac, Windows and Linux to address a security vulnerability whereby an attacker could gain control of a system.Mozilla released two security advisories, both with a high rating, addressing 13 CVEs. For more information on these updates, you can check out our Patch Tuesday Index, our blog that breaks down these vulnerabilities in more detail
Patch Tuesday Rundown - December 2021
Let’s wrap up 2021 with one more look at vulnerabilities for the month of December. Microsoft didn’t hold back, releasing 67 vulnerability patches. Adobe takes second place, patching 60 vulnerabilities across 11 products. Mozilla patched 35 vulnerabilities, one of which is critical. Google rounds it out by patching 5 vulnerabilities this month. But we all know who took the cake – the Log4Shell vulnerability.Let’s address the one we all know and (don’t really) love – the Log4Shell zero-day. An RCE vulnerability was patched with 2.15.0 on December 6, but a new vulnerability was found in that release. It was originally given a CVSS score of 3.7 and 2.16.0 was delivered. Shortly thereafter, a new bypass was found that allows full RCE in 2.15.0, upping the score to 9.0. Do not remain on 2.15.0, you are not fully protected. Upgrade to 2.16.0 to be fully patched. For more details on this vulnerability, check out our blog.Even though our focus was mainly on Log4Shell, let’s review what else ca
What is the Automox Community?
The Automox Alive Community is a space built for customers, employees, partners, and other IT professionals who are interested in Automox, cybersecurity, or IT operations.With topics ranging from basic Automox Q&A to answers to life’s greatest questions (see: Is a chicken nugget a sandwich?), the Automox Community really is a one-stop-shop for everything you need to know about IT ops, and more.But first, why should you join the community? Keep up with the latest news and updates from Automox. Major releases, enhancements, and announcements can all be found in the community! You can even subscribe to specific categories to receive email notifications when a new post goes up. Connect with other Automox customers and IT professionals. The Automox Community can be a great social networking tool, enabling you to interact with other customers, IT professionals, Automox employees, and more. Provide direct feedback. Have thoughts about the newest feature? Want to share feedback with th
How to Submit a Ticket to Support
Introduction Submit a Ticket in the Automox Console Submit a Ticket via Email ConclusionIntroductionAutomox has a variety of resources at your fingertips, such as our Help Center complete with Knowledge Base, User Guide, API documentation, and more! Our community is active with both Automox customers and employees, feel free to post less urgent topics there as well. For trickier issues, the Automox support team is available 6am to 6pm Mountain time Monday-Friday. Customers with Premium Support can get in touch with Automox support 24 hours a day, 365 days a year. Submit a Ticket in the Automox ConsoleThere are two primary ways to request assistance from our Support team. You can email us at firstname.lastname@example.org or request help through the chat, directly in the Automox console. To request support directly through the console, open the support chat to kick off the process. This will connect you with Otto, our support bot. You can also use Otto to contact Billing or Sales. To open a ticke
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.