Thinking of trying a bit of DDoSsing to get a feel for life at the fringes of the Dark Side? Don't do it!
Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.
Microsoft says "successful exploitation requires uncommon user interaction", but it's the innocent and accidental leakage of private data you should be concerned about.
His prediction was called a "Law", though it was an exhortation to engineering excellence as much it was an estimate.
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
Listen now - latest episode. Full transcript inside.
Splunk is adding new security and observability features to its Observability Cloud and Mission Control to identify threats and incidents more efficiently.
The company’s Observability Cloud, which offers AIops-based infrastructure monitoring, application performance monitoring (APM) and intelligence, will get new features that will help IT operation and development operation teams troubleshoot faster and with increased visibility, to enable a unified approach to incident response, the company said.
To read this article in full, please click here
Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...
What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?
Security observability is the ability to gain visibility into an organization’s security posture, including its ability to detect and respond to security threats and vulnerabilities. It involves collecting, analyzing, and visualizing security data to identify potential hazards and take proactive measures to mitigate them.
Security observability involves collecting data from various security tools and systems, including network logs, endpoint security solutions, and security information and event management (SIEM) platforms, and then using this data to gain insights into potential threats. In other words, it tells you what is likely to happen, not just what’s happening already, as with more traditional security operations tools. It’s a significant difference that makes security observability perhaps the most important improvement in cloud security technology that’s come along in recent years.
To read this article in full, please click here
As the misquote goes, "Once is misfortune..." This is the second time, and you know what Lady Bracknell had to say about that...
ForgeRock is adding Enterprise Connect Passwordless to its Identity Platform to provide no-code and low-code approaches for enterprises to add passwordless authentication to their IT infrastructure.
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
Networking can be an annoying problem for software developers. I’m not talking about local area networking or browsing the web, but the much harder problem of ad hoc, inbound, wide area networking.
Suppose you create a dazzling website on your laptop and you want to share it with your friends or customers. You could modify the firewall on your router to permit incoming web access on the port your website uses and let your users know the current IP address and port, but that could create a potential security vulnerability. Plus, it would only work if you have control over the router and you know how to configure firewalls for port redirection.
Alternatively, you could upload your website to a server, but that’s an extra step that can often become time-consuming, and maintaining dedicated servers can be a burden, both in time and money. You could spin up a small cloud instance and upload your site there, but that is also an extra step that can often become time-consuming, even though it’s often fairly cheap.
To read this article in full, please click here
The software supply chain security tool will host new secret-detection capabilities through the command-line interface to help developers prioritize remediation efforts.
Following through on a pledge made last year, GitHub on March 13 will begin phasing in two-factor authentication (2FA) requirements for developers contributing code to the popular code sharing site. All developers will be required to comply by the end of the year.
Smaller groups will be required to enroll in 2FA as of next week, with GitHub selecting accounts for enrollment, the company said on March 9. One or more forms of 2FA will be required, affecting millions of developers. Those chosen will be notified via email and will see a banner on GitHub.com asking them to enroll. Users will have 45 days to configure 2FA on their accounts. Notifications can be “snoozed,” or paused, for as long as a week. The gradual rollout is intended to help GitHub ensure users are on board, with adjustments made as needed, before the process is scaled to larger groups as the year progresses.
To read this article in full, please click here
As cloud usage grew over the past decade, one trend among cloud users remained constant: Security held steady as the top challenge for users. That focus is shifting.
For the first time, since Flexera began its annual survey of cloud decision-makers, security was not the top challenge reported by respondents. As revealed in the Flexera 2023 State of the Cloud Report, released on March 8, 2023, 82% of respondents from across all organizations indicated that their top cloud challenge is managing cloud spend, edging out security at 79%.
These shifting challenges may be the result of organizations becoming increasingly comfortable with cloud security, while needing to manage the greater spend associated with their increased reliance on cloud services. Lack of resources or expertise was reported as a top cloud challenge by 78% of respondents, making it the third major cloud challenge for today’s businesses.
To read this article in full, please click here
While open source software is the bedrock of modern software development, it is also the weakest link in the software supply chain, according to a report by Endor Labs.