BACKGROUND:
Travis CI exposes private creds of thousands of open source projects that rely on the service. Twitter user @peter_szilagyi Tweeted on Tuesday that “Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens. Felix Lange found this on the 7th and we’ve notified @travisci within the hour. Their only response being “Oops, please rotate the keys”, ignoring that *all* their infra was leaking. Not getting through, we’ve started reaching out to @github to have Travis blacklisted.” Needless to say, the community is livid!
-
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security