Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Git

The Uber Hack - A step by step breakdown of the 2022 Uber data breach

Oct 7, 2022 By GitGuardian In GitGuardian
On September 15th Uber suffered a significant breach. In this video, we will break down exactly how Uber was breached from initial access to how the attacker moved laterally into different internal systems of Uber. What happened? Here’s what we know so far, pending investigation and confirmation from Uber’s security teams.
View Video
CrowdStrike

"Gitting" the Malware: How Threat Actors Use GitHub Repositories to Deploy Malware

Sep 30, 2022 By Joshua Fraser In CrowdStrike

The CrowdStrike Falcon Complete™ managed detection and response (MDR) team recently uncovered a creative and opportunistic interpretation of a watering hole attack that leverages GitHub to gain access to victim organizations. In the observed cases, there were no phishing emails, no exploitation of public-facing vulnerabilities, no malvertising and no compromised credentials.

Read Post
sysdig

Image Scanning with GitHub Actions

Sep 26, 2022 By Álvaro Iradier In Sysdig

Scanning a container image for vulnerabilities or bad practices on your GitHub Actions using Sysdig Secure is a straightforward process. This article demonstrates a step-by-step example of how to do it. The following proof of content showcased how to leverage the sysdig-cli-scanner with GitHub Actions. Although possible, it is not officially supported by Sysdig, so we recommend checking the documentation to adapt these steps to your environment.

Read Post

BlackHat 2022 key takeaways - Everything you need to know from BlackHat 25

Aug 26, 2022 By GitGuardian In GitGuardian
Slides - BlackHat 25 was big, with hundreds of briefings, training sessions, vendor booths, and of course, parties, it is hard to get to everything. That's why this year we are covering the key trends and takeaways from the briefings of the 25th installment of BlackHat. This video covers 4 main takeaways This video covers a lot of different talks but if you want more information see links below to interesting blogs and whitepapers.
View Video
Snyk

Rediscovering argument injection when using VCS tools - git and mercurial

Aug 23, 2022 By Alessio Della Libera In Snyk

One of the main goals for this research was to explore how it is possible to execute arbitrary commands even when using a safe API that prevents command injection. The focus will be on Version Control System (VCS) tools like git and hg (mercurial), that, among some of their options, allow the execution of arbitrary commands (under some circumstances). The targets for this research are web applications and library projects (written in any programming language) that call these commands using a safe API.

Read Post

Creating a .gitignore file - How we can use git ignore to prevent adding unwanted files to git

Aug 4, 2022 By GitGuardian In GitGuardian
A.gitignore file is a great and simple tool we can use to prevent including unwanted files in a git repository. This file can be used to simply ignore files and directories but also be used to create complex rules and partial rules to ignore select files. In this video GitGuardian developer advocate, Mackenzie, runs through exactly how to get started with both a local and a global.gitignore file and shows exactly how the file works. This is designed as an introduction so that you have the knowledge to understand more complex uses for the.gitignore files.
View Video

[Webinar] Detecting intrusion in DevOps environments with AWS canary tokens

Jul 27, 2022 By GitGuardian In GitGuardian
Last year, hardcoded secrets made it 2nd to the OWASP Top 10 Web Application Security Risks. This year, the vulnerability gained a spot and now ranks 15th on the MITRE CWE Top 25 Most Dangerous Software Weaknesses. Needless to say, no organization wants to have its secrets exposed during software development. But what if I told you security teams could use hardcoded secrets to their advantage? Join me on Wednesday, July 27th, for a live discussion with Eric Fourrier, CTO at GitGuardian, on how to detect compromised developer and DevOps environments with canary tokens.
View Video

SecDevOps & LimaCharlie: Automating and auditing of Github access.

Jul 1, 2022 By LimaCharlie In LimaCharlie
LimaCharlie's Security Infrastructure as a Service (SIaaS) approach makes it ideal for securing your CI/CD pipeline and building security solutions that make sense for you. In this video LimaCharlie founder and CEO, Maxime Lamothe-Brassard, walks through various ways to visibility and add layers of protection to your development process.
View Video
Subscribe to Git

Copyright © 2024 OpsMatters™. All rights reserved.