December 13, 2024 at 04:11AM GitGuardian addresses the growing security concern of managing secrets across multiple vaults for Non-Human Identities (NHIs) in enterprises, which now outnumber human users 100 to one. Their new multi-vault integrations provide centralized visibility, automate detection, and streamline management, enhancing security and compliance while reducing operational costs. ### Meeting Takeaways: 1. … Read more
December 12, 2024 at 09:51AM Cybersecurity researchers warn that numerous publicly accessible Prometheus servers are vulnerable to information leakage and attacks due to inadequate authentication. Sensitive data, including credentials, can be exposed, and denial-of-service attacks may occur via specific endpoints. Organizations should implement authentication, limit exposure, and monitor server activity to mitigate risks. **Meeting Takeaways … Read more
December 10, 2024 at 08:04AM Astrix Security, a startup focusing on securing non-human identities, has raised $45 million in Series B funding, totaling $85 million. Investors include Menlo Ventures, Workday Ventures, and BVP. The company addresses identity management challenges and has expanded its workforce significantly to serve major clients like Workday and Netapp. ### Meeting … Read more
October 21, 2024 at 04:17PM The Internet Archive faces renewed security issues after a hacker allegedly accessed Zendesk tokens, sending a mass email revealing vulnerabilities in its systems. Despite previous data breaches, the archive reportedly failed to rotate exposed API keys, raising concerns about proactive security measures. The organization has not commented on the situation. … Read more
October 20, 2024 at 09:36PM The Internet Archive faces ongoing issues following a recent infosec breach, with unknown parties allegedly sending mass emails using stolen Zendesk tokens. The emails claimed access to sensitive user data, raising concerns about security. Despite the Archive’s outreach for donations, many are wary about sharing personal information amidst these vulnerabilities. … Read more
October 20, 2024 at 10:50AM The Internet Archive suffered a security breach on its Zendesk support platform, leading to the exposure of over 800,000 support tickets and a stolen user database of 33 million individuals. Despite prior warnings about exposed GitLab tokens, security measures were not implemented, allowing the breach to occur for notoriety among … Read more
September 3, 2024 at 03:42AM Summary: Secrets, like API keys and passwords, pose a significant risk when accidentally shared in collaboration tools. Machine identities now outnumber human identities, and secrets are found not only in code but also in tools like Slack and Jira. Integrating platforms like GitGuardian for real-time monitoring and training teams on … Read more
July 31, 2024 at 07:40AM Clutch Security offers a Universal Non-Human Identity (NHI) Security platform to help enterprises manage non-human identities like API keys, tokens, and service accounts. The platform provides visibility into these identities, identifies associated risks, and offers tailored remediation advice. The company also announced an $8.5 million seed funding round led by … Read more
May 2, 2024 at 02:36PM Dropbox alerts customers of a data breach in its cloud-based service, exposing customer credentials and authentication data. Unauthorized access to the Dropbox Sign production environment compromised customer database, exposing emails, usernames, and hashed passwords. Dropbox took immediate mitigation steps, including password resets and restricting certain functionalities, while continuing to investigate … Read more
May 1, 2024 at 06:24PM Hackers breached Dropbox Sign’s production systems, accessing authentication tokens, MFA keys, hashed passwords, and customer data. The company detected unauthorized access on April 24 and found that threat actors gained access to an automated system configuration tool, allowing them to access the customer database. Dropbox reset all users’ passwords and … Read more