Disturbing Cyber-Security Attacks On Software Supply-Chains
Several of the leading Continuous Delivery tool vendors have been under attack, including CircleCI, TeamCity and most recently Jenkins. These Continuous Integration and Continuous Delivery tools are an important part of the supply chain, and supply chain safety. Supply chain attacks are particularly dangerous, as they may allow attackers to compromise otherwise trusted software at source.
In this episode, Dave Farley explores these recent attacks, and their consequences while describing some of the things that may help you to protect your means of production.
–
⭐ PATREON:
Join the Continuous Delivery community and access extra perks & content! ➡️ https://bit.ly/ContinuousDeliveryPatreon
–
👕 T-SHIRTS:
A fan of the T-shirts I wear in my videos? Grab your own, at reduced prices EXCLUSIVE TO CONTINUOUS DELIVERY FOLLOWERS! Get money off the already reasonably priced t-shirts!
🔗 Check out their collection HERE: ➡️ https://bit.ly/3vTkWy3
🚨 DON’T FORGET TO USE THIS DISCOUNT CODE: ContinuousDelivery
–
🖇 LINKS:
🔗 « Recently Patched TeamCity Vulnerability Exploited to Hack Servers » ➡️ https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/
🔗 « JetBrains TeamCity Compromised: North Korea and Russia Target High-Value Supply Chain Links » ➡️ https://medium.com/checkmarx-security/jetbrains-teamcity-compromised-north-korea-and-russia-target-high-value-supply-chain-links-a057379d3bd2
🔗 « Understanding the Risks of Vulnerabilities in CI/CD Platforms like Jenkins and CircleCI » ➡️ https://www.linkedin.com/pulse/understanding-risks-vulnerabilities-cicd-platforms-like-marcos-albano/
🔗 « CircleCI incident report for January 4, 2023 security incident » ➡️ https://circleci.com/blog/jan-4-2023-incident-report/
🔗 « CircleCI’s hack caused by malware stealing engineer’s 2FA-backed session » ➡️ https://www.bleepingcomputer.com/news/security/circlecis-hack-caused-by-malware-stealing-engineers-2fa-backed-session/
🔗 « Jenkins Security Best Practices » ➡️ https://cycode.com/blog/jenkins-security-best-practices/
🔗 « TeamCity Security Notes » ➡️ https://www.jetbrains.com/help/teamcity/security-notes.html
🔗 « CircleCI Security Advice » ➡️ https://circleci.com/docs/security-server/
–
BOOKS:
📖 Dave’s NEW BOOK « Modern Software Engineering » is available as paperback, or kindle here ➡️ https://amzn.to/3DwdwT3
and NOW as an AUDIOBOOK available on iTunes, Amazon and Audible.
📖 The original, award-winning « Continuous Delivery » book by Dave Farley and Jez Humble ➡️ https://amzn.to/2WxRYmx
📖 « Continuous Delivery Pipelines » by Dave Farley
Paperback ➡️ https://amzn.to/3gIULlA
ebook version ➡️ https://leanpub.com/cd-pipelines
NOTE: If you click on one of the Amazon Affiliate links and buy the book, Continuous Delivery Ltd. will get a small fee for the recommendation with NO increase in cost to you.
–
CHANNEL SPONSORS:
Equal Experts is a product software development consultancy with a network of over 1,000 experienced technology consultants globally. They increase the pace of innovation by using modern software engineering practices that embrace Continuous Delivery, Security, and Operability from the outset ➡️ https://bit.ly/3ASy8n0
TransFICC provides low-latency connectivity, automated trading workflows and e-trading systems for Fixed Income and Derivatives. TransFICC resolves the issue of market fragmentation by providing banks and asset managers with a unified low-latency, robust and scalable API, which provides connectivity to multiple trading venues while supporting numerous complex workflows across asset classes such as Rates and Credit Bonds, Repos, Mortgage-Backed Securities and Interest Rate Swaps ➡️ https://transficc.com
#softwareengineer #developer
Views : 11878
cyber security
