Displaying items by tag: GitLab

Today, GitLab announced the general availability of GitLab Duo Self-Hosted. This capability enables organisations to maintain full control over data privacy, security, and the deployment of large language models (LLMs) in their own infrastructure.

• GitLab Duo with Amazon Q provides AI-driven collaboration to streamline software development workflows, accelerate code delivery, and enhance security across the software development lifecycle.
• End-to-end security and compliance are built into the GitLab platform to reduce risk and support compliance without reducing development velocity.
• The integrated offering is in preview for customers. Powerful Amazon Q autonomous agents will help developers be even more productive when using GitLab Duo.

GUEST OPINION:  GitLab reveal AI & cybersecurity trends for 2025.

GUEST OPINION by Craig Nielsen, Vice President, APJ at GitLab: Leadership can be a complicated topic. Some management approaches deliver powerful lessons in honest and actionable ways, whilst others are full of corporate jargon, buzzwords and not much else.

GUEST OPINION by Craig Nielsen, Vice President, APJ at GitLab: Leadership can be a complicated topic. Some management approaches deliver powerful lessons in honest and actionable ways, whilst others are full of corporate jargon, buzzwords and not much else.

COMPANY NEWS: GitLab, ​​the most comprehensive AI-powered DevSecOps platform, today announced the general availability of the GitLab Duo Enterprise add-on for US$39 per user per month. The add-on is available to Ultimate customers through all GitLab deployment options, including multi-tenant SaaS, single-tenant SaaS, and self-managed.

COMPANY NEWS:  New SCW Trust Agent facilitates a Secure-by-Design approach for enterprises; equips security leaders with unparalleled visibility into their organisations’ software security posture.

GUEST RESEARCH: GitLab, the most comprehensive AI-powered DevSecOps platform, today released its 8th annual Global DevSecOps Report on the current state of software development. GitLab surveyed CXOs, IT leaders, developers, and security and operations professionals worldwide on their successes, challenges, and main priorities for implementing DevSecOps.

COMPANY NEWS: GitLab, the most comprehensive AI-powered DevSecOps platform, today announced the public beta of expanded integrations with Google Cloud that will help developers work more effectively, quickly, and productively.

GUEST OPINION: More than a decade ago, businesses faced a new, disruptive technology. This technology promised to cut operational costs, increase productivity, and allow for collaboration from around the world. It also raised concerns about reliability, security, and government regulations.

COMPANY NEWS: All Remote – GitLab, the most comprehensive AI-powered DevSecOps platform, today announced new innovations across the platform to streamline how organisations build, test, secure, and deploy software.

GUEST OPINION: The Australian Government’s Budget announcement of investment into AI regulation underscores the need for action to address emerging AI risks. The regulatory framework we put in place today will help organisations future-proof how they evolve with AI, ensuring they reap the benefits of AI without creating vulnerabilities.

COMPANY NEWS: GitLab, the most comprehensive AI-powered DevSecOps platform, today announced the general availability of GitLab Duo Chat.

GUEST OPINION: There has been much public discourse around how to set guardrails for AI adoption.

COMPANY NEWS: GitLab, the most comprehensive AI-powered DevSecOps platform, today announced that it has received the 2024 Google Cloud Technology Partner of the Year Award in the Application Development - DevOps category. This is the fourth consecutive year GitLab has been recognised.

COMPANY NEWS: GitLab, the most comprehensive AI-powered DevSecOps platform, today announced updates to GitLab Duo, the company’s suite of AI capabilities, including the beta of GitLab Duo Chat available in the GitLab 16.6 November product release, and the general availability of GitLab Duo Code Suggestions in the GitLab 16.7 December product release.

GUEST RESEARCH: Bitdefender Labs has been monitoring the growing trend among cybercriminals who actively exploit social media networks for malvertising. The end goal of these attacks is to hijack accounts and steal personal data through malicious software.

Social media platforms offer immense opportunities for financially motivated threat actors to conduct large-scale attacks against unsuspecting Internet users. Fraudulent and malicious threats are prevalent on all social networks and it has become crucial for users to be aware of the latest tricks that can compromise the security of their accounts, data, reputation and finances.

Cybercriminals always seek to trick users into taking all sorts of unwelcome actions, and one way they achieve this is by abusing the ad network.

Malvertising campaigns take advantage of the tools and methods used by legitimate entities to distribute regular online ads, with cybercriminals submitting infected links onto typical advertisement networks via some form of provocative enticement meant to sway users into clicking on an infected link.

This report focuses on how cybercriminals have adapted NodeStealer attacks – a type of malware used by threat actors to steal browser cookies and login credentials, enabling them to hijack Gmail, Facebook, Outlook, and possibly other accounts – to abuse Meta’s ads network on Facebook and compromise users’ privacy and security. Below is a summary of Bitdefender’s analysis conducted between the 10th and 20th October:

• Researchers discovered multiple hijacked Facebook accounts used in the attacks – at least 10 compromised business accounts that continue to serve malicious ads to the public
• The ads serve a newer version of NodeStealer
• The threat actors created multiple Facebook profiles, all of which dangle access to new media files of the portrayed women
• Multiple iterations of the same ad were used in about 140 malicious ad campaigns
• Attackers used a maximum of five active ads at a time and switched between them at 24-hour intervals to try to avoid ad reports from users
• The ads used revealing photos of young women to lure victims into deploying the malware
• Clicking on ads immediately downloads an archive containing a malicious .exe ‘Photo Album’ file which also drops a second executable written in .NET – this payload is in charge of stealing browser cookies and passwords
• Given that each ad click instantly downloads the malicious archive, Bitdefender has estimated 100,000 potential downloads from the Ad reach analysis, with a single ad having as many as 15,000 downloads within just a 24-hour rollout
• The most impacted demographic is 45+ Males

The above information regarding the demographic and reach of the campaign has been collected by tracking the ads on Meta Ad Library.

NodeStealer is a relatively new info-stealer, discovered by Meta’s security team in January 2023, that allows threat actors to steal browser cookies and conduct account takeovers at scale.

The first NodeStealer campaign (documented by Meta) was attributed to threat actors in Vietnam, who custom-built the malicious tool (written in JavaScript and executed through Node.js) to target business users via fake communications through Facebook Messenger. The malware let attackers seize control of business accounts, without the need for any further interactions with the victim, and even bypassed security mechanisms such as two-factor authentication (2FA).

Although the stealer was primarily designed to hijack cookie sessions from web browsers including Google Chrome, Microsoft Edge, Brave and Opera, and take over Facebook accounts, threat actors have worked diligently to equip the malware with new capabilities during the year.

The NodeStealer ‘2.1’ malware discovered by Bitdefender’s researchers is the modernised version of the info-stealer (written in Node), to which cybercriminals have added new features that allow them to obtain unlawful entry into additional platforms (Gmail and Outlook), to steal crypto wallet balances and download additional malicious payloads – components that could have devastating financial and reputational consequences for victims.

The malware Is distributed via Windows executable files disguised as photo albums.

NodeStealer attack saga continues to plague Facebook – this time with a twist
Researchers at Bitdefender Labs have observed a fresh take on NodeStealer attacks deployed on Facebook, with threat actors using compromised business accounts to deliver malicious Ad campaigns to unwary internet users.

According to Bitdefender researchers, threat actors are no longer interested in only hijacking Facebook business accounts – they’ve expanded their attacks to target regular Facebook users by using distinctive methods.

To gain access to users’ accounts and systems, cybercriminals abuse ad credit balances of compromised business accounts to run and manage ads that deliver the malicious payload to their select target audience.

They create a Facebook page under the name “Album Update” (or similar) where they add revealing photos of young women.

Other names of fake profiles include:

• Album Girl News Update
• Private Album Update
• Hot Album Update Today
• Album New Update Today
• Album Private Update Today

After the page is set up, malicious actors begin running ads that promote fake new content and entice users with lewd album covers. Some of the photos advertised appear to have been edited or even AI-generated.

Attackers also use short descriptions to bait users into downloading the media archive, such as “New stuff is online today” and “Watch now before it’s deleted.”

The “Albums,” in fact, point to either Bitbucket or Gitlab repositories that store an archive containing a Windows executable that deploys newer versions of NodeStealer onto the user’s device.

What are consumers’ risks and how can you defend against NodeStealer ad attacks?

Once cybercriminals gain access to users’ cookies using the basic features of NodeStealer, they take over Facebook accounts and access sensitive information.

From there, hackers can attempt to change passwords and add additional security measures to accounts to completely cut off access to the legitimate owner and commit a variety of crimes of fraud. Whether stealing money or scamming new victims via hijacked accounts, this type of malicious attack allows cybercriminals to stay under the radar by sneaking past Meta’s security defences.

The first line of defence against Nodestealer malware delivered via phishing links, attachments or ads, is to always use a security solution on your device and keep it up to date. Anti-malware and anti-virus software keep you and your devices safe from new and existing threats by detecting malware and safely removing or stopping it from causing any damage. Additionally, internet users should always stay vigilant and stick to good cyber hygiene in all online interactions. It’s always best to think twice before you click on unsolicited links associated with alarming notices or ads that prompt you to download provocative media files.

Specifically for this campaign, Facebook users should steer clear of ads that suggest you download photo albums from Bitbucket, Gitlab or Dropbox.

About Bitdefender
Bitdefender provides cybersecurity solutions with leading security efficacy, performance and ease of use to small and medium businesses, mid-market enterprises and consumers. Guided by a vision to be the world’s most trusted cybersecurity solutions provider, Bitdefender is committed to defending organisations and individuals around the globe against cyberattacks to transform and improve their digital experience. bitdefender.com.au/

Australian multinational real estate company Lendlease has tapped GitLab and its DevSecOps platform to instil a culture of change in their software development teams.

GUEST OPINION: Australia’s new Cyber Security Strategy to begin building six cyber shields around the nation comes at a time when it’s more important than ever to protect businesses and citizens from new technologies and more sophisticated cyber attacks.

COMPANY NEWS: Remote, the leader in building, managing, and supporting globally distributed workforces, today announced its vision to help companies and individuals fully realise the benefits of the global economy.