SLSA Provenance Blog Series, Part 1: What Is Software Attestation
In this blog series, we will uncover the details of SLSA provenance which refers to the ability to trust the authenticity of artifacts. SLSA (Supply chain Levels for Software Artifacts) is focused on protecting software from source through its deployment by allowing users to make automated decisions about the integrity ... Read More
New Techniques Attackers Are Using to Harvest Your Secrets
Toyota Motor Corporation recently suffered a data breach due to a mistakenly exposed access key on GitHub. That hardcoded access key evaded detection for five years! This news joined a long line of headlines about the damage caused by hardcoding secrets in code and how it can lead to a ... Read More
Sophisticated 3CX Software Supply Chain Attack Affects Millions of Users
On March 29th, 2023, it was published that 3CX, the international VoIP IPBX software, was under an ongoing software supply chain attack. The attackers had trojanized the 3CX communication installer software, reportedly used by over 12 million users daily. Several endpoint security vendors, such as SentinelOne and CrowdStrike, identified this ... Read More
Legitify adds support for GitLab and GitHub Enterprise Server
We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft, and sensitive data exposure - many of which result from bad source code management (SCM) system configurations. Legitify, the open-source security tool we recently announced, is rapidly gaining popularity because it helps users ... Read More
Critical and Time Sensitive OpenSSL Vulnerability – The Race Between Attackers and Defenders
OpenSSL has announced a critical fix in version 3.0.7 to be released Nov 1, 2022. It means that on Tuesday Nov 1 the race will start between those who patch and those who exploit. In this blog post, we’ll summarize all the necessary information required to make sure you can ... Read More
Introducing Legitify: A Better Way To Secure GitHub
We’re pleased to announce the launch of Legitify – an open-source security tool for GitHub users to automatically discover and remediate insecure GitHub configurations, at scale ... Read More