Application Security This Week for December 8

My favorite thing this week: SwiftOnSecurity accidentally dropped a Confluence 0-day on Twitter.  Oopsie.

https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/

 

An Android spoofing vulnerability is already being exploited by bank thieves.  Hard to write secure apps when the platform doesn't help.

https://arstechnica.com/information-technology/2019/12/vulnerability-in-fully-patched-android-phones-under-active-attack-by-bank-thieves/

 

On that topic, here's a cool primer on Android reverse engineering.

https://maddiestone.github.io/AndroidAppRE/

 

TruffleHog is a new (and still a little rough) script to sniff out secrets from GitHub repos.

https://www.darknet.org.uk/2019/12/trufflehog-search-git-for-high-entropy-strings-with-commit-history/

 

AWS built a took to yell at you if you have open S3 buckets.

https://www.theregister.co.uk/2019/12/03/aws_s3_buckets/

 

That's the news, folks.  Stay safe out there.

Comments are closed
Mastodon