Application Security This Week for August 4

The Capital One breach leads the news this week, for a dozen good reasons.

https://start.jcolemorrison.com/the-technical-side-of-the-capital-one-aws-security-breach/

 

Reeeeeely good writup on Crypto attacks from Checkpoint.  More than just reading the unreadable, ya know.

https://research.checkpoint.com/cryptographic-attacks-a-guide-for-the-perplexed/

 

The Node Package Manager is in the news again, thanks to a huge kerfuffle related to someone injecting malware into a much-used package.  Think before you import, people.

https://harry.garrood.me/blog/malicious-code-in-purescript-npm-installer/

https://medium.com/commitlog/the-internet-is-at-the-mercy-of-a-handful-of-people-73fac4bc5068

 

Credential stuffing attacks are outpacing phishing, sayth Akamai.

https://www.theregister.co.uk/2019/07/31/black_hats_hate_banks_says_akamai/

 

And we are still talking about weakening encryption, of course:

https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/#37320cb05362

 

That's the news, people.  Stay safe.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList