Root

Hot off the press! We're excited to share our first customer case study with datuum.ai 🚀 When handling 1M+ daily data transformations for Fortune 500 companies and government agencies, zero vulnerabilities isn't optional - it's essential. See how Datuum's team of three transformed their security operations with Root.io: - 98% reduction in critical/high vulnerabilities (Week 1) - 90% less time spent on vulnerability management - Doubled container deployment without adding headcount "Root.io transformed our security operations from a potential bottleneck into a competitive advantage." - Serhii Lykhoman, VP of Engineering at Datuum Find out how Root.io can deliver similar results for your team. Download our latest case study: https://lnkd.in/g9CgWfwm

Quick action matters with security. That's why we patched the critical libpam vulnerability immediately - while Debian and Ubuntu are still listing it as vulnerable. ⚠️ CVE-2024-10963 is a serious authentication bypass that lets attackers spoof hostnames to get around access controls. Our research team fixed it in our Debian Bookworm and Bookworm-slim container images as soon as we spotted it, while official Debian and Ubuntu repositories are still working on a solution. 🔍 What you need to know: - This is an active threat to systems using pam_access - Official distro repositories haven't patched yet - Your access controls could be bypassed through hostname spoofing - Full technical details in our latest blog in the comments 🛠️ How to fix: - Quick fix: Check your DNS hostname configurations - Better fix: Get your Debian-bookworm based image remediated with Root! Ready to secure your containers? Start with Root: https://www.root.io/

🚨 Fast Action on CVE-2024-10963! 🚨 The Root Labs team delivered a patch for this libpam vulnerability within 24 hours of the upstream code being available, but Debian and Ubuntu users are still waiting. 👍 Good news! We have made the patch available for Debian Bookworm and Bookworm-slim container images (through our auto-patching service), ensuring immediate protection for anyone running these container images. 💡 Why it matters: This vulnerability affects critical access control systems, leaving containers at risk. Root.io ensures you're protected—fast. 👉 Try it now and patch your images in minutes: app.root.io Read our blog for all the details: https://lnkd.in/gH_knN_X

📣 We’re Hiring a Go Software Developer in Tel Aviv! 📣 Root.io is looking for a skilled Go Software Developer to join our Tel Aviv team and help us build our Container Image Remediation platform. If you’re passionate about backend development, cloud-native applications, and creating secure solutions, this could be your next big move! As our Go Software Developer, you’ll: 💻 Design, build, and maintain efficient, reliable Go code. 🔍 Identify and resolve vulnerabilities, delivering secure, high-performing applications. 🤝 Collaborate with Product, Design, and Engineering teams to bring ideas to life. What we’re looking for: ⚙️ At least 4 years in software development, with 2+ years in Go. 🌩️ Hands-on experience with cloud-native applications on AWS, Azure, or GCP. 🐳 Proficiency in containerized application development and backend platform design. At Root.io, we value teamwork, collaboration, and technical excellence. Join us to make security more accessible and efficient for our users. If this job sounds like you, apply below and let’s connect! https://lnkd.in/gBZE7zRQ

📣 Root.io is Hiring a Container Expert in Tel Aviv! 📣 We’re looking for a Container Expert to help shape our approach to container vulnerability remediation and feature expansion. If you’re a Tel Aviv-based expert with a passion for containers, security, and innovation, this might be your next big move! As our Container Expert, you’ll: 🧩 Bring deep expertise in building, hosting, and patching container images. 🔍 Lead research on image remediation methodologies, advancing our platform’s capabilities. 🛠️ Support our Patch Creation team, enabling solutions for diverse technical challenges. About You: ⚙️ 7+ years in engineering or DevOps, with extensive Docker and Kubernetes experience. 🧰 Proficient in CI/CD and build systems, with best practices for multi-stage Docker builds. 🔐 Problem-solver in container security with a passion for simplifying complexity. At Root.io, we value teamwork, collaboration, and technical excellence. Join us to make security more accessible and efficient for our users. If this sounds like you, apply below! https://lnkd.in/gfrDz3tY

📣 Calling Boston-based Marketers! 📣 We’re hiring a Marketing Manager to build our Go-To-Market foundation. Ready to make a real impact in an early-stage startup? Let’s chat if this sounds like you: As our Marketing Manager, you’ll: 🎯 Shape and drive marketing strategies that build brand awareness, engage customers, and generate leads. 📈 Manage and optimize campaigns, content, SEO, and social media to bring our mission to life. 🤝 Partner with sales, product, and leadership teams to ensure alignment and forward momentum. What we're looking for: ⚡ Thrives in fast-paced environments – Energized by dynamic, rapidly evolving challenges. 💻 Expertise with marketing tools – Skilled with HubSpot, Google Analytics, and similar platforms. 🔍 Passion for simplifying complexity – You make security accessible and clear. If you’re a Boston-based marketer excited about tech and eager to make a difference, this hybrid role (3 days in-office near South Station) could be your next big move! https://lnkd.in/gJ-CE8GU

🚨 Supply Chain Attack Alert on LottieFiles 🚨 Yesterday, Root Labs detected a supply chain attack affecting the popular `@lottiefiles/lottie-player` library. Compromised versions (2.0.5+) contain malicious code that triggered pop-ups and attempted crypto wallet interactions on impacted sites. 🔍 What Happened: Attackers injected harmful code into LottieFiles' GitHub repository, which then spread through NPM. Thankfully, the LottieFiles team quickly rolled back to a secure version. How to Protect Your Projects: 📌 Pin Dependencies: Avoid dynamic tags like `@latest` in production to prevent unverified updates. 🔍 Audit Regularly: Check dependencies for vulnerabilities to stay protected. 💪🏼 Strengthen Policies: Use Content Security Policies (CSP) and subresource integrity (SRI) for safer code linking. Supply chain attacks have surged 650% in recent years, making dependency security essential. For a deep dive into this attack and tips to safeguard your code, see our blog (link in comments). #SupplyChainSecurity #vulnerabilitymanagement

Lottiefiles is the subject of the latest software supply chain attack this evening. We'll be updating as more becomes available from our researchers.

At #BlackHat? Stop by booth SC311 to meet our team! John Amaral, Benji Kalman, Ian R., Ayse Kaya

🚀 Discover How Root is Transforming Software Security! In our latest interview with TFiR, our CEO, Ian R. and Swapnil Bhartiya explore how Root is setting new standards in software security and ensuring compliance with the NIST Cybersecurity Framework (CSF) 2.0. Watch the interview here: https://lnkd.in/ev8dKaek For a detailed overview, visit the podcast page: https://lnkd.in/eDgxA7xD Ian highlights the challenges many companies face in managing vulnerabilities within their containerized applications and how Root provides a collaborative platform to streamline this process. By establishing a collaborative platform, Root eliminates the challenge of trusting application security. This benefits both developers who can efficiently verify their applications, and users who gain confidence in the software's security. We'll be at Black Hat Startup City Booth SC311 next week! Come meet with us to discuss how Root can help secure your software and streamline your development process. #ApplicationSecurity #NISTCompliance #Blackhat2024 #Blackhat #CyberSecurity