Sumo Logic Breach Shows Leaked Credentials Still a Persistent Threat

Sumo Logic Breach Shows Leaked Credentials Still a Persistent Threat

| | Breach explained
Sumo Logic reported a security breach on November 3, 2023, due to a compromised credential that allowed unauthorized AWS account access ... Read More
Finding leaked credentials in Docker images - How to secure your Docker images

8.5% of Docker images expose API and Private Keys

| | DevSecOps
A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild ... Read More
Exploring the Controversy: The Pros and Cons of Environment Variables - PyCon Italia

Exploring the Controversy: The Pros and Cons of Environment Variables – PyCon Italia

| | Conferences
Using environment variables to store secrets has long been considered a good practice. But in this article, we will explore different opinions as to why using env vars might be either good or bad for security ... Read More
Building resilient and secure systems - Lessons from Devoxx Poland

Building resilient and secure systems – Lessons from Devoxx Poland

| | Conferences
Devoxx Poland is a developer first confrence that invites software innovators from around the world present latest trends in the industry, here are some of the key takeaways to build secure and resilient systems ... Read More
CISO advice - building a comprehensive secrets management program

Lessons from Lapsus – CISO on Building a comprehensive secrets management program

Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program ... Read More
Why ChatGPT is a security concern for your organization (even if you don't use it)

Why ChatGPT is a security concern for your organization (even if you don’t use it)

| | DevSecOps
ChatGPT may not be used by all organizations and may even be banned. But that doesn't mean you don't have exposure to the security risks it contains. This post looks at why ChatGPT should be part of your threat landscape ... Read More
Twitter’s leak illustrates why source code should never be sensitive

Twitter’s leak illustrates why source code should never be sensitive

|
Twitter's source code was recently leaked publically on a GitHub repository. This blog post looks at exactly what happened and what security consequences could stem from this leak ... Read More
Creating a Honey Token - A complete tutorial

Creating a Honey Token – A complete tutorial

| | Tutorials
Honey Tokens or Canary Tokens are credentials designed to alert you when an attacker is in your infrastructure. This is a complete tutorial how to create them using only open-source projects ... Read More
The State of Security in Australia: HackSydney and BSides give insight into security post-Medibank and Optus

The State of Security in Australia: HackSydney and BSides give insight into security post-Medibank and Optus

| | Conferences
Cybersecurity in Australia has moved well and truly into the focus of the mainstream media and the everyday public. This year we saw two catastrophic security breaches with Optus, an Australian telecom provider, and Medibank, one of the largest health insurance providers in Australia. Both breaches saw huge amounts of ... Read More
Millions of .git folders exposed publically by mistake

Millions of .git folders exposed publically by mistake

| | DevSecOps
2022 has been the year of source code leaks; Microsoft, Nvidia, Samsung, Rockstar, and many more companies have had their source code involuntarily open-sourced. But some new research by CyberNews has revealed that there are millions of private git repositories that are, in fact, not all that private. In this ... Read More