Uber Breach 2022 – Everything You Need to Know

Uber Breach 2022 – Everything You Need to Know

| | Breach explained
On Thursday, September 15th, Uber confirmed reports of an organization-wide cybersecurity breach. This is an evolving situation, but we will bring you here the latest information and commentary as we get it ... Read More
Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault

| | Conferences
The promise of AI code assistance like Copilot was an exciting promise when released. But they might not be the answer to all your problems. A research study has now found that while Copilot frequently introduces vulnerabilities, it may in fact be influenced by the input. Poor code, poor outcome ... Read More
Black Hat 25 – What you need to know

Black Hat 25 – What you need to know

| | Conferences
Missed out on Black Hat 2022 briefings or got stuck in the business hall? We have you covered ... Read More
Detect secrets with a pre-commit git hook using ggshield and the pre-commit framework

Securing your SDLC (Software Development Life Cycle)

|
Building security into our applications is widely considered to be an important priority in mature companies. But even still it is often overlooked at earlier stages of the development making the cost of security exponentially higher the later in the process we start to consider it. In this post, we ... Read More
Detect secrets with a pre-commit git hook using ggshield and the pre-commit framework

Securing your SDLC (Software Development Life Cycle)

In this post, we are going to break down the SDLC and look at how we can add security at each stage with helpful resources ... Read More
How Hackers Used Stolen GitHub Tokens to Access Private Source Code

How Hackers Used Stolen GitHub Tokens to Access Private Source Code

Attackers have used stolen OAuth tokens issued to Travis CI and Heroku to gain access to private git repositories on GitHub. Here we take a look at exactly what happened, why it's significant, and how to mitigate the issue ... Read More
Latest from Lapsus$, Reviewing the Microsoft Breach

Latest from Lapsus$, Reviewing the Microsoft Breach

Lapsus$ has continued its prolific pace of breaches now leaking internal source code from 250 Microsoft projects. GitGuardian analyzed the code looking for secrets sprawl ... Read More
EUAC CUI classified secrets SMB

Secrets Detection: An Emerging AppSec Category

Applications are no longer standalone monoliths, they now rely on thousands of independent building blocks: cloud infrastructure, databases, SaaS components such as Stripe, Slack and HubSpot, just to name a few. This is a significant shift in software development. Secrets are the glue that connects these different application building blocks ... Read More
Security Boulevard