Chainguard Unveils Memory-Safe Linux Distribution
Chainguard this week made available a memory-safe distribution of Linux, dubbed Wolfi, that promises to eliminate the root cause of the bulk of known software vulnerabilities. In addition, Chainguard has partnered with ...
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Law enforcement agencies from several countries got together and took down the site. They also worked to decrypt victims’ data ...
Manual Vs. SSPM: Streamlining SaaS Security Management
An interesting trend is unfolding in companies around the globe: They are investing in a growing number of SaaS apps to support day-to-day operations but then putting themselves in an extremely precarious ...
At the Edge of Tier Zero: The Curious Case of the RODC
The read-only Domain Controller (RODC) is a solution that Microsoft introduced for physical locations that don’t have adequate security to host a Domain Controller but still require directory services for resources in ...
PayPal Credential Stuffing Attacks Renew Calls for MFA
An internal review confirmed that on December 20, 2022, unauthorized parties could use account holders’ login credentials to access their PayPal accounts. In response to what is being called a credential stuffing ...
Phantom of the Pipeline: Abusing Self-Hosted CI/CD Runners
Introduction Throughout numerous Red Teams in 2022, a common theme of Source Control Supply Chain attacks in GitHub repositories has emerged. After many hours manually hunting for and exploiting these attack paths, ...
The Security Challenges of API Sprawl
When you have a lot of something—of anything—it’s hard to keep track. It could be books, cats, tools in the garage, apps on the phone. And when you can’t keep track, you ...
Penetration Testing – Protecting your assets from cyber threats.
Introduction Pen testing is seen as a proactive cybersecurity measure because it calls for ongoing, self-initiated modifications depending on the test’s results. This is distinct from nonproactive strategies, which don’t address problems ...
US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
An unsecured Jenkins server contained secret credentials for more than 40 public-cloud storage buckets. In today’s SB Blogwatch, we say hello to our old friend maia arson crimew ...
What Are Open Source Kubernetes Policy Engines? Why You Need One & How to Pick
The idea behind Kubernetes policies is that you will be more successful if you put guardrails in place for your development teams to ensure that they are adhering to Kubernetes best practices. Creating ...
