From Security Weekly WikiJump to navigationJump to search
- TaskRouter JS SDK Security Incident shows once again the dangerous combination of misconfigured cloud resources and the reliance of apps on those resources.
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability shows once again the dangerous combination of server-side path manipulation from client-supplied values.
- An EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices shows how a secure OS needs an equally secure device ecosystem.
- Towards native security defenses for the web ecosystem shows how browser developers are improving and implementing web standards to defeat classes of vulns.
- Academics smuggle 234 policy-violating skills on the Alexa Skills Store shows how to subvert Alexa to tell far more than it should.
- Apple Security Research Device Program shows more details about participating, although Google's Project Zero team won't be applying for Apple's SRD program.
- What is DevSecOps? Why it's hard to do well shows the familiar suggestions on making security successful and how DevOps contributes to that.