GitHub changes its compromised SSH key
Developer platform GitHub has changed its RSA SSH key after it was accidentally exposed on a public repository. Late last week, GitHub tweeted that it had…
Month: March 2023
Medibank’s group executive of technology retires – Training & Development
John Goodall (Image credit: Medibank) Medibank’s group executive of technology and operations John Goodall will retire next month, with the health insurer now looking for…
We’re back! BugBountyNotes relaunched as BugBountyHunter.com | by Sean (zseano)
Hi there! What a year it’s been right?! Let’s not mention the C word… it’s lockdown in 2hours here in the UK. Yay. Although, I…
New Microsoft Teams is twice as fast, available for all in June
Microsoft has unveiled a faster and redesigned version of its Microsoft Teams communication and collaboration software that has begun rolling out to Windows users today…
One of the biggest data breaches in Australian history
An Australian non-bank lender by the name of Latitude Financial has disclosed that a cyber intrusion that occurred earlier this month on its systems was…
Solving the password’s hardest problem with passkeys, featuring Anna Pobletts
This week on Lock and Code, we speak with Anna Pobletts about the “death” of passwords, and how passkeys can become the non-compromising fix to…
Leaked Salesforce API access token at IKEA.com | by Jonathan Bouman
Proof of concept BackgroundPreviously we discussed a Local File Inclusion bug at IKEA.com, the bug was quite complicated and showed us that you have to…
Apple fixes recently disclosed WebKit zero-day on older iPhones
Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug for older iPhones and iPads. The vulnerability (CVE-2023-23529)…
Attacks on Applications of K-Anonymity — For the Rest of Us | by d0nut
Three weeks ago I saw a blog post by fellow bug hunter, Jack Cable. The post both inspired and challenged me. The attack vector presented…
Exchange Online to block emails from vulnerable on-prem servers
Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from “persistently vulnerable Exchange servers” 90 days…
Portion of Twitter’s Proprietary Source Code Leaked on GitHub
Reportedly, the source code remained public for several months before being taken down by GitHub. According to a news report from the New York Times…
Source Code of Twitter leaked on GitHub
Twitter issued a public statement stating that parts of its source code were leaked on GitHub and that its officials were trying their best to…