by Bill Sempf
29. March 2020 23:03
Unusual challenges ahead. Remember that with remote working, application security is on the front lines, and there are those out there that don't care about the pandemic crisis or dead people, they just want to steal stuff.
Extraordinary article about his exact topic from SANS. I am not SANS biggest fan but this is very good work.
https://isc.sans.edu/diary/rss/25940
An error in a font (no I am not kidding) is causing problems. Check your sites.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
I have stepped away from appsec before in this newsletter, but this is a new bar. This is a link to free codes for games on Steam to play while you are keeping away from your friends and neighbors. Let's use the Internet to stay in touch, and KEEP IT RUNNING. We are on the front lines.
https://docs.google.com/spreadsheets/d/1LoYfg6bI649dPQfevPNZzL2Xm9o4pOH0bUkIrIcWry4/edit#gid=1293924779
Please, please stay safe.
S
31f27f8b-e194-4960-8794-542cebc2163b|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
by Bill Sempf
22. March 2020 12:29
Quarantine edition.
Microsoft patches the newest SMB flaw. Stop using SMB.
https://nakedsecurity.sophos.com/2020/03/16/microsoft-patches-wormable-windows-10-smbghost-flaw/
Microsoft bough npm. This should be interesting.
https://www.windowscentral.com/microsofts-github-acquires-npm-help-javascript-developers
There are a ton of folks streaming and running virtual conferences right now. Watch them. I'm watching PancakesCon right now. Even if you are an introvert, it's good for your mental health.
https://tisiphone.net/2020/03/15/pancakescon-2020-quarantine-edition/
Keep safe, keep aware. We are in condition orange. Distance yourself from poisonous people. (and I don't mean ill people) Help out your neighbors if you can.
4cc1f29c-cbc5-4f79-a3a3-3da31044429f|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
by Bill Sempf
15. March 2020 14:21
dea2bb8c-464d-4191-8da5-91fcbb42a5ab|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
by Bill Sempf
8. March 2020 15:56
NordVPN has yet another interesting application security vulnerability.
https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/
The University of Cincinnati has open sources their malware reverse engineering class.
https://class.malware.re/
Not new but new to me: 23 node.js security tips.
https://medium.com/@nodepractices/were-under-attack-23-node-js-security-best-practices-e33c146cb87d
That's the news!
64f95c16-b52d-4f6d-b3df-1fad6bcdd78c|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
by Bill Sempf
1. March 2020 17:04
From @baskarmib on Twitter, we have an example of malware that will steal your Google authenticator codes.
https://www.zdnet.com/google-amp/article/android-malware-can-steal-google-authenticator-2fa-codes/?__twitter_impression=true
OK, I know we have a love hate relationship with ISC2, but they put opuur a cloud security paper, and it is really good.
https://blog.isc2.org/isc2_blog/2020/02/white-paper-on-cloud-security-risks-and-how-to-mitigate-them.html
Google is now explicitly suggesting that developers encrypt data used by their applications, on the device.
https://thehackernews.com/2020/02/android-app-data-encryption.html?m=1
Lots of Google today. Their security team has a good whitepaper on malicious document detection.
https://security.googleblog.com/2020/02/improving-malicious-document-detection.html
Finally, if you aren't getting Violet Blue's weekly security roundup, you are missing out. Lots of good stuff.
https://www.patreon.com/posts/cybersecurity-25-34318466
That's the news, folks. Stay safe.
29bb71d4-1572-4118-8375-3ecd2bf1d10b|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags: