[SecurityWeek] Critical GoCD Authentication Flaw Exposes Software Supply Chain

A highly-critical vulnerability in a popular open-source CI/CD solution can be exploited to hijack sensitive secrets for downstream supply chain attacks, according to a warning from SonarSource.

read more

Source: Read More (SecurityWeek RSS Feed)

You might be interested in …

[HackerNews] T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code

All posts, HackerNews

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the group indicating that LAPSUS$ breached the company several times in […]

Read More

[SANS ISC] Apple Patches for CVE-2021-30807, (Tue, Jul 27th)

All posts, Sans-ISC

Apple has released another update (previous update was only about 5 days ago) to address CVE-2021-30807 that was discovered by an anonymous researcher. This update resolves an issue with IOMobileFrameBuffer which could allow an application to execute arbitrary code with kernel privileges [1], [2]. This issue may have been actively exploited. As Apple has indicated […]

Read More

[SecurityWeek] VirusTotal Introduces ‘Collections’ to Simplify IoC Sharing

All posts, Security Week

Chronicle-owned VirusTotal this week announced VirusTotal Collections, a new resource aimed at making it easier for security researchers to share Indicators of Compromise (IoCs). read more Source: Read More (SecurityWeek RSS Feed)

Read More