From Security Weekly Wiki
Jump to navigationJump to search
#[ JWT Tokens: The What, How, and Why] - This helped me understand things: ''The main difference to notice here is that with cookies, the information is stored server-side, while with JWT, since the information is stored in the actual token, the information is stored client-side. Since the server doesn’t need to remember anything, this simplifies things a lot, especially when working with multiple servers and having different sessions.'' Some JWT attacks rely on poor key management....
#[ Attackers finding new ways to exploit and bypass Office 365 defenses - Help Net Security] - Oh, all we need is Zero Trust: ''Zero-trust email: ​Adhere to a zero-trust-email approach, which should serve as a baseline for an email security strategy. All email, especially ongoing interactions with external partners and suppliers, should be considered areas of compromise.''
#[ Oracle VM VirtualBox Buffer Overflow]- ''A buffer overflow vulnerability in Oracle VM VirtualBox was privately reported to Oracle on September 22, 2020 and was silently patched in VM VirtualBox version 6.1.16r140961.'' Not-so-silent (though no exploit example was provided, I didn't look further).
#[ Microsoft IE Browser Death March Hastens]
#[ 78% of Microsoft 365 admins don't activate MFA - Help Net Security]


Navigation menu