Difference between revisions of "Template:PSW672NewsPaulAsadoorian"

From Security Weekly Wiki
Jump to navigationJump to search
Line 12: Line 12:
 
#[https://www.securityweek.com/microsoft-introduces-new-password-spray-detection-azure Microsoft Introduces New Password Spray Detection for Azure | SecurityWeek.Com]
 
#[https://www.securityweek.com/microsoft-introduces-new-password-spray-detection-azure Microsoft Introduces New Password Spray Detection for Azure | SecurityWeek.Com]
 
#[https://medium.com/swlh/anonymous-authentication-how-to-secure-public-apis-8f295f23dff2 Anonymous Authentication: How to Secure Public APIs]
 
#[https://medium.com/swlh/anonymous-authentication-how-to-secure-public-apis-8f295f23dff2 Anonymous Authentication: How to Secure Public APIs]
#[http://www.microsoft.com/security/blog/2020/10/28/back-to-the-future-what-the-jericho-forum-taught-us-about-modern-security/ Back to the future: What the Jericho Forum taught us about modern security - Microsoft Security]
+
#[http://www.microsoft.com/security/blog/2020/10/28/back-to-the-future-what-the-jericho-forum-taught-us-about-modern-security/ Back to the future: What the Jericho Forum taught us about modern security - Microsoft Security] - Truth: ''While it’s tempting to think “but it’s just safer if we block it entirely”, beware of this dangerous fallacy. Users today control how they work and they will find a way to work in a modern way, even if they must use devices and cloud services completely outside the control of IT and security departments. Additionally, attackers are adept at infiltrating approved communication channels that are supposed to be safe (legitimate websites, DNS (Domain Name Servers) traffic, email, etc.).''
 
#[http://exploit.kitploit.com/2020/10/nagios-xi-573-remote-command-injection.html Nagios XI 5.7.3 Remote Command Injection]
 
#[http://exploit.kitploit.com/2020/10/nagios-xi-573-remote-command-injection.html Nagios XI 5.7.3 Remote Command Injection]
 
#[https://www.securityweek.com/stackrox-releases-open-source-tool-finding-kubernetes-misconfigurations StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations | SecurityWeek.Com]
 
#[https://www.securityweek.com/stackrox-releases-open-source-tool-finding-kubernetes-misconfigurations StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations | SecurityWeek.Com]

Revision as of 18:43, 29 October 2020

Articles

  1. Cybercriminals Could be Coming After Your Coffee - From the article: When it comes to whether you should get an IoT device or not, the general rule is to first ask yourself this question: Do I really need my light bulb/coffee pot/washing machine/doorbell/other household items to be smart? The real question is "When will I no longer have a choice?".
  2. JWT Tokens: The What, How, and Why - This helped me understand things: The main difference to notice here is that with cookies, the information is stored server-side, while with JWT, since the information is stored in the actual token, the information is stored client-side. Since the server doesn’t need to remember anything, this simplifies things a lot, especially when working with multiple servers and having different sessions. Some JWT attacks rely on poor key management....
  3. Attackers finding new ways to exploit and bypass Office 365 defenses - Help Net Security - Oh, all we need is Zero Trust: Zero-trust email: ​Adhere to a zero-trust-email approach, which should serve as a baseline for an email security strategy. All email, especially ongoing interactions with external partners and suppliers, should be considered areas of compromise.
  4. Oracle VM VirtualBox Buffer Overflow - A buffer overflow vulnerability in Oracle VM VirtualBox was privately reported to Oracle on September 22, 2020 and was silently patched in VM VirtualBox version 6.1.16r140961. Not-so-silent (though no exploit example was provided, I didn't look further).
  5. Microsoft IE Browser Death March Hastens - Most users are running Chrome, Chrome has plenty of vulnerabilities, do we need IE any longer?
  6. 78% of Microsoft 365 admins don't activate MFA - Help Net Security - 99% is a lot... According to SANS, 99% of data breaches can be prevented using MFA. This is a huge security risk, particularly during a time when so many employees are working remotely.
  7. Humans are Bad at URLs and Fonts Dont Matter - This is why you need more than awareness training.
  8. Hackers Can Open Doors by Exploiting Vulnerabilities in Hrmann Device | SecurityWeek.Com - In one attack scenario described by SEC Consult for SecurityWeek, an attacker who is able to connect to the local network can open doors connected to the Hörmann gateway by executing a small script. The attack does not require authentication and it can be conducted from a mobile phone.
  9. URL and website scanner - urlscan.io
  10. Over 100 irrigation systems left exposed online without protection
  11. Microsoft Introduces New Password Spray Detection for Azure | SecurityWeek.Com
  12. Anonymous Authentication: How to Secure Public APIs
  13. Back to the future: What the Jericho Forum taught us about modern security - Microsoft Security - Truth: While it’s tempting to think “but it’s just safer if we block it entirely”, beware of this dangerous fallacy. Users today control how they work and they will find a way to work in a modern way, even if they must use devices and cloud services completely outside the control of IT and security departments. Additionally, attackers are adept at infiltrating approved communication channels that are supposed to be safe (legitimate websites, DNS (Domain Name Servers) traffic, email, etc.).
  14. Nagios XI 5.7.3 Remote Command Injection
  15. StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations | SecurityWeek.Com
  16. Can automated penetration testing replace humans? - Help Net Security
  17. KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms
  18. Oracle WebLogic Server RCE Flaw Under Active Attack
  19. Tracking Users on Waze - Schneier on Security
  20. Microsoft Introduces Device Vulnerability Report in Defender for Endpoint | SecurityWeek.Com
  21. Redirect Detective - Discover where those redirects really go to
  22. Hackers may have been of its time, but it was also ahead of it