Difference between revisions of "Template:ASW116NewsMikeShema"

From Security Weekly Wiki
Jump to navigationJump to search
(Added By Paul's Craptastic PPWorks Code)
 
Line 1: Line 1:
 
===Articles===
 
===Articles===
 +
* [https://www.twilio.com/blog/incident-report-taskrouter-js-sdk-july-2020 TaskRouter JS SDK Security Incident] shows once again the dangerous combination of misconfigured cloud resources and the reliance of apps on those resources.
 +
* [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability] shows once again the dangerous combination of server-side path manipulation from client-supplied values.
 +
* [https://douevenknow.us/post/619763074822520832/an-el1el3-coldboot-vulnerability an EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices] shows how a secure OS needs an equally secure device ecosystem.
 +
* [https://security.googleblog.com/2020/07/towards-native-security-defenses-for.html Towards native security defenses for the web ecosystem] shows how browser developers are improving and implementing web standards to defeat classes of vulns.
 +
* [https://www.zdnet.com/article/academics-smuggle-234-policy-violating-skills-on-the-alexa-skills-store/ Academics smuggle 234 policy-violating skills on the Alexa Skills Store] shows how to subvert Alexa to tell far more than it should.
 +
* [https://www.csoonline.com/article/3245748/what-is-devsecops-developing-more-secure-applications.html What is DevSecOps? Why it's hard to do well] shows the familiar suggestions on making security successful and how DevOps contributes to that.

Revision as of 20:55, 26 July 2020

Articles