Collaborate Disseminate
There’s an ongoing campaign that’s compromising FreePBX systems around the world. It seems to be aimed specifically at Elastix systems, using CVE-2021-45461, a really nasty Remote Code Execution (RCE) from …read more Continue reading This Week in Security: Asterisk, TikTok, Gitlab, And Finally a Spam Solution
Secure Code Warrior announced it has joined GitLab Inc.’s global partner program. As part of the partnership, Secure Code Warrior will make its learning platform capabilities available to developers on GitLab’s DevOps Platform, supporting a developer-l… Continue reading Secure Code Warrior collaborates with GitLab to enhance real-time secure coding guidance
Checkmarx announced that its open source KICS (Keeping Infrastructure as Code Secure) solution has been integrated into version 14.5 of the GitLab DevOps Platform as an infrastructure-as-code scanning tool. Developed by Checkmarx and the open source co… Continue reading Checkmarx KICS integrates into GitLab 14.5 to manage IaC vulnerabilities
In this Help Net Security interview, Cindy Blake, Senior Security Evangelist at GitLab, talks about the importance of integrating security in DevSecOps and how to overcome the complexity of such integration. Security in DevOps is often being neglected…. Continue reading Putting the “sec” in DevSecOps: An overall reduction of risk
In a brilliant write-up, [Stephen Tong] brings us his “Use-After-Free for Dummies“. It’s a surprising tale of a vulnerability that really shouldn’t exist, and a walkthrough of how to complete …read more Continue reading This Week in Security:Use-After-Free For Dummies, WiFi cracking, and PHP-FPM
Sentry announced new capabilities that reduce management overhead and accelerate issue response times for enterprise development teams. With percent-based alerts, Code Owners for GitHub and GitLab, team and personal notifications in Slack, and SCIM sup… Continue reading Sentry’s capabilities enable enterprise teams to reduce risk and management overhead
Beyond Identity announced a solution that closes a critical vulnerability and secures the software supply chain against insider threats and malicious attacks. Beyond Identity’s new Secure DevOps product establishes a simple, secure, and automated way t… Continue reading Beyond Identity’s solution secures the software supply chain against insider threats and malicious attacks
Beyond Identity announced a solution that closes a critical vulnerability and secures the software supply chain against insider threats and malicious attacks. Beyond Identity’s new Secure DevOps product establishes a simple, secure, and automated way t… Continue reading Beyond Identity’s solution secures the software supply chain against insider threats and malicious attacks
Beyond Identity announced a solution that closes a critical vulnerability and secures the software supply chain against insider threats and malicious attacks. Beyond Identity’s new Secure DevOps product establishes a simple, secure, and automated way t… Continue reading Beyond Identity’s solution secures the software supply chain against insider threats and malicious attacks
Aqua Security announces that Aqua Trivy is now the default scanner for GitLab Auto DevOps. Customers can now automatically scan the GitLab CI pipeline for OS package vulnerabilities. This change will take place as part of GitLab’s 14.0 release an… Continue reading Aqua Trivy chosen as the default scanner for GitLab Auto DevOps