This week's articles
Incident report: Spotting an attacker in GCP
A walk through of how an attacker gained access to a customer's GCP environment, Expel's investigative process, and some key takeaways for securing your organization.
#attack
#defend
#gcp
Introducing Gitsign
The Sigstore project has created a new tool called Gitsign, which aims to bring the best of Sigstore to Git with "keyless" signing and transparency log support, making it easy to get started with signing without the need to generate and manage long-term keys.
#announcement
#supply-chain
Public Travis CI Logs (Still) Expose Users to Cyber Attacks
The Aqua Security team found that tens of thousands of user tokens are exposed via the Travis CI API, which allows anyone to access historical clear-text logs. More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub.
#attack
#ci/cd
|