June 28, 2024 at 10:43AM GitLab released updates addressing 14 security flaws, including a critical vulnerability allowing unauthorized execution of CI/CD pipelines. The most severe flaw, CVE-2024-5655 (CVSS score: 9.6), impacts versions 15.8 to 17.1, with 17.1.1, 17.0.3, and 16.11.5 providing fixes. While there’s no active exploitation, users are urged to apply patches. Key takeaways … Read more
May 30, 2024 at 01:21PM Cloudflare announced the acquisition of BastionZero, a seed-stage startup based in Boston, Mass. The financial terms were not disclosed. BastionZero’s technology offers remote access to infrastructure for backend and cloud engineering teams. The acquisition fits into Cloudflare’s plan to extend its Zero Trust Network Access flows and enhance its VPN … Read more
May 22, 2024 at 01:03PM The RSA Conference 2024’s Innovation Sandbox highlighted emerging trends in AI security, deepfake detection, AI data security, and automation’s identity management. Reality Defender won for its deepfake detection capabilities, as startups showcased advanced AI security and detection technology. Startups are adapting to AI adversaries and data vulnerabilities, foreseeing reinvention of … Read more
May 1, 2024 at 12:33PM CISA warns of active exploitation of a critical GitLab vulnerability (CVE-2023-7028), allowing attackers to hijack accounts via password resets, potentially leading to supply chain attacks. While 2FA-protected accounts are safe, unpatched systems are at risk. GitLab has released fixes, and CISA urges prompt patching, especially for federal agencies and private … Read more
April 23, 2024 at 05:07PM Cloud security has progressed but still has a long way to go, with breaches costing organizations heavily. John Kindervag, a zero trust security proponent, emphasizes that simply moving to the cloud doesn’t make organizations more secure. Meanwhile, native security controls are hard to manage, and identity alone won’t save the … Read more
March 28, 2024 at 08:03AM The text discusses the challenges of managing non-human identities in modern software development, highlighting issues such as hard-coded secrets, scalability challenges, compliance difficulties, and the neglect of security in the development process. It also provides best practices for securing non-human identities and introduces Entro, a tool for efficient secrets management … Read more
March 15, 2024 at 11:45AM Codezero, a startup specializing in secure enterprise microservices development, has secured $3.5 million in seed funding led by Ballistic Ventures and angel investors. Based in Vancouver, the company aims to streamline Kubernetes software development workflows, offering a product called Teamspaces that creates an ephemeral environment similar to production and allows … Read more
March 11, 2024 at 12:51PM Steadybit, based in Solingen, Germany, has secured $6 million in Series A funding led by Paladin Capital Group, with participation from existing investors. The company uses chaos engineering to enhance software reliability by simulating disturbances and failures, helping organizations preempt and mitigate vulnerabilities. They are introducing a new feature called … Read more
February 1, 2024 at 10:07PM APIs are critical in the digital economy but can pose data security risks due to their proliferation. Shadow APIs and lack of visibility exacerbate these challenges. F5’s solution emphasizes inventory management, discovery, validation, and comprehensive visibility. Utilizing AI and ML, it offers intelligent risk mitigation and assists in unified management … Read more
January 29, 2024 at 11:12AM It is critical to update to the latest Jenkins versions due to a recently disclosed vulnerability (CVE-2024-23897). The security flaw in Jenkins versions before 2.442 and LTS 2.426.3 allows attackers to read sensitive information and execute arbitrary code. Organizations are urged to update to the patched versions or disable the … Read more