Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities

December 4, 2024 at 09:07AM Shortening TLS certificate life cycles to as low as 30 days improves website security by reducing exposure to vulnerabilities. Organizations should automate certificate updates to minimize errors and operational disruptions, particularly benefiting SMBs. Continuous monitoring via Certificate Lifecycle Management (CLM) can also uncover unnoticed digital certificates, enhancing overall risk management. … Read more

Lessons From OSC&R on Protecting the Software Supply Chain

November 15, 2024 at 09:44AM Today’s software development, combining open source, third-party, and custom code, faces heightened vulnerabilities, as evidenced by notable breaches. A recent report highlights that 95% of organizations encounter serious risks, emphasizing the need for proactive, multilayered security strategies throughout the development life cycle to mitigate these ongoing threats effectively. ### Meeting … Read more

Port Raises $35M for its End-to-End Internal Developer Portal

October 16, 2024 at 05:23PM Port announced $35 million in Series B funding, totaling $58 million to date, aimed at expanding its internal developer portal platform. With a sevenfold revenue increase and major clients like LG and GitHub, Port enhances developer productivity and compliance through an adaptable platform integrating AI capabilities to streamline workflows. ### … Read more

Cisco investigates breach after stolen data for sale on hacking forum

October 14, 2024 at 10:30PM Cisco is investigating claims of a data breach after a hacker, “IntelBroker,” alleged the theft of sensitive files including source code and customer data. The investigation follows IntelBroker’s announcement of selling the stolen data on a hacking forum. The connection to previous breaches remains unclear. ### Meeting Takeaways: 1. **Investigation … Read more

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

October 11, 2024 at 03:27AM GitLab has released security updates for its Community and Enterprise Editions, addressing eight vulnerabilities, including a critical one (CVE-2024-9164) with a CVSS score of 9.6, allowing unauthorized CI/CD pipeline execution. Users are urged to update their instances to mitigate potential threats, as ongoing vulnerabilities have recently been disclosed. **Meeting Takeaways … Read more

GitLab warns of critical arbitrary branch pipeline execution flaw

October 10, 2024 at 11:19AM GitLab has issued security updates for vulnerabilities in Community and Enterprise Editions, notably a critical flaw (CVE-2024-9164) that allows unauthorized pipeline execution. Patches are available in versions 17.4.2, 17.3.5, and 17.2.9. Users are urged to upgrade promptly; dedicated customers need not take action. **Meeting Takeaways:** 1. **Security Update Release**: GitLab … Read more

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

September 19, 2024 at 01:36AM GitLab released patches to address a critical flaw in both Community and Enterprise Editions, rooted in the ruby-saml library, allowing an authentication bypass. The vulnerability affects single sign-on security, prompting the update of dependencies and urging self-managed installations to enable two-factor authentication as a mitigation. Threat indicators suggest active exploitation … Read more

GitLab warns of critical pipeline execution vulnerability

September 12, 2024 at 10:50AM GitLab has released critical updates to address multiple vulnerabilities, including the most severe CVE-2024-6678, allowing an attacker to trigger pipelines as arbitrary users. The release encompasses versions 17.3.2, 17.2.5, and 17.1.7 for both CE and EE, and addresses a total of 18 security issues. GitLab urges immediate upgrading to the … Read more

AppCD Closes $12.3M Seed Round and Rebrands to StackGen

September 11, 2024 at 01:11PM StackGen, formerly appCD, closed a $12.3M seed round led by Thomvest Ventures with existing investors, and appointed Arshad Sayyad as Chief Business Officer. Its funding will accelerate product development and enhance its go-to-market strategy. StackGen is revolutionizing infrastructure from code and providing seamless, full-stack solutions to meet growing demand from … Read more

Application builders get ready

September 3, 2024 at 04:58AM The Grey Matter ISV Partner Day on 9 October will bring together Microsoft-focused ISVs, SaaS Providers, and application builders from the UK and Ireland. The free event at Select Car Leasing Stadium features content tracks on the latest Microsoft technologies, with experts covering topics including data, AI, cloud security, and … Read more