Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Tag: credentials

Widespread Mini Shai-Hulud Campaign Is a Matter of Trust

Widespread Mini Shai-Hulud Campaign Is a Matter of Trust

| | 360 Privacy, AI supply chain attacks, Aikido Security, CI/CD security, credentials, Endor Labs, npm malware, Pathlock, Sectigo, Shai-Hulud worm, TeamPCP, trust in technology
The latest series of attacks using the notorious Shai-Hulud worm puts into sharp focus the threats facing software developers and their CI/CD pipelines, an issue that has been raised in recent months ...
threat modeling, threat, security, secure design, threat modeling, supply chain Codenotary insider threats

Bad Actor Drops 36 Malicious Packages in npm, Targets Guardarian Users

| | credentials, cryptocurrency, docker containers, Guardarian, kubernetes, Lazarus Group, npm malware, Python, Redis, SafeDep, Secrets, Shai-Hulud, software supply chain attacks, sonatype, Strapi
The npm code repository is again being used by a bad actor to launch a supply chain attack that includes three dozen malicious packages that appear as Strapi CMS plugins but deliver ...
supply chain, software, Checkmarx, data, Endor, SCA, supply chain, security, workflows, supply chain, software, supply chain security, appsec, polyfill, software, supply chains, DevOps, DevSecOps, Google supply chain

Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM

| | AI (Artificial Intelligence), AI supply chain attacks, Aqua Security Trivy, Checkmarx, Cloud Security, credentials, exposed secrets, GitHub Actions, LiteLLM, microsoft, Palo Alto Networks, Sysdig, TeamPCP
The supply chain attack that compromised Aqua Security’s Trivy open source security vulnerability scanner and its associated GitHub Actions earlier this month continues to expand, with software development tools from Checkmarx and ...
Pulumi, secrets, GitHub, repository, secrets, legit security, leaking, software, GitGuardian secrets code Secrets BluBracket SaaS

Analysis of GitHub Repositories Surfaces Nearly 23M Secrets

| | credentials, Secrets, secrets management
An analysis of public GitHub repositories published today finds 22.8 million hardcoded secrets, representing a 25% increase since a similar study was done a year ago ...
HashiCorp Extends Secrets Management Reach

HashiCorp Extends Secrets Management Reach

| | application development, credentials, devsecops
Secrets management is core to DevSecOps—how credentials are managed can make all the difference in preventing an application from being compromised in the first place. The challenge is making it as simple ...
Moving Security Beyond SSH and PKI

Moving Security Beyond SSH and PKI

| | BeyondCorp, credentials, data security, ephemeral client certificates, IT security, PKI, PKI certificates, security, SSH, zero-trust
SSH (secure shell) is still the most common method of remotely accessing a Linux server, which makes it a common target for attackers attempting to infiltrate corporate networks. While the protocol itself ...
DevOps and Database Security

DevOps and Database Security

| | credentials, database, rugged devops, Secure DevOps
Osterman Research recently released a survey-based report on database security. The results don’t exactly instill confidence where username breaches are concerned: While more than 50 percent of respondents felt that a breach ...