During the Open Security Summit 2024, Yahoo! Principal Security Engineer Mert Coskuner and Kondukto CEO & Co-Founder Cenk Kalpakoglu delved into the intriguing topic of securing CI Runners through eBPF agents. Although the title might seem unconventional, it reflects their creative approach to solving security challenges in continuous integration environments. With the rapid digital transformation of businesses, there has been an increasing focus on supply chain attacks and their impact on security.

CI/CD pipelines are formed by a series of steps that automate the process of software delivery. They integrate the practices of Continuous Integration (CI) and Continuous Delivery (CD) along with the tools, platforms, and repositories that enable them. Their goal is to simplify, streamline and automate large parts of the software development process.

Picture a domino effect in the business world: one weak link in a supply chain triggers a cascade of disruptions. This is the reality of supply chain attacks, where a minor breach can escalate into a major crisis. It underscores the urgent need for robust security across the whole supply chain. Supply chain attacks represent a sophisticated threat to organizations, often involving multiple stages of exploitation.

CVE-2022-39327 is a code injection vulnerability that affects the command-line interface for Microsoft Azure (Azure CLI). The vulnerability allows an attacker to execute arbitrary commands on a Windows machine that runs an Azure CLI command with untrusted parameter values. The vulnerability was discovered by GitHub Security Lab and reported to Microsoft on October 7, 2022. Microsoft released a patch for the vulnerability on October 25, 2022, in version 2.40.0 of the Azure CLI.

This is an overview of the CVE-2023-40598 vulnerability, which affects Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1. We will explain the nature of the vulnerability, how it can be exploited, and how it can be fixed. We will also provide code examples, links to web pages with valuable information, and tips on how to prevent similar vulnerabilities in the future.

The Software Bill of Materials (SBOM) has become essential in application security as it provides a comprehensive list of every element within a software build. This is important because vulnerabilities can often emerge in third-party or transitive dependencies, not just in the main code. SBOM is used not only for vulnerability discovery but also to detect and understand open-source license violations in advance.