World Data Backup Day: Are You Doing it Right?
31
Mar
2023

World Data Backup Day: Are You Doing it Right?

It’s the World Data Backup Day. We have completely swapped the physical storage of documents with soft copies to store…

The feature works as intended, but what’s in the source? | by Sean (zseano)
31
Mar
2023

The feature works as intended, but what’s in the source? | by Sean (zseano)

This is another bug that was right in front of everyone because if you didn’t purposely look for it you’d…

Keeper Security April Fools - IT Security Guru
31
Mar
2023

Keeper Security April Fools – IT Security Guru

Anyone who pays attention on April Fool’s Day has learned to think twice about the information they read, the links…

NIS2 and the chain liability’s impact on Secure Software Development
31
Mar
2023

NIS2 and the chain liability’s impact on Secure Software Development

If you are a software supplier and your customer is covered by the EU NIS2 directive, you might very well…

31
Mar
2023

OSC&R open software supply chain attack framework now on GitHub

OSC&R (Open Software Supply Chain Attack Reference) is an open framework for understanding and evaluating software supply chain security threats….

Microsoft Bing Search Results Altered Through AAD Misconfiguration
31
Mar
2023

Microsoft Bing Search Results Altered Through AAD Misconfiguration

Security researchers detected a new attack vector in Azure Active Directory (AAD) that allowed them to alter the search results…

Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com | by Jonathan Bouman
31
Mar
2023

Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com | by Jonathan Bouman

Proof of concept Are you aware of any (private) bug bounty programs? I would love to get an invite. Please…

Malware Attacking Linux Servers
31
Mar
2023

New Malware Dubbed Mélofée Attacking Linux Servers

ExaTrack found a new undetected implant family called Mélofée that targets Linux systems. Three samples of the previously known malicious…

31
Mar
2023

The foundation of a holistic identity security strategy

Only 9% of organizations are taking an agile, holistic and mature approach to securing identities throughout their hybrid and multi-cloud…

Better Exfiltration via HTML Injection | by d0nut
31
Mar
2023

Better Exfiltration via HTML Injection | by d0nut

I used Google Drawings and there’s no shame in that This is a story about how I (re)discovered an exploitation…

Gamers playing with real money should be wary of scammers.
31
Mar
2023

Gamers playing with real money should be wary of scammers.

Are you one of those who play games by investing real money to earn double or triple the amount in…

31
Mar
2023

Overcoming obstacles to introduce zero-trust security in established systems

In this Help Net Security interview, Michal Cizek, CEO at GoodAccess, discusses the crucial balance between leveraging distributed resources and…