From Security Weekly WikiJump to navigationJump to search
- Microsoft OneDrive client for Windows Qt QML module hijack shows once again that DLL hijacking remains relevant and software composition remains rife with flaws.
- Zero-day flaw found in Zoom for Windows 7, which also means you have more security issues to worry about with end-of-life Windows than updated Zoom.
- Protecting your remote workforce from application-based attacks like consent phishing is a long headline that boils down to ensuring your threat models consider how your app protects authentication tokens like OAuth.
- Mozilla suspends Firefox Send service while it addresses malware abuse that boils down to ensuring your threat models consider how your app protects against misuse.
- Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings, which isn't necessarily a ranking to strive for.
- Stop Talking About ‘Technical Debt’ provides a history of the term, but ends up making a case more for using productive metaphors than overwrought ones.