Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Git

[Webinar] Software Supply Chain Security & Attacks: The True, the False, and the Most Lethal

Nov 4, 2022 By GitGuardian In GitGuardian
What do high-profile incidents like SolarWinds SUNBURST, Codecov bash uploader, Log4Shell, ua-parser-js, or the more recent IconBurst all have in common? They’re all supply chain attacks... except one. Exploding interest in the security of the software development lifecycle from the media, industry analysts, vendors, and agencies, has left the rest of us, developers and security engineers, with many confusing definitions for supply chain attacks.
View Video

[Webinar] GitGuardian and TechStrong Present Tackling Secrets at the Enterprise Level

Oct 24, 2022 By GitGuardian In GitGuardian
As DevOps turns to multi-cloud, workload containerization, and infrastructure-as-code, securing and distributing secrets across teams and environments has become a complex undertaking. Left unmanaged, this leads to secrets sprawl; in other words, the exposure of credentials in source control servers, DevOps tools, and every component that makes up the software development life cycle (SDLC). With exposed secrets, attackers can easily access an organization’s critical resources. They can breach the perimeter to carry out attacks, hijack computing power, exfiltrate customer data and compromise the integrity of the software supply chain.
View Video

DevOps backups vs. ransomware - best security and compliance practices

Oct 21, 2022 By GitProtect In GitProtect
Ransomware is still on the rise and does not bypass DevOps ecosystems and SaaS services. Backup is the final line of defense against ransomware so it should be ransomware-proof itself. Watch the video and check on how to ensure the security and continuity of operations in your DevOps environments. Join the discussion of Mackenzie Jackson, Developer Security Advocate at GitGuardian, and Greg Bak, Product Development Manager at GitProtect to learn more about.
View Video

Toyota data breach - Database keys exposed publically in GitHub for 5 years

Oct 12, 2022 By GitGuardian In GitGuardian
On October 7th, Toyota revealed a partial copy of their T-Connect source code had been accidentally exposed for 5 years, including access to data for over 290,000 customers. In 2014, Toyota introduced a new telematics service called T-Connect to customers, offering interactive voice response and allowing drivers to connect to third-party apps. Toyota advertises it as their “connected services that provide safe, secure, comfortable, and convenient services through vehicle communication.”
View Video

[Webinar] DevOps backups vs. ransomware - best security and compliance practices.

Oct 11, 2022 By GitGuardian In GitGuardian
Ransomware is still on the rise and does not bypass DevOps ecosystems and SaaS services. Backup is the final line of defense against ransomware so it should be ransomware-proof itself. Join the webinar and check on how to ensure security and continuity of operations in your DevOps environments.
View Video

[Webinar] DevSecOps - A DevSecOps Maturity Model for Secrets Management

Oct 10, 2022 By GitGuardian In GitGuardian
Listen to experts from KuppingerCole Analysts and GitGuardian as they discuss security vulnerabilities in DevOps environments, which are often due to a lack of visibility and control of widely distributed secrets such as API keys, database passwords, cloud access keys, certificates, SSH keys, and service account passwords, leaving millions of credentials exposed.
View Video

The Uber Hack - A step by step breakdown of the 2022 Uber data breach

Oct 7, 2022 By GitGuardian In GitGuardian
On September 15th Uber suffered a significant breach. In this video, we will break down exactly how Uber was breached from initial access to how the attacker moved laterally into different internal systems of Uber. What happened? Here’s what we know so far, pending investigation and confirmation from Uber’s security teams.
View Video
CrowdStrike

"Gitting" the Malware: How Threat Actors Use GitHub Repositories to Deploy Malware

Sep 30, 2022 By Joshua Fraser In CrowdStrike

The CrowdStrike Falcon Complete™ managed detection and response (MDR) team recently uncovered a creative and opportunistic interpretation of a watering hole attack that leverages GitHub to gain access to victim organizations. In the observed cases, there were no phishing emails, no exploitation of public-facing vulnerabilities, no malvertising and no compromised credentials.

Read Post
sysdig

Image Scanning with GitHub Actions

Sep 26, 2022 By Álvaro Iradier In Sysdig

Scanning a container image for vulnerabilities or bad practices on your GitHub Actions using Sysdig Secure is a straightforward process. This article demonstrates a step-by-step example of how to do it. The following proof of content showcased how to leverage the sysdig-cli-scanner with GitHub Actions. Although possible, it is not officially supported by Sysdig, so we recommend checking the documentation to adapt these steps to your environment.

Read Post
Subscribe to Git

Copyright © 2024 OpsMatters™. All rights reserved.