all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Azure Devops Zero-Click CI/CD Vulnerability

Add to bookmarks
Jan. 31, 2024, 1:37 p.m. | Nadav Noy

Legit Security Blog www.legitsecurity.com




The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets. The vulnerability does not require any action from the project maintainer, making it a zero-click supply chain vulnerability.

access action appsec attack attackers azure click code devops found legit legit security maintainer making malicious project research scms secrets security security research supply supply chain supply chain vulnerability team threats vulnerability zero-click

Visit resource

More from www.legitsecurity.com / Legit Security Blog

Dependency Confusion Vulnerability Found in an Archived Apache Project 1 week, 5 days ago | www.legitsecurity.com
apache appsec best practices dependency +10
The Role of ASPM in Enhancing Software Supply Chain Security 2 weeks, 2 days ago | www.legitsecurity.com
appsec aspm best practices critical +14
How to Reduce the Risk of Using External AI Models in Your SDLC 3 weeks, 1 day ago | www.legitsecurity.com
address ai models appsec best practices +5
Securing the Software Supply Chain: Risk Management Tips 1 month ago | www.legitsecurity.com
appsec best practices can explainers +15
What You Need to Know About the XZ Utils Backdoor 1 month ago | www.legitsecurity.com
announcement appsec backdoor legit +3
How to Get the Most From Your Secrets Scanning 1 month, 1 week ago | www.legitsecurity.com
amp appsec best practices code +17
Microsoft Under Attack by Russian Cyberattackers 1 month, 2 weeks ago | www.legitsecurity.com
appsec attack attackers best practices +11
Don't Miss These Emerging Trends in Cloud Application Security 1 month, 3 weeks ago | www.legitsecurity.com
application application security appsec best practices +9
Using AI to Reduce False Positives in Secrets Scanners 1 month, 3 weeks ago | www.legitsecurity.com
appsec best practices false positives legit +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Enterprise Security Architect

@ Proofpoint | Utah
View on infosec-jobs.com

Senior Incident Response and Digital Forensics Engineer

@ Danske Bank | Vilnius, Lithuania
View on infosec-jobs.com

SOC Analyst (Remote)

@ Bertelsmann | New York City, US, 10019
View on infosec-jobs.com

Risk Consulting - Protect Tech - Staff - IT Compliance - ISO-NIST-FISMA-PCI DSS and Privacy

@ EY | Bengaluru, KA, IN, 560016
View on infosec-jobs.com

Security Officer Warrenpoint Harbour

@ TSS | Newry, County Down, United Kingdom
View on infosec-jobs.com

Senior DevSecOps Engineer

@ Scientific Systems Company, Inc. | Burlington, Massachusetts, United States
View on infosec-jobs.com
View more jobs