September 2023

Protecting Your Software Supply Chain: Understanding Typosquatting and Dependency Confusion Attacks

Sep 29, 2023 By Guest Expert In GitGuardian

Typosquatting and dependency confusion are two common tactics used by hackers to exploit open-source package repositories. Understand how these attacks work and discover preventive measures to secure your infrastructure.

Read Post

GitGuardian

Read more about Protecting Your Software Supply Chain: Understanding Typosquatting and Dependency Confusion Attacks

Hands-on guide to Runtime Security for CI/CD Pipelines with StepSecurity

Sep 27, 2023 By GitGuardian In GitGuardian

In this webinar, we are joined by Varun Sharma and Ashish Kurmi, founders of StepSecurity. StepSecurity is a pioneer in runtime security for CI/CD pipelines. Given that CI/CD is a high-privileged environment that builds release artifacts and has admin cloud credentials, there has been an increase in attacks on CI/CD pipelines. The importance of CI/CD Security has been underlined by recent guidance from the Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA)

View Video

GitGuardian

Read more about Hands-on guide to Runtime Security for CI/CD Pipelines with StepSecurity

Secrets management takes more than just tools

Sep 27, 2023 By Dwayne McDaniel In GitGuardian

Can you just purchase a tool to give you good security posture? Discover how People, Processes, and Tools elevate code security to protect against data breaches.

Read Post

GitGuardian

Read more about Secrets management takes more than just tools

Microsoft AI involuntarily exposed a secret giving access to 38TB of confidential data for 3 years

Sep 26, 2023 By Thomas Segura In GitGuardian

Discover how an overprovisioned SAS token exposed a massive 38TB trove of private data on GitHub for nearly three years. Learn about the misconfiguration, security risks, and mitigation strategies to protect your sensitive assets.

Read Post

GitGuardian

Read more about Microsoft AI involuntarily exposed a secret giving access to 38TB of confidential data for 3 years

A look at the future of supply chain and national security: Updates from CISA and NIST

Sep 22, 2023 By Dwayne McDaniel In GitGuardian

Explore CISA & NIST's recent cybersecurity publications. Get key insights into securing vital infrastructure in an ever-evolving threat landscape and how GitGuardian can help.

Read Post

GitGuardian

Read more about A look at the future of supply chain and national security: Updates from CISA and NIST

From GitHub Leak to Pwn: A Hacker's Kill Chain

Sep 20, 2023 By Nicolas DANJON In GitGuardian

Discover how seemingly minor mistakes, like leaking a secret to a non-publicly accessible resource, can lead to a major breach. In this engaging scenario, see how an attacker would chain vulnerabilities to access highly sensitive areas, and learn a valuable lesson along the way.

Read Post

GitGuardian

Read more about From GitHub Leak to Pwn: A Hacker's Kill Chain

Honeytoken Adventure: From Beta to Beyond

Sep 18, 2023 By Soujanya Ain In GitGuardian

Read the journey of GitGuardian Honeytoken, a tool that is changing the game in supply chain protection and threat detection. Explore its features, the motivation behind its creation, and what's next.

Read Post

GitGuardian

Read more about Honeytoken Adventure: From Beta to Beyond

Three Recent Examples of Why You Need to Know How Vulnerable Your Secrets Are

Sep 15, 2023 By Nicolas DANJON In GitGuardian

In today's digital landscape, the issue of compromised credentials has become a major concern. Discover how renowned companies like Microsoft, VMware, and Sourcegraph were recently confronted with the threats of secrets sprawling.

Read Post

GitGuardian

Read more about Three Recent Examples of Why You Need to Know How Vulnerable Your Secrets Are

Add Your Own Custom Secrets Detectors To GitGuardian

Sep 14, 2023 By GitGuardian In GitGuardian

Did you know you can add custom detectors to make GitGuardian Secrets Detection even more powerful? GitGuardian already looks for over 390 different types of specific secrets - from Adobe and AWS keys to Zoom and Zendesk Tokens. That's on top of looking for over a dozen generic patterns like Bearer tokens and JSON web tokens. Now, anyone on a Business plan or higher can request to extend GitGuardian's secrets detection engine to support detectors specific to their organization.

View Video

GitGuardian

Read more about Add Your Own Custom Secrets Detectors To GitGuardian

8.5% of Docker images expose API and Private Keys

Sep 14, 2023 By Mackenzie Jackson In GitGuardian

A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.

Read Post

GitGuardian

Read more about 8.5% of Docker images expose API and Private Keys

Handling Secrets with AWS Secrets Manager

Sep 8, 2023 By Guest Expert In GitGuardian

This tutorial helps you better understand AWS Secrets Manager, how it works under the hood and how to access it from Kubernetes clusters.

Read Post

GitGuardian

Read more about Handling Secrets with AWS Secrets Manager

Compromised Credentials Leading Cause Of Initial Attack Access And Faster Attacks: Findings from the Sophos 2023 Active Adversary Report

Sep 6, 2023 By Dwayne McDaniel In GitGuardian

Discover insights from Sophos' 2023 Active Adversary Report. Credential leaks are now the leading way in for attackers and dwell times are getting shorter.

Read Post

GitGuardian

Read more about Compromised Credentials Leading Cause Of Initial Attack Access And Faster Attacks: Findings from the Sophos 2023 Active Adversary Report

dev up 2023: Leveling up our dev skills, security posture, and careers

Sep 1, 2023 By Dwayne McDaniel In GitGuardian

dev up 2023 was a gathering of industry professionals looking to Elevate their skills and security know-how. Read about the latest in tools, DevOps, security, and career growth.

Read Post

GitGuardian

Read more about dev up 2023: Leveling up our dev skills, security posture, and careers

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2023

Protecting Your Software Supply Chain: Understanding Typosquatting and Dependency Confusion Attacks

Hands-on guide to Runtime Security for CI/CD Pipelines with StepSecurity

Secrets management takes more than just tools

Microsoft AI involuntarily exposed a secret giving access to 38TB of confidential data for 3 years

A look at the future of supply chain and national security: Updates from CISA and NIST

From GitHub Leak to Pwn: A Hacker's Kill Chain

Honeytoken Adventure: From Beta to Beyond

Three Recent Examples of Why You Need to Know How Vulnerable Your Secrets Are

Add Your Own Custom Secrets Detectors To GitGuardian

8.5% of Docker images expose API and Private Keys

Handling Secrets with AWS Secrets Manager

Compromised Credentials Leading Cause Of Initial Attack Access And Faster Attacks: Findings from the Sophos 2023 Active Adversary Report

dev up 2023: Leveling up our dev skills, security posture, and careers

Monthly Archive

Follow Us