Security Insights & Updates
Expert perspectives on vulnerability management, compliance automation, and cloud security.
Setting MTTR Goals: How SLAs Improve Vulnerability Management
SLAs for vulnerability management often get a bad rap. They can sometimes be unrealistic or unenforceable. They can also create a lot of manual work if your vulnerability management tool cannot track them for you. However, SLAs are important since they help measure performance, enforce accountability, and ultimately, ensure that critical and high-priority vulnerabilities are addressed as fast as possible. Many compliance frameworks, such as PCI DSS, are now also requiring them.
Mondoo Release Highlights December 2025
It's that time of year when it's more fun to snuggle up with a cup of cocoa by the fireplace instead of your laptop, but despite the shorter month and holiday distractions, our engineers managed to slip in some great new features and fixes before heading out for the holidays. Even as the year winds down, we're still working hard to deliver valuable updates to help you secure and manage your environment. Dive into this month's release notes to see what the team accomplished!
Beyond Shai-Hulud: Why the Era of the Software Supply Chain Worm Has Just Begun
The recent Shai-Hulud NPM attack wasn't just another malicious package, says Patrick Münch, Mondoo's Chief Security Officer. It was a proof-of-concept for a technically elegant and devastating new paradigm of automated, cross-ecosystem warfare targeting developer identity.
Shai-Hulud Strikes Back, with v3.0: The Evolution of a Potent and Persistent NPM Supply Chain Worm
Patrick Munch, Mondoo's Chief Security Officer, unpicks the latest iteration of the Shai-Hulud NPM worm and outlines effective mitigation responses.
Application Vulnerabilities: Ready, Steady, Patch
Applications make up a large share of most organizations’ attack surface, yet they remain some of the hardest issues to remediate at scale. A single endpoint can run dozens of applications, each with its own stream of vulnerabilities that quickly compound into meaningful risk. And because even a small flaw can lead to data loss, system compromise, or business disruption, every one of them needs to be tracked and kept current.
Only 18% Have Updated iOS Despite Active Exploits
Apple has released security patches for two actively exploited WebKit vulnerabilities affecting iPhones, Macs, and iPads. Despite the availability of iOS 26.2, which addresses these flaws, data shows that 82% of iOS systems remain vulnerable because users haven't upgraded.
Mondoo Release Highlights November 2025
November has already flown by, and it’s time to take a look at all the enhancements we accomplished. This month we added new Mondoo Security Advisories designed to keep you ahead of emerging threats. We also expanded our vulnerability detection to include more applications and operating systems, as well as guided remediation steps to help you patch quickly. We beefed up our NPM package detection to bolster supply chain security, and added new network security capabilities. Dig in to find out more!
How to Fix Critical React and Next.js Vulnerabilities (CVE-2025-55182 and CVE-2025-66478)
Two critical, unauthenticated remote code execution (RCE) vulnerabilities were disclosed in the React Server Components (RSC) ‘Flight’ protocol and in Next.js’ use of it, tracked as CVE-2025-55182 (React) and CVE-2025-66478 (Next.js). These flaws are rated critical (CVSS 10.0) and affect default deployments in many projects. Due to the criticality and ease of exploitation, we strongly advise organizations to patch immediately or put mitigating controls in place if patching is not possible yet. Read on to find out if you’re affected and how to fix the issue.
Why Exceptions Management is Key to an Enterprise Vulnerability Program
Security and IT teams deal with an overwhelming ‘sea’ of security alerts every day. Prioritizing issues helps teams focus on the most important issues so these can be addressed first. However, even when vulnerabilities are critical and need to be prioritized, there may still be valid reasons for not remediating them immediately. In these cases, it’s important to be able to set exceptions in your vulnerability management program. This helps teams remain focused on the issues they can actually fix, without getting distracted by the ones they can’t. However, while exceptions are essential, they can also become dangerous loopholes if not managed properly.
Navigating the Sands of Dune: Protecting NPM From the Shai-Hulud Worm
In Frank Herbert's science fiction classic "Dune", the Shai-Hulud, a massive sandworm, strikes unpredictably beneath the sands of the desert planet Arrakis. In 2025, a digital version appeared: the Shai-Hulud Node Package Manager (NPM) worm. This self-replicating malware infiltrates the NPM supply chain, stealing credentials and causing chaos across numerous repositories. Following its second wave (November 21 to 23), this serves as a reminder that vigilance is vital in the open-source world. For developers, DevSecOps engineers, and security leaders using NPM packages, we recommend taking protective measures as soon as possible.
How to Fix 7-Zip Vulnerability with PoC Exploit (CVE-2025-11001)
A newly discovered vulnerability by the Zero Day Initiative affects the widely-used open-source tool 7‑Zip. The vulnerability, CVE‑2025‑11001, is a serious security flaw that is caused by improper handling of symbolic links in ZIP files and can enable arbitrary code execution. To make matters worse, the UK NHS now reports that a security researcher has published a proof of concept exploit, making it more likely that attackers will try to exploit it some time soon.Therefore, immediate patching is advised.
Four Critical Vulnerabilities in IBM AIX: Why You Should Patch Now
IBM has released a patch for four critical CVEs in IBM AIX and IBM VIOS (CVE‑2025‑36250, CVE‑2025‑36251, CVE‑2025‑36236, and CVE‑2025‑36096) that allow a remote attacker without privileges to perform arbitrary commands on an IBM Network Installation Manager (NIM) that’s exposed to the internet. This means that they could 'hijack' unattended operating system installations and updates to deploy malicious payloads onto AIX hosts, move laterally, and persist in the broader environment. Find out more about each vulnerability, how to find out if you’re affected, and how to patch your systems.
Microsoft Patch Tuesday November 2025: Known Exploited Zero-Day
On Tuesday, Microsoft released updates addressing 63 vulnerabilities across Windows, Office, Edge, Azure Monitor Agent, Dynamics 365, Hyper-V, SQL Server, WSL GUI, and more. Of these, 4 are rated critical, and at least one of the critical vulnerabilities (CVE-2025-62215) is already being exploited in the wild and listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog. In this blog, we’ll list what’s addressed in the Microsoft patch, which vulnerabilities are most critical, and how to patch them.
Mondoo Release Highlights October 2025
With October in the rearview mirror, we hope your Halloween was filled with more treats than tricks! This month at Mondoo we’ve been hard at work busting more of those tricky vulnerabilities for you. October’s update brings new detections for end-of-life operating systems, ensuring those ghostly legacy assets don’t haunt your security posture. We’ve also brewed up new and enhanced CIS benchmark policies, fresh vulnerability detections and remediations, a new ‘known ransomware use’ risk factor, and other powerful improvements to help you banish risk before it becomes a nightmare. Keep reading, if you dare, to uncover all the chillingly good details of our October release.
Five Key Takeaways from ESG Report ‘Automating Risk Reduction in the AI Era’
The cybersecurity landscape is undergoing one of its most significant shifts in years, driven by the emergence of AI and more recently Agentic AI. Agentic AI not only analyzes and recommends, but also acts autonomously to detect, respond, and remediate threats and vulnerabilities and threats. A recent report published by leading industry analyst Enterprise Strategy Group, now part of Omdia, and sponsored by Mondoo, reveals how fast organizations are moving from experimentation to real-world deployment, and what’s holding some of them back.
2025 State of Vulnerability Remediation Report: Manual Processes and Low Confidence
Mondoo has released the 2025 State of the Vulnerability Remediation Report, which provides important insights into the current state of remediation processes, pain points and areas for improvement. The report shows that confidence in vulnerability remediation is relatively low, and despite all the advancements in AI, Infrastructure as Code (IaC), and pipeline automation, the majority of vulnerability remediation processes are still manual.
Windows 10 EOL: Why 5% of Corporate Workloads Still Run It
Microsoft support for Windows 10 officially ended today. Although this has been in the works for a long time and officially announced at the end of 2024, there are still many businesses running Windows 10 on their endpoints. In fact, we found that 5.25% of all workloads scanned by Mondoo are still running Windows 10. Why is the percentage still so high? What reasons could companies have for not upgrading and what will this mean for their security?
Mondoo Release Highlights September 2025
As the colors of fall begin to show and the days start to get shorter, we certainly haven’t been sitting still at Mondoo. This month, we greatly extended our vulnerability detection capabilities, adding support for new operating systems and an impressive list of third-party applications. We also added support for EU and German compliance frameworks Dora and BSI SYS 1.5. On top of that we added experimental MCP security, streamlined the process of listing and filtering findings, and made advisory remediations easier to access. Dig in to find out more!
Mondoo Raises $17.5M to Pioneer Agentic Vulnerability Management
In the fast-paced world of cybersecurity, where new vulnerabilities emerge daily and attackers leverage AI to exploit them in hours, staying ahead requires more than just alerts - it demands action. That's why we're thrilled to share that Mondoo has secured $17.5 million in additional funding to accelerate the rollout of the world's first Agentic Vulnerability Management platform. This isn't just about categorizing risks; it's about eliminating them before they can be exploited.
Mondoo Release Highlights August 2025
Staying ahead of evolving security threats requires both deeper visibility and faster, more effective remediation. This month, we’ve expanded our vulnerability and EOL detections, added more Ansible, Bash, and Terraform remediation snippets, and included the latest CIS benchmarks to strengthen security and compliance. We’ve also added some enhancements to the Mondoo Query Language (MQL) to further simplify the creation of custom policies. These improvements are all about helping your team save time, remediate faster, reduce risk, and stay ahead of attackers. Let’s jump in.
How to Find Vulnerabilities in Hidden Software Packages and Installers
Picture this: Your IT department updated the organization's computer systems last week, patching a vulnerability in one of the applications that is used daily. Your vulnerability scanner, however, is still showing alerts for that same CVE. How is this possible? The answer often lies in the hidden, forgotten, and redundant software packages scattered across your assets - a problem that creates significant, and usually invisible, security risks.
Why You Need Unified Policy as Code for Terraform Workflows
Terraform, HashiCorp's Infrastructure as Code (IaC) tool, has become the de facto standard for provisioning and managing cloud infrastructure. From startups to Fortune 10 enterprises, it powers the provisioning of cloud resources at scale. But with this power comes risk: a single misconfiguration in Terraform can expose sensitive data, inflate cloud costs, or create compliance gaps and replicate this across hundreds of assets. That's why Policy as Code is essential when using Terraform. By expressing rules as code, organizations can set guardrails directly into their IaC workflows. This ensures that security, compliance, and operational best practices are enforced automatically, without relying on manual reviews or tribal knowledge. However, many existing Policy as Code tools for Terraform come with significant limitations.
Styra OPA Alternative for Infrastructure Security and Compliance Policies
In case you haven't heard yet, the creators of Open Policy Agent (along with many team members from Styra) are leaving to join Apple. Styra's Enterprise OPA customers have received news that their subscriptions will be ending. The news sent a shockwave through the OPA and Rego communities. It's uncertain what this means for the future of OPA; will the code still be maintained, will it remain available as open source in the long run, will the license be changed? In this blog we'll share our perspective and take a look at alternatives for Policy as Code use cases.
Microsoft Patch Tuesday August 2025: How to Prioritize Vulnerabilities for Patching
Microsoft’s August 2025 Patch Tuesday has landed, and this month’s security updates pack a serious punch. With multiple critical vulnerabilities addressed, including flaws that could allow remote code execution, privilege escalation, and data exposure, this release is more than just routine maintenance. In this post, we’ll spotlight the most dangerous CVEs being addressed, explain what systems they impact, and how to determine which updates to prioritize.
Introducing Agentic Vulnerability Patching Using Ansible
At a time when threat actors are using AI to launch attacks faster than ever, there's a concerning gap between the time when vulnerabilities are detected and when they’re remediated. Also, even after vulnerabilities are fixed, they can often reoccur for various reasons. This leaves organizations at increased risk. Realistically, the only way to reduce this gap is by using more automation in your remediation workflow. However, many organizations are hesitant to deploy automated patching because of fear of breaking systems and giving up control. The solution: a fully transparent system based on tried and tested, easy to use, open source technologies that allow engineers to see exactly what is happening and easily rollback if necessary.
Insights from DEF CON 33: From LLM Hacking to Supply Chain Remediation
Las Vegas in August means three things: blistering heat, neon overload, and thousands of security professionals, researchers, and hackers descending on the desert for the world’s largest, most infamous hacker security conference: DEF CON. This year was no different. Whether you came for the capture-the-flag glory, the hands-on workshops, or just to soak in the hacker culture, DEF CON 33 delivered enough exploits—digital and otherwise—to keep the community buzzing until next year. In case you couldn’t make it, or the heat impaired your short-term memory, we’ll recap our most memorable sessions for you. So sit back, and enjoy the ride.
Mondoo Release Highlights July 2025
Even at the height of summer, Mondoo is in full delivery mode. This month we expanded coverage for critical Microsoft apps, simplified filtering on findings, enhanced our guided remediations, and added more exceptions functionality. Dig in to find out more!
Mondoo vs Tenable - Ten Ways to Compare Tenable Alternative
Tenable offers a traditional vulnerability management tool, known for its comprehensive scanning capabilities and extensive vulnerability database. However, it's not necessarily the easiest to use and often leaves users frustrated. Complaints we hear about Tenable is that it's fragmented, too noisy, lacks automation, clunky to deploy, and offers limited shift left capabilities - plus, it's expensive. Mondoo is a Tenable alternative that offers unified vulnerability management for cloud, on-prem, endpoints, and SaaS from a single interface that doesn't just tell you what's wrong, but prioritizes issues based on context and actually helps you fix them.
How We Reduced Our Risk By 54% In Under Three Hours
Security teams today are drowning in data. With tens of thousands of findings, the biggest challenge isn't finding problems—it's figuring out which ones to fix first. Prioritizing by generic severity scores or raw asset counts leads to wasted time on low-impact tasks, while the true risks remain. Mondoo’s ‘Move the Needle’ dashboard is designed to solve this. It provides a clear, data-driven path to reducing risk by showing you the exact, quantifiable impact of every action. In this blog, we’ll walk you through a real-world scenario where we were able to reduce our space risk by 54% in under three hours, with the help of Move the Needle and Mondoo’s fast remediation.
Industry-First Remediation Prioritization that Considers Impact and Effort
Our customers were coming to us with the following problem: “My IT team only has 15 mins per week to dedicate to vulnerability management. How can I make sure that I use those 15 mins to get the biggest improvement in my security posture?” You may be thinking ‘risk-based prioritization’: Remediate the risks that are the most critical, right? Yes, but this goes beyond that. Once your most critical and exposed risks are fixed, you must figure out which remediations will give you the biggest wins: in other words deliver the biggest security improvement for the lowest effort. We’re pleased to share that we’ve just released the ‘Move the Needle’ dashboard, an industry-first solution that calculates all of this for you.
Action Required: Microsoft SharePoint On-prem ToolShell Vulnerabilities (CVE-2025-53770 and CVE-2025-53771)
Over the weekend, more than 50 organizations have already been compromised by attackers exploiting two new CVEs in on-prem Microsoft SharePoint Servers, tracked as CVE-2025-53770 (CVSS 9.8) and CVE-2025-53771 (CVSS 6.3), dubbed 'ToolShell'. Exploitation of these CVEs can result in unauthenticated Remote Code Execution (RCE) and pose significant risk to organizations. It's important to immediately mitigate and patch these critical vulnerabilities since they're already being actively exploited. Read on to understand more about the vulnerabilities, who is affected, and how to quickly remediate.
Sudo Vulnerability CVE-2025-32463: A Case of High Severity Versus Low Risk
Cybersecurity researchers recently disclosed a critical flaw in the sudo command-line utility for Linux and Unix-like operating systems, CVE-2025-32463 (CVSS score 9.3). This critical vulnerability could enable local attackers to escalate their privileges to root. Judging solely by CVSS severity, it needs to be addressed with priority, right? Hold on, not so fast. The CVSS score is just one factor to consider when deciding which vulnerabilities to patch first. In a world where hundreds of CVEs need your attention, and you only have finite resources, it's important to consider severity, risk, and environment when prioritizing. In this blog, we discuss the various risk and contextual factors that must be considered before determining that a vulnerability warrants your focus above others.
Actively Exploited Chromium Zero-Day: CVE-2025-6554 Affects Chrome, Edge, and Opera
Google, Microsoft, and Opera have released emergency security updates to fix a high-severity type confusion vulnerability in Google’s V8 JavaScript engine that affects their browsers. Google’s Threat Analysis Group (TAG) recently discovered and reported the vulnerability, tracked as CVE-2025-6554 with a CVSS score of 8.1. The vulnerability affects all browsers that use the Chromium codebase, and allows a remote attacker to perform arbitrary read/write via a crafted HTML page. What makes this vulnerability especially dangerous is that it’s not only widespread, but actively exploited in the wild — prompting an urgent call to patch all affected browsers.
Mondoo Release Highlights June 2025
It’s been a scorching month of June but that hasn’t stopped the Mondoo engineering team. This month we focused on supporting new operating systems, platforms, and CIS benchmarks. Plus, we've enhanced our UI for faster remediation with improved exception management and direct links to assets. Read the blog to get all the details.
How Mondoo Helps You Remediate 3x Faster
Got a remediation problem? You’re not alone. Most security platforms are pretty good at detecting vulnerabilities and misconfigurations in your environment, but less are actually able to get you from detection to remediation. This is exactly where Mondoo is different from other platforms. We don’t consider the job done until the issues are actually remediated, and we help security teams and platform engineers get there as fast as possible. Here’s how we do it.
Microsoft 365 CIS Benchmark 5.0: What You Need to Know
On April 30th, 2025, the Center for Internet Security (CIS) released version 5.0 of its popular Microsoft 365 Foundations Benchmark, introducing a host of new best practices and refinements to help organizations secure their cloud-based collaboration and productivity environments. For security researchers and practitioners, understanding these updates is crucial for maintaining a robust security posture against evolving threats. This article delves into the key aspects of the CIS Microsoft 365 Foundations benchmark, what's new in 5.0, and what you need to do to remain compliant.
Mondoo Offers Security and Compliance for IBM LinuxONE Workloads
We’re excited to announce that the Mondoo Platform now supports IBM LinuxONE, providing unified and automated security and compliance for mission-critical workloads and hybrid cloud environments. Mondoo’s unique ability to cover cloud and on-prem from a single user interface as well as automate policy creation and remediation processes, allow IBM LinuxOne users to reduce manual work and accelerate remediation- significantly improving their security posture.
Mondoo Release Highlights May 2025
May brought a fresh wave of Mondoo innovation, improvements, and exciting updates. This month was all about quickly surfacing the information you need to remediate quickly - especially the most critical and exposed CVEs in your environment. In this blog post, we’ll walk you through everything we released in May - from expanded CVE detection to improved reporting and exceptions management. Let’s dive into what’s new!
Six Key Takeaways from RSA 2025
Now that we've had time to recover from the whirlwind of insights, innovations, and eye-opening cybersecurity conversations at RSA 2025, we wanted to reflect on what stood out the most to us this year. What is going to be important in cybersecurity? What innovations will be productized? From cutting-edge advancements in MCP and agentic AI, to deepfake detection - this year's event was a reflection of both the urgency and ingenuity defining the industry. Here are our biggest takeaways from this year's RSA.
Mondoo Release Highlights April 2025
We're excited to tell you about everything we've been working on this past month, including the Mondoo MCP Server that helps unlock the power of AI to fix CVEs faster. In addition, we've expanded our detection coverage, enhanced the remediation information in tickets, reduced noise with centralized exception management, added new and updated policies, and much more.
Introducing MCP for Mondoo: Unlocking AI to Fix CVEs faster
We're excited to launch the Model Context Protocol (MCP) Server for Mondoo, available for private preview for Mondoo customers. MCP was created by Anthropic and has been rapidly adopted by OpenAI, Microsoft and Google. By adopting MCP, Mondoo removes integration costs and efforts to integrate into enterprise AI applications, allowing them to deliver value to customers faster. With Mondoo’s MCP server, AI models have immediate access to Mondoo’s exposure assessment data as additional context. Real-time security answers help companies to fix prioritized vulnerabilities and security findings faster.
Future Proofing MITRE CVE Troubles
Shockwaves went through the cybersecurity community yesterday, with the announcement by Yosry Barsoum, VP of non-profit research organization MITRE, that U.S. government funding for their Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs was expiring today. Even though disaster was averted by CISA announcing the extension of CVE funding, now is the time to further reflect on how to insulate organizations from these types of occurrences, in order to remain confident in the ability of their security tools to detect vulnerabilities.
Mondoo Release Highlights March 2025
This month at Mondoo was all about exposing CVEs wherever they are, and then making it as easy as possible to quickly remediate them in order of importance. With our growing engineering team, we’re excited to be moving at lightning speed to make our findings even more actionable. Here’s what we’ve been up to:
Mondoo Unveils Unified Policy as Code Solution at Google Cloud Next 2025
Mondoo detects and fixes critical IBM AIX Vulnerabilities: CVE-2024-56346 and CVE-2024-56347
Recently, two critical vulnerabilities were detected in IBM AIX systems that pose significant threats to enterprise environments: CVE-2024-56346 and CVE-2024-56347, with CVSS scores 10 and 9.6. These vulnerabilities enable remote attackers to run arbitrary commands on affected systems without authentication or user interaction, potentially leading to complete system compromise. Since IBM AIX is widely used in enterprise IT environments where high availability and security are essential, the vulnerabilities are especially concerning. In this blog we explain more about the vulnerabilities, how to determine if your systems are affected, and how to remediate them.
Mondoo’s Policy as Code Detects IngressNightmare Vulnerabilities on Kubernetes
A series of critical vulnerabilities in Ingress NGINX Controller for Kubernetes has been uncovered by Wiz research, dubbed "IngressNightmare." This combination of five vulnerabilities (CVE-2025-24513, CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974) forms a critical attack vector with a CVSS score of 9.8. If left exposed and unpatched, vulnerable environments are at immediate risk of takeover. In this blog, we explain how you can use Mondoo’s open source cnspec to find out if you’re affected by these vulnerabilities so you can mitigate and patch as soon as possible.
Why Vulnerability Automation Is the Smart Way to Tackle NIS2
The NIS2 Directive brings stricter cybersecurity requirements for organizations across the EU. However, because EU companies must ensure that their suppliers are NIS2 compliant as well, any company doing business in the EU is ultimately also required to comply with NIS2. This means that many organizations globally need to implement enhanced risk management, more rigorous incident reporting, and a greater focus on overall cybersecurity resilience.
Mondoo Release Highlights February 2025
Integrations with CrowdStrike and SentinelOne, priority asset customization, optimized dashboards that give you exactly what you need to start your day informed… Nobody told us it was a short month! Learn about these and many more additions and improvements we made to Mondoo in February.
Fix Security Issues 3x Faster with Mondoo Ticketing Integrations
You invest in a security platform to protect your organization. Your goal? Reduce your exposure to attack. But so many security platforms only alert you to problems; they don't help you fix them. Mondoo not only finds the misconfigurations and vulnerabilities in your infrastructure but also enables you to fix them faster. The magic is in Mondoo's ticketing integrations, which allow Mondoo users to create and track tickets in IT service management (ITSM) systems like Jira, Zendesk, GitHub Issues, GitLab, Azure DevOps, and more.
Unify Findings from CrowdStrike, SentinelOne, and Microsoft Defender in Mondoo
Are you tired of constantly having to switch between different security tools for cloud, on-prem, SaaS, and endpoints? Is it difficult to understand your biggest risks and how to optimize your security efforts? Do you need to manually enter all security findings in a spreadsheet to get a unified view? To make impactful changes to your security posture, you need a unified view of your entire attack surface. That way you can understand which remediations will result in the greatest overall improvement. Mondoo makes this possible.
Mondoo Release Highlights January 2025
Identifying risks that threaten your infrastructure just keeps getting easier with Mondoo. This month we introduced a dynamic and flexible way to organize and view your assets, plus we improved the experience of gathering and sharing scanned asset data. Learn about these enhancements and more in our January release highlights.
Mondoo Workspaces: Organize Security Insights by Team, Location, Technology, and Focus
While organizations need centralized security insights to understand what the most critical risks are across their IT infrastructure, it’s also important to organize security findings into separate areas that align with existing workflows and business goals. With Mondoo workspaces, you can create separate views of assets to divide responsibilities, prioritize risks within focus areas, and deliver focused reporting. The ability to slice and dice assets into workspaces allows Mondoo customers to streamline their security efforts and optimize processes. In this blog we explain what Mondoo workspaces are and how they work. We provide three use cases to demonstrate how our customers are benefiting from this feature.
Mondoo Release Highlights December 2024
Ever wish you could apply Mondoo's advanced prioritization and remediation tracking to findings from your other security tools? Wish granted: We added the ability to ingest Microsoft Defender for Cloud findings into Mondoo—with support for more security tools coming soon! We also added support for querying Nmap data and Cloudflare infrastructure, plus made huge performance improvements. But that's not all we accomplished this month. Read our release highlights to learn more.
Augment Microsoft Defender for Cloud with Mondoo Exposure Management
What do you get when you combine Microsoft Defender for Cloud (MDC) with the contextual risk prioritization and vulnerability and misconfiguration detection of Mondoo’s exposure management platform? The answer: A complete, centralized, and actionable list of all the misconfigurations and vulnerabilities in your environment—prioritized by the actual risk they pose to your organization.
Mondoo November 2024 Release Highlights
We're over the moon about a revolutionary feature we added in November: the five-minute Azure setup. Integrating with complex systems can be… well… complex. And historically Azure has been the most challenging. Now our new automatic Azure integration setup reduces your effort down to a couple of choices and a single command. We know you'll be as thrilled as we are. Also this month we've given you ultimate control with customizable risk factors, expanded our Windows support, and continued to make improvements to our user experience.
Overview of Changes and New Security Features in Windows Server 2025
The release of Windows Server 2025 marks a significant milestone in Microsoft's server operating system evolution. Launched on November 1, 2024, this Long-Term Servicing Channel (LTSC) release brings a comprehensive suite of security enhancements, improved hybrid cloud capabilities, and notable performance optimizations. Whether you're a seasoned IT administrator or planning your organization's infrastructure upgrade, the new features in this release deserve your attention.
Mondoo October 2024 Release Highlights
For Mondoo, October has been about building, sure, but also about rebuilding. We overhauled our AWS serverless integration and the user experience for managing policies. Based on customer feedback and smarter engineering, we just keep making it easier to secure your business-critical assets. When you throw in workflow integration with Azure DevOps and Zendesk and hearty lists of newly supported systems, policies, and resources, you have a bountiful fall harvest!
Mondoo September 2024 Release Highlights
Mondoo has dramatically reduced the labor of tracking and completing security fixes. By connecting Mondoo with your project and ticket management software and automating drift detection, we made a lot of lives easier this month. But that's not all we did! Learn about more additions and improvements in our September 2024 release highlights.
Mondoo August 2024 Release Highlights
Sure, many of our superstar engineers, like much of Europe, were on vacation in August. Still we managed to pump up our compliance experience, write loads of new policies, improve our UI, give you access to new resources, and more. Here's the whole story in this month's release highlights.
Mondoo July 2024 Release Highlights
It's been a hot July for the Mondoo team! It's tough to pick what we're most excited about this month. We launched cases, our new remediation task tracking feature... We expanded our GitHub, GitLab, and Linux support, exceptions coverage, and CIS benchmark policies… We improved Kubernetes scanning, compliance framework management, and data exports… And more! What capabilities do these changes give you? Find out in this month's release highlights.
Mondoo June 2024 Release Highlights
During the month of June at Mondoo, two key words drove our engineering work: better and more. We endeavored to make your security assessment and prioritization experience better and to extend the Mondoo security data fabric to give you more data. The results are finer details on cloud security, an improved user experience, new platforms supported, and expanded information on your infrastructure. What do Mondoo's better and more enable you to do? Find out in this month's release highlights.
Mondoo May 2024 Release Highlights
We definitely have spring fever here at Mondoo. The most exciting development is full-text search that finds assets, policies, checks, CVEs, advisories, and more. There's a whole lot of good news for our AWS and GitHub customers. And to help you secure your entire infrastructure, we've further expanded our platform support, policies, and resources.
Mondoo April 2024 Release Highlights
We lit some big sparks in April with our initial release of Mondoo Firewatch, which focuses on solving the challenge of prioritizing security fixes. We also expanded our scanning capabilities to include Azure Container Registries and Dockerfiles, plus added a problem-solving approach to scanning Kubernetes cluster nodes. The improved workflow of compliance as code makes it easier to adjust your compliance monitoring and reporting to precisely match your auditor's needs.
Exploring the Latest Security Features in Ubuntu 24.04
In the mere two years since the previous LTS release of Ubuntu shipped, the technology landscape has changed in profound ways. Because we’ve seen an explosion of ransomware attacks and critical Linux CVEs, it’s more important than ever to secure Linux systems. Thankfully, the industry has responded with a focus on security in Linux core components. That emphasis makes Ubuntu 24.04 perhaps the most important Ubuntu release ever for those concerned with securing their systems. We’ve combed through various Linux project changelogs, Debian package maintainer mailing lists, and piles of pages on Canonical's Launchpad system to bring you a definitive list of everything new in security in Ubuntu 24.04. Think we missed something important? Let us know at hello@mondoo.com.
Mondoo Firewatch
We are excited to announce the next major release of Mondoo, which introduces an effective new way to prioritize risks. This approach takes threats and exposure into consideration to highlight findings that pose the greatest actual risks. As a result, you won't drown in issues and alerts. Instead, you can focus on the best actions that increase your security.
Mondoo March 2024 Release Highlights
At Mondoo we wrapped up our winter efforts with a productive month of March. We added SCIM 2.0 support, new features that help you prioritize and speed through your security fixes, and improvements to policies and resources.
Patching Made Easy: Introducing Guided Remediation in Mondoo
We’re thrilled to announce the launch of guided remediation in the Mondoo Platform, which makes patching fast and efficient for your DevOps teams.
How to Find the Backdoored XZ Package at Scale
Find the XZ critical vulnerability CVE-2024-3094 in your environment with Mondoo at scale. The open source tools: cnquery and cnspec. With cnquery's cloud-native asset inventory capabilities, you can detect all instances of the vulnerabilities across your entire infrastructure. Apply the patch to all affected assets and then use cnspec to ensure that no installations with this vulnerability ever go to production again.
Mondoo February 2024 Release Highlights
It may be the shortest month, but we still managed to pack a lot of great features and enhancements into Mondoo in February! We made big improvements to our vulnerability detection capabilities and experience, supercharged performance, and gave you access to more infrastructure data.
Mondoo January 2024 Release Highlights
Kick off the new year with powerful new security features! This month we shipped CVE detection for Firefox and Chrome, new exploitability data to help you prioritize fixes, and improved CVE and advisory page designs.
Continuous Domain Health Checking and Compliance
Over the last decade, we’ve seen an explosion in the complexity of attacks on business infrastructure. New zero-day attacks and ransomware breaches have become weekly news topics. Businesses have reacted with new security practices and tooling meant to thwart attackers, but in the pursuit of cutting-edge defenses, have we missed the most basic part of securing business infrastructure? Attackers don’t need complex, zero-day exploits to compromise your business if your web properties and domains are not properly secured.
Microsoft 365 CIS Benchmark 3.0: What You Need to Know
The CIS Microsoft 365 Benchmark version 3.0 is an updated set of security guidelines tailored for the Microsoft 365 environment. This new version reflects the latest best practices and security configurations suitable for Microsoft 365, addressing the evolving cybersecurity landscape. It includes revised recommendations, new security controls, and adjustments to existing guidelines, ensuring that users can effectively secure their Microsoft 365 deployments. The benchmark is designed to assist organizations in enhancing their security posture and achieving compliance with industry standards.
Power up MQL
The freshly baked cnquery and cnspec v10 release includes some exciting new language features in MQL. This blog post dives into these capabilities and the use cases that motivated them.
Looking Back on Mondoo's Epic 2023
It’s been a momentous 2023 for us here at Mondoo. To grasp the scale of everything new we’ve shipped, let’s take a walk through a winter wonderland of features and improvements. Because we release a new version of Mondoo every week, we’ve shipped 52 releases this year, including 2 major releases.
Eliminating Mystery from Your Complex Infrastructure
The past decade has witnessed an exponential surge in infrastructure complexity. Far behind us are the days when teams could rely on a simple mental map to navigate their software architecture or draw a server diagram on a single sheet of paper. Instead, seemingly simple application deployments now span multi-region Kubernetes clusters and traverse dozens of different cloud services. This explosion of complexity has strained security and operations teams’ ability to respond to security findings. Without the context our mental infrastructure maps once provided, we can't validate, let alone remediate, security issues. To empower both operations and security teams to secure their environment, Mondoo is launching new capabilities that deliver context to complex environments.
Embracing Enhanced Security: CIS IBM AIX 7.1 and 7.2 Benchmarks
Mondoo now extends its cutting-edge security solutions to IBM AIX platforms! This marks a significant milestone in our journey towards empowering enterprises to fortify their most critical workloads with confidence. While the cloud and Kubernetes have become the go-to for many, the reality is that numerous enterprises still rely heavily on classic infrastructures for their pivotal business operations. This enhancement is more than just an upgrade; it's our commitment to ensuring that your entire inventory, spanning from the cloud to on-premises systems, remains shielded against the ever-evolving landscape of cyber threats. Welcome to a new era of comprehensive, unwavering security for your IBM AIX environments! 🛡️🚀
Unleashing the Power of Provider Plugins
We have always wanted our users to be able to create their own providers (pluggable components that add capabilities) to expand the projects however they like. The explosive growth in the types of technologies we support has been a strong indication for this model.
What’s New in Security for Ubuntu 23.10
It’s that time of the year again: With a new release of Ubuntu Linux on the horizon, we’re continuing our tradition of diving deep into what’s new in security. This release is probably Ubuntu's smallest in recent memory in terms of new security features, but that doesn’t mean it’s not worth upgrading.
GCP Security from CSPM to Agentless VM Scanning
The shift from traditional data centers to the cloud has changed how we provision systems. Gone are the days of waiting for vendors, painstakingly slow rack and stack processes, and manual OS installations. Today, you can launch new systems into production within minutes using a few clicks or API calls. While this has increased convenience and agility, it has also introduced significant challenges for security teams that even modern Cloud Security Posture Management (CSPM) solutions often miss.
Whats new in CIS Amazon Web Services Foundations 2.0
The Center for Internet Security (CIS) recently released an updated 2.0 version of their Amazon Web Services (AWS) Foundations benchmark. This updated release ships with several significant changes, including new security recommendations and the removal of outdated practices.
Bridging DevOps and Security with Better Tools
As you take a step back to view your organization's infrastructure landscape, you might notice a pronounced rift between your build and runtime. This gap often signifies an age-old challenge – one that many organizations grapple with – the disconnect between DevOps and security.
Mondoo supports Oracle Cloud Infrastructure for enhanced IT security
We're excited to announce that Mondoo now extends its robust security and compliance solution to Oracle Cloud Infrastructure (OCI). This integration quickly and easily connects Mondoo’s comprehensive security solution to OCI in minutes. OCI customers can use Mondoo’s tools to find, prioritize, and fix security risks in their cloud workloads.
Securing Infrastructure Layers: A Comprehensive Approach
In today's complex IT landscape, ensuring robust security across infrastructure layers is a daunting task. Organizations often rely on various tools to monitor and safeguard their on-premises systems, cloud-based applications, and everything in between. This approach, however, has proven to be more burdensome than helpful. In this blog, we'll explore the limitations of this fragmented approach and how Mondoo is changing the game with a comprehensive, full-stack security solution.
Mondoo Goes to Summer Camp
The Lollapalooza of security events, consisting of BSidesLV, Black Hat, and DEFCON, affectionately referred to collectively as “Security Summer Camp”, has come and gone for 2023 and Mondoo was there for it all! The events are so large and there are so many attendees there is no way to recap the events, but I’d like to share some themes that stood out to me and some highlights.
Security and Compliance: Addressing Poor Tooling
Security and compliance play integral roles in maintaining a healthy IT environment. While security safeguards an organization from breaches and threats, compliance ensures adherence to specific regulatory requirements. However, many organizations face a significant disconnect between these two functions, largely due to what we term as 'poor security tooling'. In this blog post, we will unpack the impact of this issue and illustrate how Mondoo can help bridge this gap.
DefCon 31: Highlights and Insights
Between the scorching hot weather of Las Vegas and the buildings full of slot machines, we find one of the best IT security events of the year: DefCon. This year marked the first gathering after Covid. Here are some of my favorite things during this year's DefCon.
From Report-Driven to Data-Driven Security
The current landscape of corporate security and compliance is heavily report-driven. What does this mean? Simply put, security scans are performed on an organization's IT infrastructure, and a report is generated outlining potential vulnerabilities and compliance issues. But there's a crucial piece of the puzzle missing: the raw data.
Create and track Jira tickets directly from Mondoo
At Mondoo, we understand your need for effective collaboration between your security, compliance, development, and DevOps teams. Recognizing that many of you use Atlassian Jira to track your work, we’ve made it possible for you to create Jira tickets directly from the Mondoo console. Let’s delve into your interaction with your Security, Compliance, and DevOps teams and how Mondoo and Jira can facilitate your company-wide collaboration.
CIS SecureSuite Certified for GitHub and Supply Chain Security
Mondoo is the first full-stack Security Vendor to receive Center for Internet Security (CIS) certification for GitHub. This significant accomplishment also means that Mondoo is the first security vendor to provide coverage for the entire supply chain, from repositories via Infrastructure as Code (IaC) to runtime. That means Mondoo can protect the entire infrastructure stack like all major Clouds (AWS, GCP, Azure), Kubernetes (AKS, EKS, GKE, OpenShift, Tanzu), including workloads, Windows, Linux, macOS, VMware, Terraform, etc.
Simplifying Compliance: Introducing the Mondoo Compliance Hub
Compliance isn't just about passing audits; it forms the core of your relationships with customers, stakeholders, and collaborators. As a CISO, GRC professional, or a Security Engineer, you're all too familiar with the challenges: complex regulations, resource constraints, and a perpetually changing threat landscape.
Effortless and Continuous Azure VM Instance Scanning
The shift from traditional data centers to the cloud has changed how we provision systems. Gone are the days of waiting for vendors, painstakingly slow rack and stack processes, and manual OS installations. Today, new systems can be launched into production within minutes using a few clicks or API calls. While this has increased convenience and agility, it has also introduced significant challenges for security teams.
Super-Charge Okta security with Terraform and Mondoo
Businesses increasingly rely on cloud-based services like Okta to manage their identities and access controls. While this shift provides robust capabilities to manage user access and authentication across various technologies, it also brings about the challenges of the shared responsibility model introduced by public cloud services like AWS, Microsoft Azure, and Google Cloud. As a result, ensuring the security of these systems becomes not just crucial, but also complex.
Windows CIS Benchmarks 2.0: What You Need to Know
The Center for Internet Security (CIS) recently released an updated 2.0 version of their workstation and server benchmarks for Windows 10, 11, 2016, 2019, and 2022. These new releases come with significant changes, including new security recommendations and the removal of outdated practices.
Chef Infra Server CVE-2023-28864 Impact and Remediation
On June 14th, Progress Software announced the release of Chef Infra Server 15.7. The release includes additional platform support and resolves several OpenJDK CVEs by bundling a new release of OpenJDK. However, a minor yet significant detail might have been overlooked – the resolution of CVE-2023-28864.
Streamlining Compliance: Best Practices for GRC Pros
In today's global economy, governance, risk, and compliance (GRC) is more critical than ever. Regulations change constantly, and keeping up can feel like an insurmountable task. Businesses that fail to meet these regulatory requirements face penalties, damaged reputations, and potential operational disruptions. But it's not just about avoiding negative consequences.
CISO Guide: Key Steps to Robust Security Posture
In the face of escalating cybersecurity threats and a rapidly changing regulatory environment, a Chief Information Security Officer (CISO) must build a robust security posture. This requires a clear understanding of various critical factors. Let's delve into these essential elements and explore how they contribute to fortifying your organization's defenses.
What’s New in Debian 12 Security
It’s been almost two years since Debian 11 was released, and since then the Linux community as well as Debian package maintainers have been busy shipping exciting new security features. There are literally too many to list in a blog post like this, so we’ll see if we can cover some of the most interesting new features you may have missed if you’re not reading through changelogs with a fine toothed comb.
CIS Hardening Helper Series by Mondoo - Part 1
In the pursuit of hardening various Linux systems to comply with the Center for Internet Security (CIS) Benchmarks, system administrators frequently encounter two common issues. The CIS Benchmarks are standards for securely configuring a system, and they're widely adopted as best practices for hardening systems against cyber threats.
Addressing CVE-2023-32434: Continuous Security for Apple's Kernel
Apple's recent kernel vulnerability, CVE-2023-32434, poses a serious threat to macOS, iOS, and iPadOS systems, highlighting the importance of cybersecurity in the digital age. Prompt installation of the provided kernel update is crucial to mitigate potential exploits, emphasizing the ongoing need for vigilance and proactive security measures in the face of evolving cyber threats.
Hack GKE Clusters with Mondoo's Kubernetes Container Escape Labs
In this hands-on tutorial, you'll explore how easily a vulnerability can become a breach by diving into the world of Kubernetes exploitation with Mondoo's Kubernetes Container Escape Labs. You'll learn how to set up a Google Kubernetes Engine (GKE) cluster using Terraform, deploy a purposely vulnerable web application (DVWA), and exploit a few misconfigurations to take over the root account of a Kubernetes node. By understanding the attacker's perspective and gaining hands-on experience, you'll be better equipped to secure your own infrastructure and prevent potential breaches.
cnspec's Powerful New Reporting Capabilities
As your business's digital footprint continues to expand, so too does the importance of IT security and compliance. But let's face it, staying on top of all the potential threats and misconfigurations in your IT infrastructure can be daunting. That's why we're thrilled to unveil the latest feature release for the open source cnspec tool by Mondoo. Our new rich reporting features provide comprehensive and actionable insights into your security and compliance posture. And the best part? It's completely free!
Mondoo - The First CIS SecureSuite Vendor Certified for Cloud and Kubernetes Security
Mondoo ensures your Cloud and Kubernetes environments are compliant with CIS Benchmarks. Continuously assess compliance reports instantly and remediate issues without trouble.
Upgrade your Security with Latest Features in Ubuntu 23.04
It’s that time of the year again for a new release of Ubuntu Linux, and here at Mondoo, we’re going to continue our tradition of discovering what’s new in security. Ubuntu 23.04 may not bring revolutionary security changes, as it has only been 6 months since Ubuntu 22.10 came out, and not many core components have received major updates. However, Ubuntu 23.04 offers refinements to its predecessor, with plenty of patch release updates included. There are significant updates to popular bundled servers such as MariaDB, PostgreSQL, and Samba. Domain controller or database server users running Ubuntu should stay tuned for some good reasons to upgrade to 23.04.
Enhance Your Security with Data: Mondoo + Snowflake Integration
Mondoo is thrilled to announce its extended partnership with Snowflake, following the recent collaboration with Google BigQuery. This integration empowers companies to leverage their security information for advanced analysis, revolutionizing the way enterprises tackle security intelligence.
Announcing Mondoo's Feature Releases at RSA 2023
Discover the latest innovations in cybersecurity with Mondoo's new feature releases, designed to empower CISOs and revolutionize security posture management.
ICYMI: Mondoo Release Highlights for March 2023
Welcome to March 2023 release highlight of Mondoo.
Mondoo + Google BigQuery: A Winning Combo for Security Intelligence
Mondoo is excited to announce our integration with Google BigQuery, a game-changer for your security intelligence and insights!
Unlock the Power of Kubernetes Security: Explore New KSPM Capabilities
Mondoo enhances its Kubernetes Security Posture Management (KSPM) solution to address the growing security challenges in cloud-based Kubernetes environments. As Kubernetes deployments increase, so does the risk of attacks on Kubernetes infrastructure. Adopting a robust, multi-layered approach to Kubernetes security is crucial. Mondoo’s unified policy-as-code engine makes it the only tool capable of securing all aspects of Kubernetes security.
Amazon Linux 2023: A Comprehensive Overview of New Features and Updates
Nearly five years after the first release of Amazon Linux 2, Amazon has introduced a new Amazon Linux LTS release, Amazon Linux 2023. This update brings significant changes for administrators and application developers, making it an attractive alternative to other distributions like Ubuntu 22.04.
Secure Your SaaS Applications with Mondoo's Open SSPM Solution
The modern business landscape is evolving rapidly, with more and more organizations shifting their processes, user data, corporate data, and customer relationship management (CRM) solutions to SaaS applications.
Secure Industry 4.0 with xSPM
Industry 4.0 has introduced a new level of integration between IT and operations technology (OT) in modern industrial automation systems. This integration has led to higher demands on IT security because any security risks in the OT world can impact the IT world and vice versa. This blog post proposes an open source solution called xSPM (extensible security posture management) that can help organizations manage the security and compliance of their complete infrastructure, including on-premises, cloud, and SaaS services. In this post, we will discuss the benefits of xSPM and how it can help secure Industry 4.0.
ICYMI: Mondoo Release Highlights for February 2023
Welcome to Mondoo's February 2023 release highlights.
Container Image Security: Protecting Against CVEs
As a developer or security engineer you’re probably aware of the importance of implementing the latest and greatest Kubernetes security techniques. You may have even shifted security testing all the way to the left, with dev teams scanning their workloads as they develop, and operations teams keeping the cluster and cloud environment secure by scanning Terraform plans and the resulting infrastructure.
Fix Critical Word RTF Font Table Heap Bug CVE-2023-21716: Open Source Solution
Microsoft Word is an essential tool used by individuals and businesses globally. However, it has recently been discovered that Microsoft Word is susceptible to a critical vulnerability known as RTF Font Table Heap Corruption, which can allow attackers to execute arbitrary commands with the victim's privileges via malicious RTF files.
Mondoo v8: Enhanced Policies & Query Packs for Simplified Security Posture
Get ready to enhance your security posture with Mondoo v8, our latest version featuring improved policies and query packs.
Mondoo Launches Cloud-Based Enterprise Solution for Highly Regulated Industries
If you're in a highly regulated industry like healthcare, government or finance, data privacy protection is a top priority. This is why I’m excited to share that Mondoo has announced the launch of its new cloud-based enterprise solution. It combines the power of our SaaS platform with the added convenience of a dedicated environment to give enhanced security, privacy, and scalability for large enterprises.
Understanding the Differences Between xSPM and CSPM: Which Solution is Right for Your Organization?
In today's digital landscape, organizations need to ensure the security and compliance of their entire infrastructure, including on-premises, cloud-native applications, and SaaS services. Two solutions that have emerged to address this need are extensible security posture management (xSPM) and cloud security posture management (CSPM). Both xSPM and CSPM help organizations assess, improve, and maintain their security posture, but they approach this task in slightly different ways. In this article, we will explore the key differences between xSPM and CSPM and help you determine which solution is the best fit for your organization.
Exploring the Latest Security Features in Ubuntu 22.10
If you're a sysadmin considering updating your desktop deployments or running non-LTS builds on servers, this guide is for you. In this article, we will explore the latest security features in Ubuntu 22.10 (Kinetic Kudu), including upgrades to OpenSSH 9.0, Sudo 1.9.11, Systemd 251, and Kernel 5.19. While this release may not have many new security features, it includes some significant upgrades that make it worth exploring.
Streamline Cloud Security with Mondoo's Open CSPM Solution
Securing cloud environments can be a challenging task for security and platform engineers. To help with this task, Mondoo has released a new open cloud security posture management (CSPM) solution that is built on security as code (SaC). The new solution is designed to provide security and platform engineers with an easy way to manage and secure their cloud environments.
Maximizing Security with xSPM: Separation of Powers
Separation of powers in infrastructure security is crucial to reducing the risk of a single point of failure or vulnerability. This is achieved by assigning different aspects of the infrastructure, such as availability, scalability, and security to different teams or individuals.
ICYMI: Mondoo Release Highlights for January 2023
With the new year starting, we have already a number of exciting updates for the new year! Before moving to the next major release in February, let's take a look at some of these new features:
Kubernetes Security Posture Management: Protecting Your Cluster and Workloads
Recently, I had the opportunity to talk with Bhavin and Ryan from Kubernetes Bytes about a topic that is becoming increasingly important for Kubernetes practitioners: Kubernetes Security Posture Management (KSPM). KSPM helps protect your Kubernetes cluster and its components, such as nodes, networks, configurations, and workloads, from typical attack vectors.
Protect Your VMware ESXi Servers from ESXiArgs Ransomware with CVE-2021-21974 Patch
VMware ESXi servers have been targeted by a new ransomware called ESXiArgs. The attackers are exploiting a two-year-old vulnerability, CVE-2021-21974, in the OpenSLP service. The vulnerability is caused by a heap overflow issue and can be exploited by unauthenticated actors. ESXi servers in versions 6.x and prior to 6.7 are the current target. VMware confirmed that this attack exploits older ESXi flaws and not a zero-day vulnerability.
Securing Your Infrastructure: A Guide to Extensible Security Posture Management (xSPM)
Are you looking to improve your organization's security posture? Look no further than extensible security posture management (xSPM).
Understanding cnquery and cnspec: Open Source CLI Security Tools
If you're looking to improve the security of your infrastructure, cnquery and cnspec are tools you should know about. These open source command-line interface (CLI) tools are designed to gather information about and test the security posture of your infrastructure, including Linux, Windows, VMware, Kubernetes, AWS, Slack, GitHub, containers, images, and more.
Mondoo Secures SOC 2 Type 1 Certification
Mondoo is proud to announce that we have achieved SOC 2 Type 1 certification, demonstrating our commitment to the highest levels of security and compliance.
Detect Host Misconfigurations with Open Source, Agentless cnspec
Assessing and remediating host misconfigurations is critical to maintaining a secure infrastructure. But with so many options available, it can be difficult to know where to start. That's where Mondoo's open source solution, cnspec, comes in.
SSL/TLS Certificate Verification: How to Identify Expired Certificates
Verifying SSL/TLS certificates and establishing effective certificate management in your environment can be challenging. With cnquery's cloud-native asset inventory capabilities, you can retrieve all information about your deployed certificates and their certificate chain across your entire infrastructure. With cnspec's cloud-native solution to assess the security and compliance, you can enforce that your certificates and their certificate chain are verified as well as not expired all the time.
Why MQL: An Extension of GraphQL
MQL is Mondoo’s own GraphQL-based query and policy language for exploring and testing infrastructure. Find out why and how we created it for platform and security engineers.
A Complete Guide to Easy VMWare Patch Management
Patch management is the process of distributing and applying updates to software, crucial for security, compliance, and system uptime. Mondoo offers a solution to identify missing patches and facilitate their deployment across your infrastructure, ensuring a robust security posture.
Critical Linux Vulnerability (ZDI-22-1690, ZDI-CAN-17816): Find and Fix with cnquery
The Zero Day Initiative issued on 22 December 2022 a new critical Linux Kernel vulnerability ZDI-22-1690.
ICYMI: Mondoo Release Highlights for November 2022
As the year is coming to a close, we have a lot of exciting changes to share from our work this past month:
Agent-Based or Agentless Cloud Security Scanning
Have you ever asked a group of security or operations engineers which is better: agent-based or agentless vulnerability scanning? You might as well ask whether pineapple belongs on pizza or what’s the best Linux distro. It’s a topic that inspires strong opinions, and our community doesn’t seem to grow tired of the debate.
How to Fix the PrintNightmare (CVE-2021-34527 / KB5004948) Vulnerability
This article lets you walk in a hacker's shoes. It provides step-by-step instructions for using the known PrintNightmare vulnerability to gain unpermitted access to a Windows system. It also shows you how to keep attackers from exploiting this and other vulnerabilities to steal, destroy, or ransom your business-critical data.
Automating the NSA Kubernetes Hardening Guide with Mondoo
The NSA and CISA have released the Kubernetes Hardening Guide. This is a rare event as it is one of the few times the NSA has given guidance on system hardening.
Finding Lost AWS Resources with cnquery
We all understand that resources get lost in the cloud. Between working across regions, migrating accounts, and the ability to quickly spin up an instance and forget about it, it’s almost inevitable to have some mystery resources lurking in your AWS account.
Side Scanning EC2 Instances with cnspec
Just when you think you can’t have it all, you can.
How to secure your Amazon EKS Cluster
Sometimes when you're running Kubernetes workloads in AWS using EKS, it feels like Amazon is doing your job for you. EKS abstracts away much of the complexity in day-to-day Kubernetes infrastructure management.
Reveal Vulnerabilities in AWS EC2 Instances with cnspec
Vulnerabilities are bad. We all know this. They expose your infrastructure to attackers.
Top 5 Security Themes from Kubecon North America 2022
KubeCon + CloudNativeCon North America 2022 may have come and gone but the learning should never end! We had a great time at the show and appreciated everyone who stopped by our booth to say hello and learn more about Mondoo.
ICYMI: Mondoo Release Highlights for October 2022
We hit a major milestone in October: Mondoo version 7! For important information about changes in the release, see the Mondoo 7 Release Notes.
Should Your Infrastructure Security Shift Left or Right?
A darling of conference talks, videos, and articles, shift left security has generated some excitement in the IT community. Industry analysts claim that shift left is the future. Evangelists tell you that this change can save resources and better protect your infrastructure. And what about shift right? The shift right movement might not have as much traction, but opponents of shift left are speaking out and making their case. What do these terms really mean? What drives the strong opinions about each? And should your infrastructure security shift left, shift right, or stay right where it is?
The Debut of DevOpsDays Eindhoven
The very first edition of devopsdays Eindhoven was something special. Among the local speakers were presenters from all around the world. The venue was beautiful, the event sold out, and for the most part the Dutch weather presented us with sunshine.
High OpenSSL Vulnerabilities (CVE-2022-3602 & CVE-2022-3786): Find, Fix, and Enforce Through Open Source
Find the OpenSSL high vulnerabilities (CVE-2022-3602 and CVE-2022-3786) in your environment with Mondoo's new open source tools: cnquery and cnspec. With cnquery's cloud-native asset inventory capabilities, you can detect all instances of the vulnerabilities across your entire infrastructure. Apply the patch to all affected assets and then use cnspec to ensure that no installations with this vulnerability ever go to production again.
New OSS Security Projects: cnquery and cnspec
Maintaining real-time insights into the current state of your infrastructure is essential for both platform engineering and security. Over the past decade, projects like osquery demonstrated the value of accessing your operating system like you would a database. Since then, the space has evolved beyond the OS with tools that inspect cloud, Kubernetes, or interconnected SaaS services.
You Asked, We Delivered! Full-Stack Kubernetes Security
Mondoo's new full-stack Kubernetes security answers with unrivaled detail and clarity: Can your Kubernetes infrastructure withstand attack?
ICYMI: Mondoo Release Highlights for September 2022
Welcome to the September 2022 recap of Mondoo releases. We are a bit late this month, since there are some big announcements on the way!
Security Automation Takes Center Stage at HashiConf 2022
HashiConf Global 2022 wrapped up the first week of October in sunny Los Angeles, CA. We were there in person to catch all of the latest news from HashiCorp, and to celebrate the arrival of Mondoo on stage with the HashiCorp team. Here’s our recap from that event.
DevOps Days Chicago Recap
DevOps Days Chicago returned to action this September 21st and 22nd, and Mondoo was there to celebrate as a sponsor.
sec4dev 2022: Security for All
Recently, Mondoonauts had the pleasure of sponsoring the 2022 sec4dev conference in Vienna, Austria. The goal of the conference is to raise security awareness among software developers. Similarly, our goal at Mondoo is to bring security awareness to everyone. We believe security isn’t just the job of security professionals, so this was the perfect conference for Mondoo to sponsor.
Kubernetes Security: Don’t Forget the Nodes
Kubernetes has allowed us to shift from a server-centric deployment mindset to an application-centric deployment mindset. This sometimes makes us forget that it’s all just the orchestration of workloads on servers.
The 2022 Security Conference Trifecta
As summer comes to a close it’s a good time to reflect on “Security Summer Camp,” the affectionate name given to the triad of security events that happened in August in Las Vegas: BSides, Black Hat, and DEF CON.
Mondoo’s Packer Plugin Earns Verified Status with HashiCorp
The Mondoo team has two exciting announcements: We’re now a member of the HashiCorp Technology Partnership Program and our Packer provisioner has earned HashiCorp verification.
Mondoo’s Full-Stack Security Platform Is Now Red Hat Certified
Mondoo’s full-stack security platform has always featured industry-leading operating systems and cloud support, and now that support is vendor certified. We’re delighted to announce that Mondoo Client is now officially certified for Red Hat Enterprise Linux 8 and 9 operating system releases running on both x86 and ARM architectures.
ICYMI: Mondoo Release Highlights for August 2022
Welcome to the August 2022 recap of Mondoo releases.
A Complete Guide to Easy Windows Patch Management
Patch management involves distributing and applying updates to software, essential for security, compliance, and system uptime. Mondoo provides solutions to identify missing patches and facilitate their deployment across various systems, ensuring a robust security posture and smooth operation.
Full-Stack Kubernetes Security: Mondoo Operator for Kubernetes 1.0
Protecting your Kubernetes infrastructure from attackers requires deep integration and a multilayered security solution. With our 1.0 release of Mondoo Operator for Kubernetes, Mondoo can provide continuous security for your entire Kubernetes environment.
A Complete Guide to Easy Linux Patch Management
Patch management involves distributing and applying updates to software, including operating systems, platforms, and applications, to fix vulnerabilities and ensure system security, compliance, and uptime. Mondoo offers solutions to identify missing patches and facilitate their deployment across various systems, enhancing overall security and operational efficiency.
How to Handle a Ransomware Incident
A ransomware incident stresses an IT organization to its very limits and brings a company to its knees. After the initial panic, there are steps you can take to resolve the situation as quickly as possible, avoid escalating the conflict, and prevent future successful infrastructure breaches.
What in the World Is a CNAPP (and Do I Need One)?
You’ve heard your CISO talking about CNAPPs (along with CSPM, CWPP, and so on). What is a CNAPP, and what does it mean to you as a security engineer?
SCaLE 19x Recap
The 19th “Annual” Southern California Linux Expo (SCaLE) has come and gone. Originally scheduled for early March in Pasadena, it was pushed back due to the Omicron surge that hit Los Angeles particularly hard. This year's event was an interesting step backward in time, as the total conference attendance was lower and it returned to its former home at the Los Angeles Hilton, near LAX, due to a scheduling conflict with the Pasadena Convention Center. The last time I attended SCaLE was five years ago when I delivered the DevOpsDays Los Angeles Keynote at the LAX location, so I was right at home.
ICYMI: Mondoo Release Highlights for July 2022
Welcome to the July 2022 recap of Mondoo releases.
What Do the New Security Guidelines for PowerShell Mean for You?
Cybersecurity agencies in the US, UK, and New Zealand have issued new recommendations for securing Windows PowerShell. Let’s see how different these guidelines are from existing CIS and STIG benchmarks, and how you can put them to action.
Exposing What's Under the Hood of Ransomware Attacks
Ransomware is devastating to a company because it damages critical data. During an attack, ransomware scans for important files, encrypts them, and destroys backups. This can cripple an organization faster than other malicious applications. In this second part of a blog series about ransomware, we’ll discuss well-known cybercriminals and the harm they do.
CVEs: Close the Gaps That Let in Attackers
IT organizations are making cybercrime too easy. Projects like the National Vulnerability Database and Common Vulnerabilities and Exposures (CVE) warn about the doorways that hackers use to penetrate infrastructure. Software providers rush to provide patches for their vulnerable products. However, most IT teams don’t patch their systems when they learn about a problem.
Preventing Ransomware Attacks: Hacker Procedure (Part 1)
Ransomware attackers often follow very similar patterns or sequences when they ransom an organization’s IT infrastructure. Only those who know the attack patterns can effectively protect themselves against them. In this first part of a blog series about ransomware, we’ll explore typical approaches to holding IT operations hostage.
Straight to the Source - Eliminate Security Threats Before They Hit Production
For many people working in DevOps, security is starting to become a bigger part of their daily work lives. With this new reality come new challenges
DevOpsDays Amsterdam 2022 Recap
For the last 7 years I've been part of organizing DevOpsDays Amsterdam. After moving to Amsterdam in mid-2015, I was looking for a community to join and participate in. Early January 2016, on a typical, rainy Dutch night, I experienced my first DevOpsDays organizers meeting in Muiden, NL.
ICYMI: Mondoo Release Highlights for June 2022
Welcome to the June 2022 recap of Mondoo releases.
Announcing Packer Plugin Mondoo
The Mondoo team is excited to announce the release of the Mondoo plugin for HashiCorp Packer, a powerful tool for securing and validating machine images.
KubeCon EU 2022 Recap
Not too long ago, we attended KubeCon EU 2022. This was especially exciting because it was the first big-industry event that we attended being a startup born in a COVID world. Having a booth on the showroom floor, being able to connect with folks from all types of backgrounds, and sharing with them what we’re building was a great learning experience.
ICYMI: Mondoo Release Highlights for May 2022
Welcome to the May 2022 recap of Mondoo releases.
Amazon Linux 2022 features and how to check for vulnerabilities
The year of LTS Linux releases continues! Amazon is now shipping preview releases for Amazon Linux 2022, their latest long-term support (LTS) version of Amazon Linux. With this version, Amazon joins the LTS party started by Ubuntu Server 22.04 LTS, which we previously discussed in this blog.
9 AWS Security Mistakes for DevOps Teams
AWS introduces new complexity to your infrastructure. With that complexity comes potential security risk to the organization. Amazon’s shared responsibility model places the reality of security within the cloud squarely in the hands of the DevOps team
Announcing End-to-End Kubernetes Security with Mondoo
In the last 5 years, Kubernetes has gone from a technology for hip startups and tech wizards to a mainstay of the technology industry. A 2021 survey by the Cloud Native Computing Foundation (CNCF) shows that 96% of businesses of all sizes were either running or evaluating Kubernetes.
DevOpsDays Birmingham 2022 Recap
Last week Mondoo sponsored our very first European event: DevOpsDays Birmingham! It was also the first DevOpsDays ever held in Birmingham. As a global core member of DevOpsDays and head of Community for Mondoo in Europe, I was delighted to get together once again with DevOps practitioners and thought leaders.
ICYMI: Mondoo Release Highlights for April 2022 (version 5.37)
Welcome to the April 2022 recap of Mondoo releases.
DevOpsDays Rockies 2022 Recap
I went to my first DevOps-oriented event eleven years ago. Over the last decade-plus of attending DevOpsDays events, it has been hugely rewarding to see the DevOps movement stretch into being, orient and define itself, and build toward a community of practice.
5 Reasons Why Cloud Security Policy Fails
In the past year, devastating cloud security breaches have dominated technology headlines. These big news stories are only the tip of the iceberg in cybercrime—we don’t hear about the thousands of successful attacks that cripple worldwide businesses every day.
New Security Features in Ubuntu 22.04 Server
Canonical recently released their latest long-term support (LTS) version of Ubuntu with Ubuntu 22.04 codenamed Jammy Jellyfish. Ubuntu ships an LTS release every two years in April and supports them for a full five years (instead of the usual 18-month support cycles). This extended support cycle makes LTS releases ideal for servers. What exactly is new in Ubuntu 22.04, though? There are plenty of articles showing the latest logos, desktop backgrounds, and display drivers, but nothing that really informs sysadmins.
Why Infrastructure as Code Is Setting You up to Make Bad Things Faster
Information security is a changed game. Traditional security practices can’t keep up with the rapid acceleration of both infrastructure as code and cybercrime. It’s time for a new approach: continuous security testing throughout your development cycle.
CentOS 8 is EOL - How to migrate to AlmaLinux and secure the new host
On December 31st, 2021, CentOS 8 officially went end-of-life. This brought an end to one of the most venerable Linux server distributions. CentOS had long been the go-to alternative Linux distribution for teams looking for the stability and compatibility of Red Hat Enterprise Linux (RHEL) without the high licensing costs. The distro was a near-perfect clone of RHEL with the exception of copyrighted terms/logos and some proprietary management software.
ICYMI: Mondoo Release Highlights for March 2022
Welcome to the Mondoo release recap for March 2022.
A DevOps Approach to AWS Security: Policy as Code
As DevOps practitioners ourselves, we know securing your AWS environments is complicated. Have you thought about approaching security the same way DevOps teams build and manage their AWS infrastructure? If not, then you should.
We’re all in on a more secure Cloud Native world
Mondoo has joined the Cloud Native Computing Foundation (CNCF) as a Silver Member, emphasizing its dedication to collaborating within the cloud-native ecosystem. Additionally, Mondoo introduces the Mondoo Kubernetes Operator in early access, offering a unified platform for continuous compliance across cluster nodes and deployed resources, with a focus on simplicity and ease of integration. Look for Mondoo at KubeCon | CloudNativeCon in Valencia, Spain, where they will showcase their latest updates and engage with the community in person.
Exploit and Detect Dirty Pipe Vulnerability - CVE-2022-0847
The Dirty Pipe vulnerability in Linux Kernel 5.8 or higher allows attackers to modify files, potentially gaining root access and compromising systems, including Android smartphones. Mondoo provides a query to detect affected systems and offers a comprehensive security solution to identify and assess vulnerabilities across various environments.
Mondoo Funding Announcement
Mondoo has raised $15 million from investors Atomico, First Minute Capital, and System.One, aiming to simplify infrastructure security operations for organizations of all sizes. The platform, designed by experienced DevOps professionals, automates security tasks across various infrastructures, allowing users to start securing their fleets immediately without the need for sales involvement.
Ready to Transform Your Security?
See how Mondoo can help you find and fix vulnerabilities faster.