From Security Weekly WikiJump to navigationJump to search
* [https://research.checkpoint.com/2020/apache-guacamole-rce/ Would you like some RCE with your Guacamole?] or at least read some some flawed C code that weakened an RDP service?
* [https://www.darkreading.com/vulnerabilities---threats/attackers-will-target-critical-pan-os-flaw-security-experts-warn/d/d-id/1338221 Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn], which isn't much of warning about flaws being attacked, but is a good reminder about modeling attacker goals.
* [https://www.zdnet.com/article/microsoft-releases-emergency-security-update-to-fix-two-bugs-in-windows-codecs/ Microsoft releases emergency security update to fix two bugs in Windows codecs] that once again proves a picture is worth a 1,000 flaws and why [https://www.zdnet.com/article/google-discloses-zero-click-bugs-impacting-several-apple-operating-systems/ this
other article] notes the design changes that Android and Mozilla took in their media handling code.
* [https://www.marcolancini.it/2020/blog-kubernetes-threat-modelling/ The Current State of Kubernetes Threat Modelling] highlights past work in evaluating the security of Kubernetes.
* [https://devops.com/how-to-build-a-culture-of-resilience-through-good-habits/ How To Build a Culture of Resilience Through Good Habits] so that improving availability also leads to improving confidentiality and integrity.