From Security Weekly WikiJump to navigationJump to search
- Netflix: BPF is a new type of software we use to run Linux apps securely in the kernel | ZDNet
- Automated security tests with OWASP ZAP
- HackerOne Breach Leads to $20,000 Bounty Reward
- OpenBSD patches authentication bypass, privilege escalation vulnerabilities | ZDNet
- HackerOne breach lets outside hacker read customers private bug reports - Oops: , the HackerOne analyst sent the community member parts of a cURL command that mistakenly included a valid session cookie that gave anyone with possession of it the ability to read and partially modify data the analyst had access to. One must be careful when sharing information with a bunch of hackers.
- Hackers Find Ways Around a Years-Old Microsoft Outlook Fix - "We've been using Outlook Home Page attacks for several years in our red team engagements," says Dave Kennedy, TrustedSec's founder and CEO. "Our goal is to use real-world attacks and adversary capabilities against our customers, and Home Page attacks largely go unnoticed in almost every organization. When you have a Microsoft Office product making modifications to the Office Registry, it's very difficult for defenders to pick up on because it looks legitimate."
- Two malicious Python libraries caught stealing SSH and GPG keys | ZDNet
- Mystery Server Found to Host Private Data in the Open for 1.2...
- Palo Alto Networks Employee Data Breach Highlights Risks Posed by Third Party Vendors - 3rd party risk management companies are loving this: After all, it wasn't their company which leaked the data and placed it on the internet. Instead, it was an external company, contracted to provide a service to Palo Alto Networks, which was careless with the sensitive information.
- Hacking robotic vehicles is easier than you might think - Help Net Security
- If You Bought a Smart TV on Black Friday, the FBI Has a Warning for You - Huh? Backdoor through my router? "Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router." - An attacker still needs a way to get software on the TV to spy on you, maybe it's a backdoor in an app that is installed on the TV, perhaps a backdoor in the firmware, maybe intercepting domains the TV's use to call out to apply updates or get other data. Suggesting that we put tape over the cameras is just silly. How about we address the actual security vulnerabilities, rather than send people into a panic and have them do things that don't really fix the problem?
- New crypto-cracking record reached, with less help than usual from Moores Law
- Inside Mastercard's Push for Continuous Security | SecurityWeek.Com
- Screw Productivity Hacks: My Morning Routine Is Getting up Late