Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CircleCI is a platform that enables continuous integration and delivery of software projects. It allows teams to automate their software development process by building, testing, and deploying their code changes in a consistent and reliable manner. In this blog post, we will explore the Tactics/Techniques/Procedures (TTP) of how environment variables that house sensitive credentials and secrets can be exfiltrated using Circle CI.

A phishing campaign is using hyperlinked images in order to trick users into visiting malicious sites, according to Jeremy Fuchs at Avanan. The emails contain images that offer gift cards or promotions for Delta or Kohls. “Obfuscation is a gift to hackers,” Fuchs says. “It allows them to pull off a magic trick. It works by hiding the true intent of their message. In this case, it’s a picture. The picture is meant to entice the user to click.

Discover the importance of including public GitHub monitoring in your external attack surface management strategy to mitigate the risk of sensitive information exposure. Learn the steps to protect your organization from potential breaches in this blog post.

Keeper Security has been named “Test Winner” in a group test of leading password managers conducted by CHIP Magazine, a leading consumer technology publication in Germany. In the current edition CHIP 06/2023, the CHIP test center reviewed Keeper’s Personal Password Manager in a comparative test of 10 password management solutions. Keeper was awarded first place with an overall rating of “Sehr Gut” (Very Good) and a score of 1.1 (1.0 is a perfect score).

There are many cybersecurity threats privileged accounts face including phishing, insider threats, malware and brute force attacks. When privileged accounts aren’t managed or secured properly, all of an organization’s sensitive data is vulnerable to being successfully targeted by threat actors. Continue reading to learn how and why cybercriminals target privileged accounts and how organizations can keep their most critical accounts safe.

CrowdStrike incident responders have been at the forefront of investigating impacted victims of CVE-2023-34362. Since the release of the vulnerability, there has been great collaboration across the cybersecurity industry, and this blog will cover novel details for teams investigating the potential impact to their organizations.

CVE-2023-34362 is an SQL injection (SQLi) vulnerability that has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. SQL Injection (SQLi) poses significant risks as it allows attackers to potentially steal, manipulate, or delete sensitive data from databases.

We are excited to announce the release of Calico v3.26! This latest milestone brings a range of enhancements and new features to the Calico ecosystem, delivering an optimized and secure networking solution. This release has a strong emphasis on product performance, with strengthened security measures, expanded compatibility with Windows Server 2022 and OpenStack Yoga, and notable improvements to the Calico eBPF dataplane.

Back in 2015, we published an article about the apparent perils of driverless cars. At that time, the newness and novelty of sitting back and allowing a car to drive you to your destination created a source of criminal fascination for some, and a nightmare for others. It has been eight years since the original article was published, so perhaps it is time to revisit the topic to see if driverless cars have taken a better direction.