CVE of the month, the supply chain vulnerability hidden for 10 years CVE-2024-38368

For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we are taking a look at CVE-2024-38368.

Mackenzie Jackson

3 Jul 2024 – 5 min read

DevSecOps

CVE of the month, CheckPoint Security Gateway exploit CVE-2024-24919

This month we dive into CheckPoints CVE-2024-24919 to explain what this vulnerability does and why we have seen it being used in the wild already!

Mackenzie Jackson

14 Jun 2024 – 4 min read

Red Team Chronicles

Red Team Chronicles: Your trash my treasure

The Red Team Chronicles is a hacker comic that this month is looking at the endeavors of Jason Haddix and how he and his team got access to a bank via a shred bin using some thrifty techniques.

Mackenzie Jackson

4 Jun 2024 – 1 min read

Red Team Chronicles

Red Team Chronicles: The Great Bank Escape

This episode of The Red Team Chronicles we follow the true story of how Brice Self almost got caught breaking into a federal bank.... But got away with it by playing hide and seek!

Mackenzie Jackson

30 May 2024 – 1 min read

Software Composition Analysis

Vulnerability of the Month - Controversy of the JetBrains TeamCity CVE-2024-27198 & CVE-2024-27199

This month we dive into CVE-2024-27198 for JetBrains TeamCity and the controversy surrounding the patching process that contributed to it being exploited in the wild.

Mackenzie Jackson

3 May 2024 – 3 min read

Best practices

I asked 40 security experts to share their best advice, it didn't disappoint.

This post explores the best security advice we have received over the past almost 2 years from various different security professionals.

Mackenzie Jackson

22 Mar 2024 – 6 min read

Breach explained

Nation-state hackers access Microsoft source code and steal secrets

Microsoft has been experienced a sustained attack by Russian-backed nation-state attacker Midnight Blizzard (also known as NOBELIUM). This blog examines all we know so far

Mackenzie Jackson

11 Mar 2024 – 3 min read

Breach explained

Sumo Logic Breach Shows Leaked Credentials Still a Persistent Threat

Sumo Logic reported a security breach on November 3, 2023, due to a compromised credential that allowed unauthorized AWS account access.

Mackenzie Jackson

10 Nov 2023 – 4 min read

DevSecOps

8.5% of Docker Images Expose API and Private Keys

A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.

Mackenzie Jackson

14 Sep 2023 – 5 min read

Conferences

CodeSecDays brings security leaders together to build a world without software security issues

In GitGuardian's first digital conference, CodeSecDays, security leaders from multiple leading companies like Snyk, Chainguard, Doppler, RedMonk, and more came together to share the latest in code and application security. As the CEO and founder of GitGuardian, Eric Fourrier said, “No organizations

Mackenzie Jackson

24 Jul 2023 – 7 min read

Conferences

Exploring the Controversy: The Pros and Cons of Environment Variables - PyCon Italia

Using environment variables to store secrets has long been considered a good practice. But in this article, we will explore different opinions as to why using env vars might be either good or bad for security

Mackenzie Jackson

30 Jun 2023 – 6 min read

Conferences

Building resilient and secure systems - Lessons from Devoxx Poland

Devoxx Poland is a developer first confrence that invites software innovators from around the world present latest trends in the industry, here are some of the key takeaways to build secure and resilient systems.

Mackenzie Jackson

7 Jun 2023 – 6 min read