Portswigger published their Top 10 Hacking Techniques for 2020.

https://portswigger.net/research/top-10-web-hacking-techniques-of-2020

Vulnerabilities in malware!

https://malvuln.com/advisory/4932471df98b0e94db076f2b1c0339bd.txt

Github is doubling down on security tools, which I think is awesome.

https://venturebeat.com/2021/02/26/github-cso-pledges-more-security-tools-features-for-developers/amp/

Have a great week!

Microsoft has some guidance for containers using .NET

https://devblogs.microsoft.com/dotnet/staying-safe-with-dotnet-containers/

Another interesting dependency management tool, but this one if for Python!

https://github.com/visma-prodsec/confused

AWS isn't the only cloud that has blob storage permission problems.

https://github.com/cyberark/BlobHunter

Have a good week!

Apparently I failed to publish last week. Sorry about that.

Rolling shellcode from objects in memory.

https://github.com/paranoidninja/PIC-Get-Privileges

The Swiss say they can break encryption using quantum computing.

https://www.bloomberg.com/amp/news/articles/2021-02-07/a-swiss-company-says-it-found-weakness-that-imperils-encryption?__twitter_impression=true

Remember how everyone has been warning about internet-connected industrial control systems?  Whelp.

https://www.tampabay.com/news/pinellas/2021/02/08/someone-tried-to-poison-oldsmars-water-supply-during-hack-sheriff-says/

Look, more supply chain attacks!

https://thehackernews.com/2021/02/dependency-confusion-supply-chain.html

In related news, I'll be speaking on the topic at the Cincinnati Security Users Group on Thursday

https://www.meetup.com/TechLife-Cincinnati/events/hjjlrryccdbxb/

Oh look!  Another one!  We might have a trend here.

https://www.bleepingcomputer.com/news/security/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack/