How to Combat the Biggest Security Risks Posed by Machine Identities

The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber...

GHSA-8274-H5JP-97VR Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack

Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...

HCL Technologies HCL Launch Information Disclosure Vulnerability (CNVD-2022-58411)

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, India. for handling the most complex deployment processes in DevOps. HCL Technologies HCL Launch suffers from an information disclosure vulnerability that stems from the...

HCL Technologies HCL Launch Information Disclosure Vulnerability

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, India. for handling the most complex deployment processes in DevOps. HCL Technologies HCL Launch suffers from an information disclosure vulnerability that stems from storing...

HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, India. for handling the most complex deployment processes in DevOps. HCL Technologies HCL Launch suffers from an information disclosure vulnerability that stems from storing...

DevOps vs SRE: Differences & Similarities

While DevOps and site reliability engineering teams often work together and have shared goals, there are important distinctions between the two. This article explores the differences between their functions and responsibilities...

secureCodeBox (SCB) - Continuous Secure Delivery Out Of The Box

secureCodeBox is a kubernetes based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate and easily automate a bunch of security-testing tools out of the box. For additional documentation aspects please have a look at our documentation website:...

Azure vs. AWS Developer Tools

Both AWS and Azure developer tools provide key efficiencies in your DevOps environment, learn the comparison between tools, any overlap, and use cases for both...

MAL-2022-6035 Malicious code in servicenow_cicd_azuredevops (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98a23171679bfa9a049d94bfb3237b0fec15acf590f8517b59255ef1285829c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7 Facts About Insider Threats That Should Make you Rethink Data Security

In the report, Insider Threats Drive Data Protection Improvements, Forrester Research asserts that most organizations are making positive steps toward protecting the sensitive data they are migrating to the cloud. However, Forrester suggests that many have not devised a comprehensive plan that...

GitLab Issues Security Patch for Critical Account Takeover Vulnerability

GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of...

GHSA-8RFC-V3VJ-J62W Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

GHSA-PV4C-RJ4H-GR9M Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0) potentially affected by CVE-2019-10390 via com.splunk.splunkins:splunk-devops (>=1.0 <=1.7.0)

com.splunk.splunkins:splunk-devops MAVEN version =1.0, =1.0, =1.7.0 Source cves: CVE-2019-10390 Source advisory: OSV:GHSA-CJR8-5RW4-WH65...

How to Develop Machine Learning Skills for Every Employee in Your Company

Everyone loves Artificial Intelligence AI and Data Science DS, and it’s probably not going to change for the next decade or so. Even so, most people only have the general idea what data science is and what machine learning or AI algorithms can do. This is quite normal and a common phenomenon for...

This Week in Spring - May 24th, 2022

Hi, Spring fans! Im in Spain for business and not just a little pleasure. Yesterday, my partner, her mother, and I went to Formentera, Spain, a little island off of Ibiza, Spain. It was amazing. Were now in Ibiza, Spain, which is a little island not far from Barcelona, Spain, on the mainland of...

Yes, Containers Are Terrific, But Watch the Security Risks

Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don't mitigate these risks are vulnerable to attack. In this article, we outline how containers contribute...

Meet Mike Schiessl: Senior Technical Marketing Engineer

Meet Mike Schiessl to learn more about his career path, how companies can support a DevOps to DevSecOps transition, and the future of security and business...