poisoning - #cybertechtalk

Learning Poisoned Pipeline Execution (PPE) with CI/CD goat

May 1, 2023April 5, 2023 by andriejsazanowicz

Poisoned Pipeline Execution (PPE) is a pentesting methodology and attack vector abuses permissions against an SCM repository, in a way that causes a CI pipeline to execute malicious commands. Users that have permissions to manipulate the CI configuration files, or other files which the CI pipeline job relies on, can modify them to contain malicious … Read more

TheHackersNews.com

Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds
A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet market. The findings come from Elliptic in collaboration with researchers from the&
Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers
Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol to secure its C2 communications. "Wpeeper is a typical backdoor Trojan for Android
Everyone's an Expert: How to Empower Your Employees for Cybersecurity Success
There’s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you’ve got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard,
ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan
The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively developed. "The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection," Zscaler ThreatLabz researcher Santiago
Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia
A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust," said FBI Director Christopher Wray.

DevOps.com

The Problems With Golden Templates That No One Wants to Talk About
Golden templates make it easier to get started with IaC, but they don’t effectively fit users’ needs. Let’s fix that.
The Purpose of Life
We all have our priorities.
Snyk Adds Second ASPM Tool to Portfolio
Today, Snyk made available an edition of its application security posture management (ASPM) tool for assessing application risks that provides more context into how code has been written and its role within the application environment. Manoj Nair, chief product officer for Snyk, said Snyk AppRisk Pro leverages artificial intelligence (AI) and machine learning to provide
Spotify to Provide Opinionated Instance of Backstage IDP
Backstage helps large teams document their infrastructure and services. This extends the open source version.
Five Great DevOps Job Opportunities
Looking for a DevOps job? Look at these openings at Scientific American, HRL Laboratories, VetsEZ and more.