November 15, 2024 at 09:44AM Today’s software development, combining open source, third-party, and custom code, faces heightened vulnerabilities, as evidenced by notable breaches. A recent report highlights that 95% of organizations encounter serious risks, emphasizing the need for proactive, multilayered security strategies throughout the development life cycle to mitigate these ongoing threats effectively. ### Meeting … Read more
October 16, 2024 at 05:23PM Port announced $35 million in Series B funding, totaling $58 million to date, aimed at expanding its internal developer portal platform. With a sevenfold revenue increase and major clients like LG and GitHub, Port enhances developer productivity and compliance through an adaptable platform integrating AI capabilities to streamline workflows. ### … Read more
October 14, 2024 at 10:30PM Cisco is investigating claims of a data breach after a hacker, “IntelBroker,” alleged the theft of sensitive files including source code and customer data. The investigation follows IntelBroker’s announcement of selling the stolen data on a hacking forum. The connection to previous breaches remains unclear. ### Meeting Takeaways: 1. **Investigation … Read more
October 11, 2024 at 03:27AM GitLab has released security updates for its Community and Enterprise Editions, addressing eight vulnerabilities, including a critical one (CVE-2024-9164) with a CVSS score of 9.6, allowing unauthorized CI/CD pipeline execution. Users are urged to update their instances to mitigate potential threats, as ongoing vulnerabilities have recently been disclosed. **Meeting Takeaways … Read more
October 10, 2024 at 11:19AM GitLab has issued security updates for vulnerabilities in Community and Enterprise Editions, notably a critical flaw (CVE-2024-9164) that allows unauthorized pipeline execution. Patches are available in versions 17.4.2, 17.3.5, and 17.2.9. Users are urged to upgrade promptly; dedicated customers need not take action. **Meeting Takeaways:** 1. **Security Update Release**: GitLab … Read more
September 19, 2024 at 01:36AM GitLab released patches to address a critical flaw in both Community and Enterprise Editions, rooted in the ruby-saml library, allowing an authentication bypass. The vulnerability affects single sign-on security, prompting the update of dependencies and urging self-managed installations to enable two-factor authentication as a mitigation. Threat indicators suggest active exploitation … Read more
September 12, 2024 at 10:50AM GitLab has released critical updates to address multiple vulnerabilities, including the most severe CVE-2024-6678, allowing an attacker to trigger pipelines as arbitrary users. The release encompasses versions 17.3.2, 17.2.5, and 17.1.7 for both CE and EE, and addresses a total of 18 security issues. GitLab urges immediate upgrading to the … Read more
September 11, 2024 at 01:11PM StackGen, formerly appCD, closed a $12.3M seed round led by Thomvest Ventures with existing investors, and appointed Arshad Sayyad as Chief Business Officer. Its funding will accelerate product development and enhance its go-to-market strategy. StackGen is revolutionizing infrastructure from code and providing seamless, full-stack solutions to meet growing demand from … Read more
September 3, 2024 at 04:58AM The Grey Matter ISV Partner Day on 9 October will bring together Microsoft-focused ISVs, SaaS Providers, and application builders from the UK and Ireland. The free event at Select Car Leasing Stadium features content tracks on the latest Microsoft technologies, with experts covering topics including data, AI, cloud security, and … Read more
August 15, 2024 at 03:21AM A new attack vector named ArtiPACKED exploits GitHub Actions artifacts, potentially compromising repositories and cloud environments. Palo Alto Networks Unit 42 researchers revealed how misconfigurations and security flaws could lead to the leakage of tokens, opening opportunities for malicious actors to compromise services and push rogue code to production. Vulnerable … Read more