Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On July 10, 2024, GitLab issued an advisory regarding a critical vulnerability (CVE-2024-6385) in GitLab CE/EE that had been reported to them through a bug bounty program. This vulnerability allows a threat actor to trigger a GitLab pipeline as another user under certain circumstances. A GitLab pipeline is a collection of automated processes that run in stages to build, test, and deploy code.

Enhance your secrets remediation process with GitGuardian’s new features: pinpoint the locations needing code fixes and track the progress in real time. Discover how these tools can boost efficiency, enhance collaboration, and shorten remediation times.

Want to be proactive and mitigate risks? Have your source code backed up… Try GitProtect.io backups for DevOps tools. In software engineering, by risks we mean events or factors that pose a possibility to impact the outcome of a project. These risks can be both internal and external. Managing them involves: detecting, assessing, and dealing with vulnerabilities that could affect the project.

The best way to manage passwords for families is to use a family password manager. Keeper Family Password Manager gives each family member their own encrypted digital vault to securely store their passwords, along with files, photos, MFA codes and other information.

No, using public WiFi in airports is not safe because you could unknowingly be sharing your private data with a cybercriminal. Because public networks are unsecured and airports are filled with people on the go, cybercriminals frequently target them to steal sensitive information and gain access to victims’ online accounts. Continue reading to learn what is so dangerous about using airport WiFi and how to stay safe if you do need to use it while traveling.

The SANS 2024 SOC Survey, a comprehensive new Torq-sponsored study, reveals that for the first time in decades, the tenure of SOC and Security Analysts is increasing. They’re choosing to remain at their posts for three-to-five years, up from an average of one-to-three years. Modern post-SOAR hyperautomation solutions are playing a significant role in alleviating the burdens these cybersecurity pros face.

Despite first appearing earlier this year, RansomHub is already considered one of the most prolific ransomware groups in existence. It operates a ransomware-as-a-service (RaaS) operation, meaning that a central core of the group creates and maintains the ransomware code and infrastructure, and rents it out to other cybercriminals who act as affiliates.

In a world where increasing numbers of transactions are done online, compliance with PCI DSS (Payment Card Industry Data Security Standard) is crucial. However, with more organizations turning to cloud-based service providers such as AWS, Azure or GCP, ensuring that payment data is kept completely secure is becoming more challenging.

Risk management has always been a central part of business, especially for financial institutions. From bank loan underwriting to insurance premium calculations and payment risk assessment, comprehensive risk management methodologies are vital to any business that deals with high-trust user actions. In particular, risk management is crucial to combating fraud – a huge global problem, the broad economic impact of which is clear.