Difference between revisions of "Template:ASW114NewsMikeShema"

From Security Weekly Wiki
Jump to navigationJump to search
(Added By Paul's Craptastic PPWorks Code)
 
 
Line 1: Line 1:
 
===Articles===
 
===Articles===
 +
* [https://www.securify.nl/advisory/SFY20200708/microsoft-onedrive-client-for-windows-qt-qml-module-hijack.html Microsoft OneDrive client for Windows Qt QML module hijack] shows once again that DLL hijacking remains relevant and software composition remains rife with flaws.
 +
* [https://www.cyberscoop.com/zoom-zero-day-windows-7-acros/ Zero-day flaw found in Zoom for Windows 7], which also means you have more security issues to worry about with end-of-life Windows than updated Zoom.
 +
* [https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/ Protecting your remote workforce from application-based attacks like consent phishing] is a long headline that boils down to ensuring your threat models consider how your app protects authentication tokens like OAuth.
 +
* [https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/ Mozilla suspends Firefox Send service while it addresses malware abuse] that boils down to ensuring your threat models consider how your app protects against misuse.
 +
* [https://threatpost.com/verizon-media-paypal-twitter-bug-bounty-rankings/157040/ Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings], which isn't necessarily a ranking to strive for.
 +
* [https://builtin.com/software-engineering-perspectives/is-technical-debt-real Stop Talking About ‘Technical Debt’] provides a history of the term, but ends up making a case more for using productive metaphors than overwrought ones.

Latest revision as of 20:06, 12 July 2020

Articles