1 | Researchers at security firm Horizon3 discovered a default Flask Secret Key that Apache Superset uses by default to sign authentication session cookies that could let attackers access and modify data, harvest credentials, and execute commands. According to Horizon, around 67% of all Supetset instances use one of the four default keys. 
|
|
2 | GitHub announced the public beta of Deployment Protection Rules to provide additional control to GitHub Actions Ci/CD Workflows. Configuring Deployment Protection Rules enables developers to set up rigorous control mechanisms to ensure high-quality, tested code reaches production. |
|
3 | GitLab introduced a new Value Streams Dashboard to provide strategic insights and offers visibility across every step of the SLDC to optimize software delivery. Other AI-based capabilities include the ability to establish license policies and scan software licenses for compliance, protect secrets from being leaked, and automatically enforce security policies. |
|
4 | NVIDIA open-sourced NeMo Guardrails with the necessary code, examples, and documentation to enable businesses to add safety to AI apps that generate text. It allows developers to set up topical, security, and safety guardrails without any machine learning expertise. |
|
5 | Google announced the availability of a Richer UI install for desktops, enabling developers to provide their users with specific context about the app while installing. Google cautioned that this is an experimental UI and could change in the future based on feedback from the community. |
|
6 | Microsoft unveiled the productivity and quality-of-life improvements available to Git in VS v17.6 Preview 2. The features include an improved search for related GitHub issues and Azure DevOps Work items, merge enhancements, Git history pref improvements, and new branch and tag naming enhancements. |
|
7 | AWS added three new capabilities to its threat detection service, Amazon GuardDuty, to strengthen customer security through expanded coverage and continuous enhancements in machine learning, anomaly detection, and integrated threat intelligence. The capabilities extend GuardDuty protection to container runtime behavior, database, and serverless environments. |
|
