GitHub rotates keys to mitigate impact of credential-exposing flaw

January 16, 2024 at 05:23PM GitHub resolved vulnerabilities enabling attackers to access credentials in production containers by patching CVE-2024-0200. The update applies to GitHub Enterprise Server versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. While potential exploitation requires an organization owner role, GitHub rotated exposed credentials and urges swift security update installation. Additionally, a command injection vulnerability … Read more

Exposed Secrets are Everywhere. Here’s How to Tackle Them

January 5, 2024 at 05:27AM The text emphasizes the importance of effectively managing exposed secrets within an organization’s source code to prevent unauthorized access and data breaches. It outlines the key factors in addressing exposed secrets, such as classification, understanding the scope of exposure, identifying root causes, and leveraging technology for effective secrets management. It … Read more

Microsoft fixes critical Azure CLI flaw that leaked credentials in logs

November 14, 2023 at 01:46PM Microsoft has addressed a critical security vulnerability in Azure CLI that could allow attackers to steal credentials from GitHub Actions or Azure DevOps logs. The bug, identified as CVE-2023-36052, enables unauthenticated attackers to access plain text contents written by Azure CLI to CI/CD logs. Microsoft advises users to update to … Read more

Security Is a Process, Not a Tool

November 13, 2023 at 03:04AM The cybersecurity industry focuses on developing new tools to address security challenges, but the most common cause of incidents remains process errors. According to a survey, 33% of security incidents are due to process errors, and 55% of security tools are not actively managed. Process mining for cybersecurity is proposed … Read more

CI/CD Pipeline: How to Overcome Set-Up Challenges

October 19, 2023 at 01:03PM Setting up a CI/CD pipeline comes with several challenges, but there are strategies to overcome them. These include implementing strong authentication practices, ensuring robust networking, conducting code reviews, selecting the right branching strategy, managing secrets securely, practicing effective change management, validating the pipeline through automation and monitoring, and effectively communicating … Read more