Lucene search
K

1393 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:3 p.m.24 views

Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS4.7AI score0.00691EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 4:55 p.m.5 views

com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0) potentially affected by CVE-2019-10390 via com.splunk.splunkins:splunk-devops (>=1.0 <=1.7.0)

com.splunk.splunkins:splunk-devops MAVEN version =1.0, =1.0, =1.7.0 Source cves: CVE-2019-10390 Source advisory: OSV:GHSA-CJR8-5RW4-WH65...

8.8CVSS7.2AI score0.01677EPSS
Exploits0
Imperva Blog
Imperva Blog
added 2022/05/24 1:34 p.m.18 views

How to Develop Machine Learning Skills for Every Employee in Your Company

Everyone loves Artificial Intelligence AI and Data Science DS, and it’s probably not going to change for the next decade or so. Even so, most people only have the general idea what data science is and what machine learning or AI algorithms can do. This is quite normal and a common phenomenon for...

7.5AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/05/24 7:0 a.m.19 views

This Week in Spring - May 24th, 2022

Hi, Spring fans! Im in Spain for business and not just a little pleasure. Yesterday, my partner, her mother, and I went to Formentera, Spain, a little island off of Ibiza, Spain. It was amazing. Were now in Ibiza, Spain, which is a little island not far from Barcelona, Spain, on the mainland of...

Exploits0
The Hacker News
The Hacker News
added 2022/05/23 3:2 p.m.54 views

Yes, Containers Are Terrific, But Watch the Security Risks

Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don't mitigate these risks are vulnerable to attack. In this article, we outline how containers contribute...

7.1AI score
Exploits0
Akamai Blog
Akamai Blog
added 2022/05/19 1:0 p.m.22 views

Meet Mike Schiessl: Senior Technical Marketing Engineer

Meet Mike Schiessl to learn more about his career path, how companies can support a DevOps to DevSecOps transition, and the future of security and business...

1.6AI score
Exploits0
ThreatPost
ThreatPost
added 2022/05/02 12:15 p.m.119 views

Deep Dive: Protecting Against Container Threats in the Cloud

Containers are self-contained pods representing complete, portable application environments. They contain everything an application needs to run, including binaries, libraries, configuration files and dependencies Docker and Amazon Elastic, for instance, are two of the more well-known offerings...

7.1CVSS7.4AI score0.02209EPSS
Exploits2References3
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/04/27 12:0 a.m.8 views

New AWS Competency Category - Why It's Important

AWS DevOps competency recently added a new category, DevSecOps to its arsenal. Explore our overview of the category and why it matters to security and development teams building in the cloud...

3.3AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/04/21 12:0 a.m.14 views

Cryptomining Overview for DevOps

Learn the impacts of cryptomining attacks for DevOps as well as mitigation strategies to bolster security without impacting time to market delivery...

4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/04/15 2:22 p.m.276 views

Let's Dance: InsightAppSec and tCell Bring New DevSecOps Improvements in Q1

To the left, to the left, to the right, right — the CI/CD Pipeline is on the move. DevSecOps is all about adding security across the application lifecycle. A popular approach to application security is to shift left, which means moving security earlier in the software development lifecycle SDLC...

9.3CVSS0.1AI score0.99999EPSS
Exploits438
Microsoft Secure
Microsoft Secure
added 2022/04/14 6:0 p.m.18 views

A clearer lens on Zero Trust security strategy: Part 1

Todays world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and what it means. This first blog will draw on the past, present, and future to bring a clear vision while keeping our feet planted firmly on the...

6.8AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/04/13 12:0 a.m.9 views

Cybersecurity Basics: Authentication and Authorization

With most security incidents caused by exposed secrets in DevOps pipelines and tools, proper authentication and authorization is essential. Explore the basics of strong identity management to build more resilient apps...

3.8AI score
Exploits0
Kitploit
Kitploit
added 2022/04/06 9:30 p.m.31 views

Hcltm - Documenting Your Threat Models With HCL

Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file, to more in-depth word documents, to fully instrumented threat models in a centralised solution. Two of the most valuable attributes of a threat model are being able ...

7.2AI score
Exploits0References16
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/04/06 12:0 a.m.11 views

5 Zero Trust Security Model DevOps Integrations

Learn how the zero trust security model can be integrated into your DevOps lifecycle without implicating the agility or speed of your application build...

2.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/30 8:41 a.m.30 views

IT Firm Globant Confirms Breach after LAPSUS$ Leaks 70GB of Data

The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel – which has nearly around 54,000 members as ...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2022/03/23 3:28 p.m.224 views

Microsoft: Lapsus$ Used Employee Account to Steal Source Code

In a new blog post published last night, Microsoft confirmed that the Lapsus$ extortion group hacked one of its employee’s accounts to get “limited access” to project source code repositories. “No customer code or data was involved in the observed activities. Our investigation has found a single...

9AI score
Exploits0References12
Imperva Blog
Imperva Blog
added 2022/03/21 7:58 p.m.23 views

A Search for API Security in the Operator’s Tool Box

Much has been written about modern application security tools and solutions from the provider’s perspective about their functionality and security features. When I was asked to write a blog about API Gateways and API Security, I felt it may be more useful to think about the subject from the user’...

Exploits0
Akamai Blog
Akamai Blog
added 2022/03/21 8:5 a.m.26 views

Akamai and Linode: Giving Developers One Place to Build, Run, and Secure Apps

I am incredibly excited to announce that today we have completed the acquisition of Linode. You may have seen our press release announcing the acquisition, or listened to our earnings call during which our executives discussed why this is the right strategic investment for Akamai. But I wanted to...

0.1AI score
Exploits0
Kitploit
Kitploit
added 2022/03/14 11:30 a.m.26 views

CodeAnalysis - Static Code Analysis

Tencent Cloud Code Analysis TCA for short, code-named CodeDog inside the company early is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It also supports the integration of other code analysis tools. Code analysis is a...

8.1AI score
Exploits0References14
Rapid7 Blog
Rapid7 Blog
added 2022/03/02 5:29 p.m.30 views

InsightAppSec GitHub Integration Keeps Risky Code From Reaching Production

We've all been there. The software development life cycle SDLC is moving at a mile a minute. Developers are writing code, updating features, and all the while attempting to keep everything introduced into production as safe and secure as possible. GitHub Actions are essential to automation and...

0.1AI score
Exploits0
Rows per page
Query Builder