This week's articles
Hacking India’s largest automaker: Tata Motors
Security researchers discovered multiple critical vulnerabilities in Tata Motors' systems: exposed AWS keys revealed 70+ TB of sensitive data across hundreds of buckets, a Tableau backdoor enabled passwordless admin access, and leaked API credentials compromised fleet management systems.
#attack
#iam
#saas
Breaking Into GitLab: Attacking and Defending Self-Hosted CI/CD Environments
This article demonstrates exploiting self-hosted GitLab by hijacking instance runners with shell executors to gain remote access, exfiltrate secrets from pipeline files, steal IAM credentials from AWS metadata service, and pivot laterally using SSM permissions for cloud infrastructure compromise.
#ci/cd
#attack
Immutable releases are now generally available
GitHub releases now support immutability, adding a new layer of supply chain security. With immutable releases, assets and tags are protected from tampering after publication, so the software you publish remains secure and trustworthy.
#announcement
#ci/cd
|