Devs, you were right all along: about.gitlab.com/switch/ GitLab delivers more than DevSecOps and AI, we give you independence. DM me to get started on your path back to freedom.

GitLab Duo CLI is now out in public beta.

GitLab Threat Intelligence Team reveals North Korean tradecraft about.gitlab.com/blog/gitlab…

How do you catch a DPRK actor you ask? Here are a few things to think about; 1. They love to use a VPN when applying for jobs. Check your HR system.

Welcome to the era of the token. In the past, attackers had to breach networks, bypass security controls, escalate privileges, and evade detection just to reach confidential data. Now? A single OAuth authorization - granted with one click - can hand over access to emails, files, and cloud services. No need to dump credentials, bypass EDR, or move laterally. Just steal a token and walk right in. The cloud-first world has made security more convenient - but also far more fragile.

The @Lions secure a spot in the #NFLPlayoffs 🔥 #EasyToCelebrate | @budlight

GitLab Duo 🤝Amazon Q Today, we’re announcing a joint offering with @awscloud that brings together GitLab Duo with Amazon Q. Learn more here: bit.ly/4eUcfb1

What people often overlook in #DetectionEngineering is that there’s no "one-size-fits-all" rule to detect a threat. It depends on your goals. How specific should the rule be? Are you tracking a threat actor, detecting the tool/malware, or focusing on the technique? Should it be based on code, content, form, or metadata? Just like in art, you can create an abstract, impressionist, or realistic painting of the same subject, and all can be masterpieces in their own right

Hit a deadlift PR with #overclock 🔥375lbs #wehackhealth

Time to get it 💪 #wehackhealth

It’s here 🔥🔥🔥 #wehackhealth

Love this! I ordered my pre workout - can’t wait for it to get here!

This this! The Great Lakes are just as awesome - or even better than the ocean!

This story is just mind-blowing. Not only the scale ($11B in three years) and the scope (they sell cattle prods to keep slave labourers in check) but mostly for the fact it's operating almost completely in public and has links to Cambodia's ruling family....

We’re on the list!

Yessssssse - love @raisingcanes

⚠️ We are collaborating with partners to respond to a recent compromise—discovered by independent security researchers—impacting Sisense. For more info, check out: cisa.gov/news-events/alerts/…

Massive data breach at SiSense - a business intelligence platform. Actors allegedly compromised network, exfiltrated data and could potentially contain customer data. Highly recommend if using SiSense, to look at the following: * Change passwords of any SiSense accounts including customer service accounts / shared accounts. * Reset API keys used for Sisense service if applicable. * Look for any unusual activity dating from April 5th, 2024 and onward. Right now, it's in the early stages on what occurred and the extent of compromise is still widely unknown. cisa.gov/news-events/alerts/…

Today was a big day for the United States government and United Kingdom government. The Federal Bureau of Investigation and U.K. National Crime Agency’s (NCA) Cyber Division unveiled a massive, multi-year long investigation which has led to a catastrophic blow to Lockbit ransomware group and affiliates. The Lockbit ransomware group Tor domain name displays a list of posts announcing activity performed by law enforcement agencies. It is written in Lockbit format, illustrating they have full control over Lockbit ransomware groups infrastructure. Law enforcement has done the following 1. Law enforcement agencies will be unveiling sensitive information on Lockbit cryptocurrency and money operations February 23th, 2024 2. Law enforcement, with SecureWorks, will be revealing information on Lockbit tradecraft February 22nd, 2024 3. Law enforcement will be unveiling Lockbit affiliate infrastructure February 21st, 2024 4. Law enforcement, with TrendMicro, will be releasing a detailed analysis on Lockbit future-iterations February 22nd, 2024 5. Law enforcement will be unveiling information on Lockbit's StealBit data exfiltration tool February 21st, 2024 6. Law enforcement will be unveiling sanctions on Lockbit ransomware group at 15:30UTC today 7. Law enforcement, in conjunction with Japanese partners, has released a Lockbit decryptor tool 8. An individual in Poland has been arrested 9. An individual in Ukraine has been arrested 10. Law enforcement plans on unveiling the identity of the Lockbit ransomware group administration February 23rd, 2024 11. The United States government unveiled the indictement of two individuals associated with Lockbit ransomware group: Artur Sungatov and Ivan Kondratyev 12. The United Kingdom NCA has unveiled sensitive information on the Lockbit backend: the administration panel, the blog backend, and the blog source functionality. This includes the images of the source code.