From Security Weekly WikiJump to navigationJump to search
- gcploit provides the tools covered in the recent presentation, Compromise any GCP Org Via Cloud API Lateral Movement and Privilege Escalation: Blackhat/Defcon 2020.
- The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer echoes the email protocols analysis we touched on in episode 118, with an added bonus of disclosure timeline treatment.
- ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks that, although they rely on gaining a physical connection to the ATM, serve as a reminder that unencrypted and unsigned messages are trivial to modify.
- Control Flow Guard for Clang/LLVM and Rust brings compiler countermeasures in C++ to Rust's boundaries with C++ systems and more confidence for devs who venture into the 'unsafe' keyword.
- Fuzzing Services Help Push Technology into DevOps Pipeline, with lots of success from Google Open sourcing ClusterFuzz and similar work from Microsoft we touched on in episode 107.
- 7 Things to Make DevSecOps a Reality really just might mean smart software engineering steps that lead to more secure code.
- Blog post from Sonatype introducing the 2020 State of the Software Supply Chain adds more data to the discussion of successful approaches to securing software dependencies.