GitHub pulls pin on npm's auto-run scripts
Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors [...]
Showing only posts tagged devops. Show all posts.
Threat hunters find Google API keys still usable 23 minutes after deletion
Plenty of time for bad actors to grab data or hit you with a giant bill [...]
GitHub says internal repos exfiltrated after poisoned VS Code extension attack
Initial assessment says customer data spared while users wonder what else may have slipped out [...]
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
Cybercrooks ruin engineers' weekends with Saturday attack [...]
Beyond IAM access keys: Modern authentication approaches for AWS
When it comes to AWS authentication, relying on long-term credentials, such as AWS Identity and Access Management (IAM) access keys, introduces unnecessary risks; including potential credential exposure, unauthorized sharing, or theft. In this post, I present five common use cases where AWS customers traditionally use IAM access keys and …