Do CI/CD pipelines in Azure DevOps require a dedicated user without MFA?

During security audits I’ve seen several times that DevOps made a ‘special’ user account for CI/CD pipelines, especially when using Azure DevOps. Often this user is the only user where multi-factor authentication (MFA) is disabled, which I… Continue reading Do CI/CD pipelines in Azure DevOps require a dedicated user without MFA?

How to make Infrastructure as Code secure by default

Infrastructure as Code (IaC) has become a widely adopted practice in modern DevOps, automating the management and provisioning of technology infrastructure through machine-readable definition files. What can we to do make IaC secure by default? Securit… Continue reading How to make Infrastructure as Code secure by default

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise

Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every few days, according to GitProtect.io. DevSecOps The possibility to integrate s… Continue reading Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise

Maintaining human oversight in AI-enhanced software development

In this Help Net Security, Martin Reynolds, Field CTO at Harness, discusses how AI can enhance the security of software development and deployment. However, increased reliance on AI-generated code introduces new risks, requiring human oversight and int… Continue reading Maintaining human oversight in AI-enhanced software development

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)

JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub access token compromise. About CVE-2024-37051 JetBrains offers IDEs for various programming languages. CVE… Continue reading Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)

Master Python, Java, SQL, and C++ With This Coding Course Bundle, Now Under $70

Whether you’re chasing a technical job or hoping to build the next big tech startup, this bundle provides the ideal start to your coding career. Continue reading Master Python, Java, SQL, and C++ With This Coding Course Bundle, Now Under $70

How to combat alert fatigue in cybersecurity

In this Help Net Security interview, Ken Gramley, CEO at Stamus Networks, discusses the primary causes of alert fatigue in cybersecurity and DevOps environments. Alert fatigue results from the overwhelming volume of event data generated by security too… Continue reading How to combat alert fatigue in cybersecurity