7 CSPM Tools to Secure Your Cloud Infrastructure
Cloud security covers a wide range of tools and frameworks, which makes it hard to implement. Cloud security posture management (CSPM) organizes the process ... Read More
Azure Devops Zero-Click CI/CD Vulnerability
The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets. The vulnerability does not require any action from the project maintainer, making it a zero-click supply chain vulnerability ... Read More
The Risks of Being Blind to AI in Your Own Organization
As artificial intelligence (AI) and large language models (LLMs) like GPT become more entwined with our lives, it is critical to explore the security implications of these tools, especially the challenges arising from a lack of visibility into AI-generated code and LLM embedding in applications ... Read More
Securing AI-Generated Code
Legit Security is the first ASPM platform with advanced capabilities to secure generative AI-based applications and bring visibility, security, and governance into code-generating AI. Millions of developers are using AI-based code assistants such as GitHub Copilot or Tabnine, but along with the great adoption a wide range of new risks ... Read More
Emerging Risks with Embedded LLM in Applications
Large Language Models (LLMs) like OpenAI's GPT and Google's Bard have swept the tech landscape with their transformative capabilities for helping organizations overcome resource constraints and accelerate the pace of innovation. But as these AI technologies find their way into various applications, it has become apparent that they come with ... Read More
Emerging Risks with Embedded LLM in Applications
Large Language Models (LLMs) like OpenAI's GPT and Google's Bard have swept the tech landscape with their transformative capabilities for helping organizations overcome resource constraints and accelerate the pace of innovation. But as these AI technologies find their way into various applications, it has become apparent that they come with ... Read More
Securing Your CI/CD Pipeline: Exploring the Dangers of Self-Hosted Runners
Continuous Integration/Continuous Deployment (CI/CD) pipelines have become crucial to modern software development practices. CI/CD pipelines can significantly improve development efficiency and software quality by automating the process of building, testing, and deploying code. Most modern CI/CD platforms (like GitHub actions, Circle CI, etc.) offer an option to run the pipeline ... Read More
Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack
The Legit Security research team has found a vulnerability in Azure Pipelines (CVE-2023-21553) that allows an attacker to execute malicious code in a context of a pipeline workflow, which allows attackers to gain sensitive secrets, move laterally in the organization, and initiate supply chain attacks ... Read More
How to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack
Jenkins is an open-source automation and build platform that allows for automated tests, integrations, builds, and much more. However, Jenkins also has vulnerabilities that make it susceptible to software supply chain attacks. See how attackers used compromised Jenkins plugins to launch cyberattacks and how to detect vulnerable Jenkins plugins at ... Read More
Toyota Customer Data Leaked Due To Software Supply Chain Attack
On Oct 7th, Toyota announced a possible data leakage incident stemming from a code repository in their software supply chain. The compromised data contained 296,019 customers' private information, including customers' personal email addresses ... Read More
