Expert Comments – Travis CI Flaw Reveals *All* Keys, Credentials, And API Tokens, “Developers Furious”
BACKGROUND: Travis CI exposes private creds of thousands of open source projects that rely on the service. Twitter user @peter_szilagyi Tweeted on Tuesday that “Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens. Felix Lange found this on the […]
Misconfigured APIs Make-Up Two-Thirds of Cloud Breaches
According to the 2021 IBM Security X-Force Cloud Threat Landscape Report, over half of breaches were the result of shadow IT and two-thirds of improperly configured APIs accounted for most cloud security incidents in last year.
Epik Data Breach- Blue Hexagon Comments
BACKGROUND: Epik, the Right-Winged domain registrar, has notified users of a security breach after Anonymous claimed to have stolen “a decades worth of data” from the web registration company. Rob Monster, Founder and CEO of Epik Holdings, responded to claims of the breach on Twitter.
Understanding & Surviving Ransomware
ABOUT This ‘Surviving Ransomware’ document is intended to raise the awareness of the threats posed by the digital dangers presented by Ransomware and seeks to expand on the methodologies employed to circumvent the security posture, to deliver the intended payload of Cyber Extortion through multiple channels. Cyber Extortion through digital means is nothing new. In […]
