NEWS: Hackers Threaten to Release Nvidia Source Code After Breach

SecureWorld magazine covers Nvidia’s source code breach and how the hacker group will release source code. Prakash Linga, Co-Founder and CEO at BluBracket, shares his thoughts on this security incident: “Source code represents some of the most coveted crown jewels that a company like NVidia possesses. As attackers have shifted their focus to exploiting weaknesses […]

NEWS: Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak

Threatpost covers the latest code lead, this one hitting Samsung and resulting in Ransomware. BluBracket was asked to weigh in: “If Samsung’s keys were leaked, it could compromise the TrustZone environment on Samsung devices that stores especially sensitive data, like biometrics, some passwords and other details,” said Casey Bisson, head of product and developer relations […]

Introducing improved risk detail display and management workflows

Today we’re introducing improved risk details display and workflows in BluBracket Code Security. Our early testers have described these as a huge improvement in their ability to quickly and efficiently review and act on risks. We developed these improvements in collaboration with our design partners, with feedback from our enterprise customers representing over $100 billion […]

NEWS: Hackers move on from malware to credentials and secrets in code

BluBracket explains to Government Info Security how since malware is being covered, hackers have moved on to code. “Hackers have increasingly focused on finding legitimate credentials and/or injecting backdoors into code, says Casey Bisson, head of product and developer relations at BluBracket, a Palo Alto-based code security solution provider. It’s the prime reason behind Gartner’s prediction that […]

BluBracket’s take on Apache Cassandra security vulnerability in Security Magazine

Security Magazine covers a high-severity security vulnerability in Apache Cassandra with comments from BluBracket VP Casey Bisson: “Casey Bisson, Head of Product and Developer Relations at BluBracket, says Apache Cassandra is reported to be used as critical infrastructure supporting multiple top-tier internet giants, so a remote code execution vulnerability could have a broad impact with very […]

NEWS: Linux Bug Allows Kubernetes Container Escape

Container Security has been improving, but many of the benefits of containers come from the very flexibility that limits the security they provide. BluBracket’s VP of Product Casey Bisson gives the details in Container Journal. “We see that code is now the largest and least-protected threat vector,” he says. “Attackers are targeting upstream components that […]

SCMagazine: Software Supply Chain Vulnerabilities in SureMDM

There’s a systemic breakdown of processes and the application of key tech that are allowing vulnerabilities like those discovered in the 42 Gears SureMDM cloud-based device management solution to get to market. BluBracket’s Casey Bisson explains in SCMagazine “Vulnerabilities like these are the unfortunate byproduct of the speed with which software is developed and shipped,” […]

Webinar: How Secure is Your Internal Software Supply Chain?

Next week on January 25, BluBracket will join leaders from Snyk and The Linux Foundation to discuss the state of software supply chain in an exclusive webinar and what can be done to improve it. It’s a collaborative approach because each of participants will discuss a discrete aspect of software supply chain security: — The […]

Cybersecurity & information security resources I used in 2021

Hey! My name is Alexandria, and I am a Developer Advocate intern at BluBracket. At BluBracket, I’ve had the opportunity to work with a fantastic team and learn in public all things related to code security. To me, “Learning in public” means sharing the resources I’ve used on my journey. So here’s a list of […]

Software Supply Chain-Still a Vulnerability for our Critical Infrastructure

From Stuxnet to Colonial Pipeline Although more than a decade has gone by, Stuxnet is regarded as the incident that initiated the use of a malware delivery platform that could deploy multiple 0-days attacks simultaneously. Since then, a series of attacks with monikers like duqu and flame evolved, sometimes called the sons-of-stuxnet. In some ways […]