World Data Backup Day: Are You Doing it Right?
It’s the World Data Backup Day. We have completely swapped the physical storage of documents with soft copies to store and manage our information. A…
Month: March 2023
The feature works as intended, but what’s in the source? | by Sean (zseano)
This is another bug that was right in front of everyone because if you didn’t purposely look for it you’d never realise personal information was…
Keeper Security April Fools – IT Security Guru
Anyone who pays attention on April Fool’s Day has learned to think twice about the information they read, the links they receive and the people…
NIS2 and the chain liability’s impact on Secure Software Development
If you are a software supplier and your customer is covered by the EU NIS2 directive, you might very well be hit also. By Michael…
OSC&R open software supply chain attack framework now on GitHub
OSC&R (Open Software Supply Chain Attack Reference) is an open framework for understanding and evaluating software supply chain security threats. It has received the endorsement…
Microsoft Bing Search Results Altered Through AAD Misconfiguration
Security researchers detected a new attack vector in Azure Active Directory (AAD) that allowed them to alter the search results of Microsoft Bing, potentially exposing…
Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com | by Jonathan Bouman
Proof of concept Are you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me:…
New Malware Dubbed Mélofée Attacking Linux Servers
ExaTrack found a new undetected implant family called Mélofée that targets Linux systems. Three samples of the previously known malicious software, dating from the beginning…
The foundation of a holistic identity security strategy
Only 9% of organizations are taking an agile, holistic and mature approach to securing identities throughout their hybrid and multi-cloud environments, according to CyberArk. A…
Better Exfiltration via HTML Injection | by d0nut
I used Google Drawings and there’s no shame in that This is a story about how I (re)discovered an exploitation technique and took a bug…
Gamers playing with real money should be wary of scammers.
Are you one of those who play games by investing real money to earn double or triple the amount in return? If yes, then you…
Overcoming obstacles to introduce zero-trust security in established systems
In this Help Net Security interview, Michal Cizek, CEO at GoodAccess, discusses the crucial balance between leveraging distributed resources and maintaining top-notch security measures. With…