From Security Weekly Wiki
Jump to navigationJump to search


  1. Cybercriminals Could be Coming After Your Coffee - From the article: When it comes to whether you should get an IoT device or not, the general rule is to first ask yourself this question: Do I really need my light bulb/coffee pot/washing machine/doorbell/other household items to be smart? The real question is "When will I no longer have a choice?".
  2. JWT Tokens: The What, How, and Why - This helped me understand things: The main difference to notice here is that with cookies, the information is stored server-side, while with JWT, since the information is stored in the actual token, the information is stored client-side. Since the server doesn’t need to remember anything, this simplifies things a lot, especially when working with multiple servers and having different sessions. Some JWT attacks rely on poor key management....
  3. Attackers finding new ways to exploit and bypass Office 365 defenses - Help Net Security - Oh, all we need is Zero Trust: Zero-trust email: ​Adhere to a zero-trust-email approach, which should serve as a baseline for an email security strategy. All email, especially ongoing interactions with external partners and suppliers, should be considered areas of compromise.
  4. Oracle VM VirtualBox Buffer Overflow
  5. Microsoft IE Browser Death March Hastens
  6. 78% of Microsoft 365 admins don't activate MFA - Help Net Security
  7. Humans are Bad at URLs and Fonts Dont Matter
  8. Hackers Can Open Doors by Exploiting Vulnerabilities in Hrmann Device | SecurityWeek.Com
  9. URL and website scanner - urlscan.io
  10. Over 100 irrigation systems left exposed online without protection
  11. Microsoft Introduces New Password Spray Detection for Azure | SecurityWeek.Com
  12. Anonymous Authentication: How to Secure Public APIs
  13. Back to the future: What the Jericho Forum taught us about modern security - Microsoft Security
  14. Nagios XI 5.7.3 Remote Command Injection
  15. StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations | SecurityWeek.Com
  16. Can automated penetration testing replace humans? - Help Net Security
  17. KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms
  18. Oracle WebLogic Server RCE Flaw Under Active Attack
  19. Tracking Users on Waze - Schneier on Security
  20. Microsoft Introduces Device Vulnerability Report in Defender for Endpoint | SecurityWeek.Com
  21. Redirect Detective - Discover where those redirects really go to
  22. Hackers may have been of its time, but it was also ahead of it