Application Security This Week for December 29

It's the holiday edition!  No I'm kidding it's the same stuff as usual.  Sorry.

 

Apparently there is a chat app that is literally spyware developed by a nation state.  This isn't a political blog, but the technical implications are deep. Here's a good writeup.

https://objective-see.com/blog/blog_0x52.html

 

I'm all about supply chain issues, and this is a really good analysis of risks involved with package managers like npm.

https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/

 

Someone reverse engineered an RSA token, and is using it to bypass two factor in the wild.

https://www.schneier.com/blog/archives/2019/12/chinese_hackers_1.html

 

That's the news folks.  See you next decade.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList