Skip to content

Mondoo Blog

Patrick Münch February 1, 2023 2 min read

Securing Your Infrastructure: A Guide to Extensible Security Posture Management (xSPM)

Are you looking to improve your organization's security posture? Look no further than ...
Start Reading
Victoria Jeffrey January 31, 2023 3 min read

Understanding cnquery and cnspec: Open Source CLI Security Tools

If you're looking to improve the security of your infrastructure, cnquery and cnspec are ...
Start Reading
Ben Rockwood January 30, 2023 1 min read

Mondoo Secures SOC2 Type 1 Certification

Mondoo is proud to announce that we have achieved SOC2 Type 1 certification, ...
Start Reading
Victoria Jeffrey January 23, 2023 2 min read

Detect Host Misconfigurations with Open-Source, Agentless cnspec

Assessing and remediating host misconfigurations is critical to maintaining a secure ...
Start Reading
Patrick Münch January 12, 2023 2 min read

SSL/TLS Certificate Verification: How to Identify Expired Certificates

Start Reading
Dominik Richter January 5, 2023 6 min read

Why MQL: An Extension of GraphQL

MQL is Mondoo’s own GraphQL-based query and policy language for exploring and testing ...
Start Reading
Patrick Münch January 4, 2023 13 min read

A Complete Guide to Easy VMWare Patch Management

What is patch management? Patch management is the process of distributing and applying ...
Start Reading
Patrick Münch December 23, 2022 2 min read

Critical Linux Vulnerability (ZDI-22-1690, ZDI-CAN-17816): Find and Fix with cnquery

The Zero Day Initiative issued on 22 December 2022 a new critical Linux Kernel ...
Start Reading
Dominik Richter December 23, 2022 15 min read

ICYMI: Mondoo Release Highlights for November 2022

As the year is coming to a close, we have a lot of exciting changes to share from our ...
Start Reading
Letha Dunn December 15, 2022 9 min read

Agent-Based or Agentless Cloud Security Scanning

Have you ever asked a group of security or operations engineers which is better: ...
Start Reading
Patrick Münch December 12, 2022 15 min read

How to Fix the PrintNightmare (CVE-2021-34527 / KB5004948) Vulnerability

This article lets you walk in a hacker's shoes. It provides step-by-step instructions for ...
Start Reading
Victoria Jeffrey December 6, 2022 1 min read

Finding Lost AWS Resources with cnquery

We all understand that resources get lost in the cloud. Between working across regions, ...
Start Reading
Manuel Weber December 5, 2022 4 min read

Automating the NSA Kubernetes Hardening Guide with Mondoo

A quick introduction to the Kubernetes Hardening Guide by the NSA and CISA The release of ...
Start Reading
Victoria Jeffrey December 2, 2022 1 min read

Side Scanning EC2 Instances with cnspec

Just when you think you can’t have it all, you can.
Start Reading
Tim Smith December 1, 2022 4 min read

How to secure your Amazon EKS Cluster

Sometimes when you're running Kubernetes workloads in AWS using EKS, it feels like Amazon ...
Start Reading
Victoria Jeffrey November 25, 2022 1 min read

Reveal Vulnerabilities in AWS EC2 Instances with cnspec

Vulnerabilities are bad. We all know this. They expose your infrastructure to attackers. 
Start Reading
Ben Rockwood November 24, 2022 4 min read

Top 5 Security Themes from Kubecon North America 2022

KubeCon + CloudNativeCon North America 2022 may have come and gone but the learning ...
Start Reading
Dominik Richter November 22, 2022 18 min read

ICYMI: Mondoo Release Highlights for October 2022

We hit a major milestone in October: Mondoo version 7! For important information about ...
Start Reading
Letha Dunn November 16, 2022 16 min read

Should Your Infrastructure Security Shift Left or Right?

A darling of conference talks, videos, and articles, shift left security has generated ...
Start Reading
Ivan Milchev November 7, 2022 2 min read

The Debut of DevOpsDays Eindhoven

The very first edition of devopsdays Eindhoven was something special. Among the local ...
Start Reading
Christoph Hartmann November 1, 2022 7 min read

High OpenSSL Vulnerabilities (CVE-2022-3602 & CVE-2022-3786): Find, Fix, and Enforce Through Open Source

Find the OpenSSL high vulnerabilities (CVE-2022-3602 and CVE-2022-3786) in your ...
Start Reading
Dominik Richter November 1, 2022 4 min read

New OSS Security Projects: cnquery and cnspec

Introducing cnquery and cnspec  Maintaining real-time insights into the current state of ...
Start Reading
Tim Smith October 26, 2022 4 min read

You Asked, We Delivered! Full-Stack Kubernetes Security

Mondoo's new full-stack Kubernetes security answers with unrivaled detail and clarity: ...
Start Reading
Dominik Richter October 25, 2022 12 min read

ICYMI: Mondoo Release Highlights for September 2022

Welcome to the September 2022 recap of Mondoo releases. We are a bit late this month, ...
Start Reading
Scott Ford October 19, 2022 7 min read

Security Automation Takes Center Stage at HashiConf 2022

HashiConf Global 2022 wrapped up the first week of October in sunny Los Angeles, CA. We ...
Start Reading
Tim Smith October 18, 2022 2 min read

DevOps Days Chicago Recap

DevOps Days Chicago returned to action this September 21st and 22nd, and Mondoo was there ...
Start Reading
Yvo van Doorn October 12, 2022 1 min read

sec4dev 2022: Security for All

Recently, Mondoonauts had the pleasure of sponsoring the 2022 sec4dev conference in ...
Start Reading
Tim Smith October 5, 2022 3 min read

Kubernetes Security: Don’t Forget the Nodes

Kubernetes has allowed us to shift from a server-centric deployment mindset to an ...
Start Reading
Ben Rockwood September 28, 2022 5 min read

The 2022 Security Conference Trifecta

As summer comes to a close it’s a good time to reflect on “Security Summer Camp,” the ...
Start Reading
Scott Ford September 21, 2022 2 min read

Mondoo’s Packer Plugin Earns Verified Status with HashiCorp

The Mondoo team has two exciting announcements: We’re now a member of the HashiCorp ...
Start Reading
Tim Smith September 19, 2022 1 min read

Mondoo’s Full-Stack Security Platform Is Now Red Hat Certified

Mondoo’s full-stack security platform has always featured industry-leading operating ...
Start Reading
Dominik Richter September 15, 2022 15 min read

ICYMI: Mondoo Release Highlights for August 2022

Welcome to the August 2022 recap of Mondoo releases. We have a lot of exciting changes to ...
Start Reading
Patrick Münch September 9, 2022 26 min read

A Complete Guide to Easy Windows Patch Management

What is patch management? Patch management is the process of distributing and applying ...
Start Reading
Tim Smith August 31, 2022 5 min read

Full-Stack Kubernetes Security: Mondoo Operator for Kubernetes 1.0

Protecting your Kubernetes infrastructure from attackers requires deep integration and a ...
Start Reading
Patrick Münch August 25, 2022 26 min read

A Complete Guide to Easy Linux Patch Management

What is patch management? Patch management is the process of distributing and applying ...
Start Reading
Patrick Münch August 17, 2022 7 min read

How to Handle a Ransomware Incident

A ransomware incident stresses an IT organization to its very limits and brings a company ...
Start Reading
Letha Dunn August 15, 2022 8 min read

What in the World Is a CNAPP (and Do I Need One)?

You’ve heard your CISO talking about CNAPPs (along with CSPM, CWPP, and so on). What is a ...
Start Reading
Ben Rockwood August 12, 2022 6 min read

SCaLE 19x Recap

The 19th “Annual” Southern California Linux Expo (SCaLE) has come and gone. Originally ...
Start Reading
Dominik Richter August 9, 2022 11 min read

ICYMI: Mondoo Release Highlights for July 2022

Welcome to the July 2022 recap of Mondoo releases.
Start Reading
Christoph Hartmann August 8, 2022 5 min read

What Do the New Security Guidelines for PowerShell Mean for You?

Cybersecurity agencies in the US, UK, and New Zealand have issued new recommendations for ...
Start Reading
Patrick Münch July 27, 2022 4 min read

Exposing What's Under the Hood of Ransomware Attacks

Ransomware is devastating to a company because it damages critical data. During an ...
Start Reading
Tim Smith July 18, 2022 4 min read

CVEs: Close the Gaps That Let in Attackers

IT organizations are making cybercrime too easy. Projects like the National Vulnerability ...
Start Reading
view raw