Difference between revisions of "Template:ASW116NewsMikeShema"

From Security Weekly Wiki
Jump to navigationJump to search
(Added By Paul's Craptastic PPWorks Code)
 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
===Articles===
 
===Articles===
 +
* [https://www.twilio.com/blog/incident-report-taskrouter-js-sdk-july-2020 TaskRouter JS SDK Security Incident] shows once again the dangerous combination of misconfigured cloud resources and the reliance of apps on those resources.
 +
* [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability] shows once again the dangerous combination of server-side path manipulation from client-supplied values.
 +
* [https://douevenknow.us/post/619763074822520832/an-el1el3-coldboot-vulnerability An EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices] shows how a secure OS needs an equally secure device ecosystem.
 +
* [https://security.googleblog.com/2020/07/towards-native-security-defenses-for.html Towards native security defenses for the web ecosystem] shows how browser developers are improving and implementing web standards to defeat classes of vulns.
 +
* [https://www.zdnet.com/article/academics-smuggle-234-policy-violating-skills-on-the-alexa-skills-store/ Academics smuggle 234 policy-violating skills on the Alexa Skills Store] shows how to subvert Alexa to tell far more than it should.
 +
* [https://developer.apple.com/programs/security-research-device/?=tuesday-july-21-2020 Apple Security Research Device Program] shows more details about participating, although [https://www.zdnet.com/article/googles-project-zero-team-wont-be-applying-for-apples-srd-program/ Google's Project Zero team won't be applying for Apple's SRD program].
 +
* [https://www.csoonline.com/article/3245748/what-is-devsecops-developing-more-secure-applications.html What is DevSecOps? Why it's hard to do well] shows the familiar suggestions on making security successful and how DevOps contributes to that.

Latest revision as of 21:10, 26 July 2020

Articles