cloud based CI/CD issues – travis-ci
Travis-CI published a security bulletin the other day, describing a special condition that would allow to access secrets belonging to a foreign repository in Github or Bitbucket. The condition requires a fork from a public repository. That’s how open source work, and very central functionality. Not a corner case. Turns out, the cloud service did…
Are you using Klarna?
You may be worried now.
What We Can Learn from the Capital One Hack
Earlier this week, it became public that Capital One was victim to a privacy leak, affecting more than 100 million of their customers. News revealed details about the source of the attack, that apparently an individual conducted and bragged about it publicly. Now, a few days later and more facts known, the always excellent Krebs…