Kevin Broughton : Mar 14, 2023 2:18:50 PM
In this blog post, we'll discuss 8 of the top threats targeting cloud applications in 2023. Taking steps to protect your cloud applications against...
1 min read
Tor Beer : Jan 19, 2023 7:15:00 AM
Secrets are any data that is sensitive to an organization or person and should not be exposed publicly. It can be a password, an access key, an API...
1 min read
Tor Beer : Jan 18, 2023 5:43:00 AM
Everybody is familiar with downtimes in major services. It can be very frustrating when a platform your organization depends upon becomes...
-1.jpg?width=30&name=DSC08054%20(2)-1.jpg){kind=small}
Nadav Noy : Jan 4, 2023 6:21:15 AM
Jenkins is an open-source automation and build platform that allows for automated tests, integrations, builds, and much more. However, Jenkins also...
Noam Dotan : Dec 1, 2022 9:02:33 AM
The Legit Security Research Team discovered a new class of software supply chain vulnerabilities that leverages artifact poisoning and attacks the...
1 min read
Roy Blit : Oct 31, 2022 12:45:39 PM
Update: On November 1st the OpenSSL project maintainers released their fix for the vulnerabilities. There were two vulnerabilities discovered. After...
Nadav Noy : Oct 12, 2022 11:00:10 AM
On Oct 7th, Toyota announced a possible data leakage incident stemming from a code repository in their software supply chain. The compromised data...
Nadav Noy : Oct 3, 2022 4:23:08 PM
On the 29th of September, it was revealed that the installer for the widely used Comm100 Live Chat application included malicious trojan malware. The...
Gal Ofri : Sep 19, 2022 2:58:57 PM
Malicious actors are poisoning your artifacts in an attempt to infect your software supply chain so that you deploy those compromised (i.e.,...
Gal Ofri : Sep 15, 2022 2:12:43 PM
A popular vendor of Magento-Wordpress plug-ins/integrations with over 200,000 downloads, has been hacked. This recent attack is a reminder that...
Noam Dotan : Sep 8, 2022 11:47:40 AM
Update: a few weeks after this publication, GitHub decided to fix the issue and employed the mitigation we recommended to them in our initial report....
Noam Dotan : Sep 1, 2022 10:00:03 AM
In this blog post, we'll discuss a new type of GitHub Actions workflow vulnerability we called "GitHub Environment Injection". We've found a couple of
1 min read
Noam Dotan : Aug 29, 2022 9:17:15 PM
LastPass, one of the world's largest password managers with 25 million users, disclosed that an unauthorized party had gained access to portions of...
Tor Beer : Aug 3, 2022 6:30:29 PM
Earlier today, Stephen Lacy published a Twitter post about a massive attack attempt on GitHub. This attack attempt is a huge deal, but fortunately it...
Noam Dotan : May 2, 2022 10:44:09 AM
In this blog post, we’ll explore a bug we’ve found in a popular third-party action and how in some cases it could lead to your SDLC pipeline being...
Roy Blit : Apr 18, 2022 2:02:36 PM
On Friday April 15, GitHub Security announced it had detected the compromise of OAuth access tokens issued to Heroku and Travis-CI integrations to...
Tor Beer : Apr 6, 2022 7:20:02 AM
On April 1st, GitLab announced Critical Security Release CVE-2022-1162, disclosing a very bizarre vulnerability and illustrating some important...
Noam Dotan : Apr 4, 2022 3:01:54 PM
At Legit Security, we’re focused on preventing software supply chain attacks and securing the SDLC for our customers and the broader cybersecurity...
Nir Bashan : Mar 11, 2022 9:18:44 AM
Exposed secrets in source code pose a risk to you, your team and your entire organization. But what are secrets exactly? How do they become exposed?...
