From Security Weekly WikiJump to navigationJump to search
- 6 Things to Know About the Microsoft 'Zerologon' Flaw that remains in the news due to active exploitation of a flaw in the misuse of cryptographic algorithms.
- Chrome updates for several high risk flaws worth over $45K in bounties.
- You can bypass TikTok's MFA by logging in via a browser, which should be a reminder to have an authentication and authorization mechanism that you can apply consistently and universally across your app's endpoints.
- #Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS takes the perfect picture of software composition analysis, media handling libraries, and gives us a chance to revisit the benefits of fuzzing and sandboxing.
- Shopify discloses security incident caused by two rogue employees and puts the spotlight again on how to design apps to be resistance abuse of privileged access.
- Microsoft Advances DevOps Agenda and it looks like we'll eventually have an entire appsec program within Visual Studio.