Luke Hinds
@decodebytes
No longer active here; find me on: https://bsky.app/profile/lukehinds.bsky.social
Was dir gefallen könnte
Artificial intelligence is redefining industries at a staggering pace, and the field of cybersecurity is no exception. @decodebytes @stacklokhq
Nice round up by @0xpoppaea on supply chain attacks in popular OSS packages !
How Supply-Chain Attackers Maximize Their Blast Radius | By Poppaea McDermott, thanks to @StackLokHQ thenewstack.io/how-supply-cha…
🔒Today @StackLokHQ introduced CodeGate —local, open source privacy controls that work with your AI code assistant. You deploy a single container locally that encrypts secrets before they find their way into your prompts and alerts you when dangerous dependencies are suggested
At @StackLokHQ we released codegate today, an open-source, privacy-focused local proxy that acts as an essential layer of security within a developers generative AI workflow. Support is available for copilot and @continuedev with others on the way github.com/stacklok/codeg…
I love the little nod 'I got you bruv'.
The King's Guard guides his horse closer to a special tourist x.com/visualfeastwan…
🎉 Welcome to the OpenSSF family, Minder! 📣 @StackLokHQ is contributing Minder to OpenSSF as a sandbox project! Minder streamlines #OSSSecurity, auto-remediates issues, and flags key risks for devs & security teams. 🔍 Learn more about Minder: openssf.org/guest-blog/202…
Bandit is now more capable of scanning AI models. v1.7.10 flags insecure use of torch.load where untrusted data can lead to arbitrary code execution, and improper use of torch.save might expose sensitive data or lead to data corruption: github.com/PyCQA/bandit/r…
github.com
Release 1.7.10 · PyCQA/bandit
What's Changed Bump docker/build-push-action from 5.4.0 to 6.0.0 by @dependabot in #1147 Suggested small refactors in assignments by @ericwb in #1150 Performance improvement in blacklist funct...
In London? Our CTO @decodebytes will be keynoting @DevSecOpsLG tonight with a talk on "Secure Repo Management as Scale, with Minder" at Google's (Central Saint Giles) London Office. Sign up here👇 meetup.com/devsecops-lond…
The CFP deadline for SigstoreCon has been extended to Wednesday, September 18, 2024 at 11:59 pm Mountain Daylight Time (UTC-6). events.linuxfoundation.org/sigstorecon-su…
Interesting thing here; @projectsigtore was used as one of many signals to sense the attack
DPRK-aligned threat actors have launched a new surge of activity targeting developers in the cryptocurrency and Web3 sectors using malicious NPM packages. Our investigation revealed the stealer and loader BeaverTail embedded in these packages: stacklok.com/blog/dependenc… #malware
Another nasty one picked up by @TrustyPkg. This one was quite interesting, as it had a Go binary baked in. One interesting obs, some well established (will remain nameless) infosec vendor DBs were showing this with 90+ scores for 'software supply chain' 🫣stacklok.com/blog/cross-pla…
TSC Member @rdcallaw and community chair @haydentherapper from the Google OS Sec Team chatted with @puerco on the @StackLokHQ hosted 🌮 Securi-Taco Tuesdays 📺show. Lot's on sigstore and & software supply chain security. Catch it here: youtube.com/watch?v=JwfTCe…
youtube.com
YouTube
Securi-Taco Tuesdays: Trust and Verify: How Code Signing & Sigstore...
Listen to the full episode with @DarinPope, @decodebytes and @vfarcic at devopsparadox.com/episodes/makin…
Honored to be a Rising Star ⭐ in Forbes 2024 Cloud ☁️ 100. This list is impressive, and we’re excited to be part of the cloud’s future. 🎉 Grateful for the recognition @BessemerVP @Forbes @SalesforceVC @cloud100 bit.ly/4fsf2tv #Cloud100 #RisingStar
So much malware and other nasty’s out there, but lucky for us we have the awesome @0xpoppaea tracking it down and giving a run down post autopsy like below.
Attackers continue to abuse open source ecosystems as a vector to deliver malware. In this incident, at least 4 trojanized npm packages silently collected and exfiltrated users' cryptocurrency wallet secrets upon installation. Read @0xpoppaea's analysis of this attack here:…
Attackers continue to abuse open source ecosystems as a vector to deliver malware. In this incident, at least 4 trojanized npm packages silently collected and exfiltrated users' cryptocurrency wallet secrets upon installation. Read @0xpoppaea's analysis of this attack here:…
Minder can now provision the @openssf scorecard action: github.com/stacklok/minde…
United States Trends
- 1. Chiefs 60.9K posts
- 2. Bills 131K posts
- 3. Denny 13.5K posts
- 4. Larson 13.3K posts
- 5. Mahomes 20.9K posts
- 6. Bengals 72.7K posts
- 7. Raiders 35.9K posts
- 8. Geno 7,880 posts
- 9. Brock Bowers 4,478 posts
- 10. #NASCAR 11.2K posts
- 11. Jags 5,654 posts
- 12. Josh Allen 11.5K posts
- 13. Bears 82.4K posts
- 14. Packers 67.3K posts
- 15. Panthers 55.6K posts
- 16. Cam Little 14.1K posts
- 17. Cole Bishop 2,167 posts
- 18. McDermott 2,173 posts
- 19. Tony Romo 1,411 posts
- 20. #RaiderNation 2,144 posts
Was dir gefallen könnte
-
Syft
@SyftProject -
developer-guy
@developerguyba -
Dan Lorenc
@lorenc_dan -
Chainguard ⛓️
@chainguard_dev -
Grype
@GrypeProject -
OpenSSF
@openssf -
Rahul Singh Rana
@owlrana -
Matt Moore ⛓🚀
@mattomata -
Kim Lewandowski
@kimsterv -
Bob Callaway
@rdcallaw -
Carlos Santana
@csantanapr -
Duffie Cooley
@mauilion -
🦄 Frederick Kautz (Emeritus KubeCon Co-Chair)
@ffkiv -
Amim Knabben
@ak_ndb -
Andrew Block
@sabre1041
Something went wrong.
Something went wrong.