Default Helm charts in Kubernetes might be like leaving your front door unlocked – sensitive data and weak settings could be inviting trouble. Is your deployment really secure?
https://thedefendopsdiaries.com/enhancing-kubernetes-security-addressing-risks-in-helm-charts/
#kubernetessecurity
#helmcharts
#cybersecurity
#devsecops
#cloudsecurity
AWS's own security audit tool for Organizations introduced privilege escalation risks by encouraging insecure deployments. Updated guidance fixes it, but affected orgs should review.
https://www.token.security/blog/aws-built-a-security-tool-it-introduced-a-security-risk
Our latest guide walks through:
- A cross-platform workflow using GitHub CLI, AWS CLI, and 1Password
- A portable Flox environment that handles secrets injection cleanly
- How to wrap tools like gh, git, and aws with secure auth
- A full sample workflow: deploy an AWS Lambda with zero manual token handling
Everything runs the same: locally, in CI, and in prod. Secrets stay out of logs, out of repos, and off disk.
Full guide: https://flox.dev/blog/get-your-preferred-secrets-manager-in-a-portable-cross-platform-cli-toolkit/
Bad Pods: поговорим о подах-плохишах
Обычно, когда мы говорим о безопасности Kubernetes, мы прежде всего говорим о защите подов от внешних угроз, но в некоторых случаях они сами могут представлять определенную опасность. Для того, чтобы эти угрозы мог реализовать атакующий, у него должны быть доступ к кластеру, разрешение RBAC на создание одного некоторых типов ресурсов (CronJob, DeamonSet, Deployment, Job, Pod, ReplicaSet, ReplicationController, StatefulSet) хотя бы в одном пространстве имен, и также должны отсутствовать политики безопасности. Если у вас все это есть — тогда мы идем к вам в этой статье мы рассмотрим, какие атаки из подов вам могут грозить. А даже если есть не все, то особенно расслабляться все равно не стоит.
https://habr.com/ru/companies/otus/articles/905510/
#devsecops #pentest #kubernetes #поды #Защита_от_атак #rbac #информационная_безопасность
📣 Announcing #SBOMlearningWeek! 5 days of educational content to help you master Software Bill of Materials. From fundamentals to advanced implementation, we'll guide you through securing your software supply chain with SBOMs. Follow along starting Monday! https://anchore.com/blog/anchores-sbom-learning-week-from-reactive-to-resilient-in-5-days/ #DevSecOps
Turn #FedRAMP from a cost center into a competitive advantage with our latest white paper.
Learn how automation and policy-as-code can streamline compliance while opening doors to federal business!
🔗 https://anchore.com/blog/navigating-the-path-to-federal-markets-your-complete-fedramp-guide/
Watch Listen Subscribe wherever you get podcasts or here>> https://zurl.co/CAYCp
With the AI hype cycle spiraling forward, Peter McKay - CEO of Synk. Watch or listen in on this episode as Peter shares how he rebooted Snyk and how they are on their way toward being a billion-dollar market leader.
#therebootchronicles #deandebiase #BuildBuyBorrow #Cybersecurity #AI #GenAI #DeveloperTools #ShiftLeft #DevSecOps #Leadership #SaaS #StartupGrowth #CloudComputing #SoftwareDevelopment #OpenSource
Get pumped for #OWASP Global #AppSec EU in May! Enhance your experience by becoming a Mentor and building lasting connections while assisting others on their journey! Don't miss out, sign up here: https://owasp.wufoo.com/forms/zk2cdkr1qla6o8/ 🚀 #CyberSecurity #AI #threatmodeling #Barcelona #devsecops #infosec
Join Magnus Jungsbluth at OWASP Global AppSec EU 2025 in Barcelona for an inside look at scaling Policy as Code across thousands of applications!
🛡️ Policy as Code for Applications at Scale
📅 Thursday, May 29, 2025
⏰ 3:30 PM – 4:15 PM CEST
🔗 Register: https://owasp.glueup.com/event/123983/register/
A must-attend for platform engineers, appsec leaders, and anyone scaling security across modern organizations.
#OWASP #AppSecEU2025 #OPA #DevSecOps #PlatformEngineering #AppSec #Barcelona
A single SQL line. One careless deserialization. That's all it takes to bring your app down. @vilojona shows how even top teams get it wrong and how you can get it right. Ready to patch your blind spots?
Start here: https://javapro.io/2025/04/29/top-security-flaws-injections/
🛡️ Building a Segmented, Secure Multi-Container Application with Podman #Podman #RootlessContainers #ContainerSecurity #DevSecOps #ZeroTrust #LinuxSecurity #NGINX #MariaDB #Passbolt #CyberSecurity #SegmentAndSecure #DeadSwitch #TheCyberGhost #SilentOps #InfrastructureHardening
Get ready to shine on stage! ✨ Don't miss the chance to showcase your skills at #OWASP Global #AppSec USA in Washington, DC this November. Submit your presentations now for an incredible opportunity. Apply here: https://sessionize.com/owasp-global-appsec-USA-2025-cfp2/ 🎤 #infosec #AI #devsecops #SBOMM
🚨 RCE Vulnerability in Node.js CI Pipeline Exposed Millions to Potential Supply Chain Attack
Security researchers have uncovered a serious flaw in the Node.js CI/CD architecture — one that allowed attackers to hijack internal Jenkins agents and execute arbitrary code.
The core issue? A Time-of-Check-Time-of-Use (TOCTOU) vulnerability in the communication between GitHub Actions and Jenkins pipelines. By forging a commit timestamp that predates a maintainer’s approval, attackers could smuggle malicious code past security checks and straight into Jenkins execution.
Here’s what made this attack so dangerous:
- It bypassed the `checkCommitsAfterReviewOrLabel()` function.
- It enabled attackers to compromise Jenkins infrastructure.
- It even risked injecting malware into the Node.js main branch — impacting the entire ecosystem.
Praetorian reported the flaw on March 21. The Node.js team responded fast:
- Restricted access to Jenkins CI.
- Rebuilt 24 potentially compromised machines.
- Switched from timestamp checks to SHA-based validation.
- Audited 140+ Jenkins jobs and patched the commit-queue workflow.
This is a wake-up call for every company using multi-platform CI/CD pipelines:
- Integration between platforms creates invisible attack surfaces.
- Automated approvals and cross-platform handoffs must be treated as critical security boundaries.
Credit to the Node.js team for their transparency and swift mitigation — but the lesson is clear:
If you're not securing the spaces between your DevOps tools, you're leaving the door wide open.
🛡️ Use Podman. Model your application. Segment. Contain. Secure. #Podman #ContainerSecurity #RootlessContainers #LinuxHardening #SecureByDesign #DevSecOps #CyberSecurity #ZeroTrust #DeadSwitch #TheCyberGhost #InfrastructureSecurity #SilentOps #SegmentAndSecure
Kexa offers automated compliance checks for multi-cloud environments like AWS, GCP, and Azure—supporting CI/CD integration, rule-based scanning, and real-time alerts via common channels.
The federal cloud market is headed toward $78B by 2029. Is your business ready?
Our FedRAMP guide shows you how to unlock these opportunities with a strategic approach to compliance. Download now!
🔗 https://anchore.com/blog/navigating-the-path-to-federal-markets-your-complete-fedramp-guide/
Get ready to shine on stage! ✨ Don't miss the chance to showcase your skills at #OWASP Global #AppSec USA in Washington, DC this November. Submit your presentations now for an incredible opportunity to share your expertise. Apply here: https://sessionize.com/owasp-global-appsec-USA-2025-cfp2/ 🎤 #infosec #AI #devsecops #SBOMM
MCP adoption in AI is skyrocketing 🚀, but so are the risks. Microsoft's Sarah Young & Den Delimarsky have a fresh blog on thwarting indirect injection attacks and more 🔒🤖🛡️.
Read it: https://devblogs.microsoft.com/blog/protecting-against-indirect-injection-attacks-mcp
Heads up developers. AI-generated code often includes 'hallucinated' non-existent packages. New research finds nearly 20% are fake, creating a huge risk for supply-chain attacks via dependency confusion. Always verify AI suggestions.
