Microsoft left internal passwords exposed in latest security blunder (www.theverge.com)
cross-posted from: lemmy.zip/post/13403067...
As if you needed another reason not to ever use SSO to your Google account for anything (mbin.grits.dev)
For some reason this only just now occurred to me: What's to stop some web site from carefully crafting an imitation of the Google "you need to sign in again" UI, storing your Google password, and storing from the other side the auth cookie from Google, so that it can then poke around through 100% of your Google content...
New UEFI vulnerabilities send firmware devs industry wide scrambling (arstechnica.com)
Cyber Attack disrupt First American and subsidies. (www.securityweek.com)
I’m hearing its more than just first American
Ransomware gangs are increasingly turning to remote encryption, and that's a huge problem (www.techradar.com)
In a first, cryptographic keys protecting SSH connections stolen in new attack (arstechnica.com)
Link to the paper: eprint.iacr.org/2023/1711.pdf...
Cloud Provider Credentials Targeted in New PyPI Malware Campaign (blog.phylum.io)
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company (www.welivesecurity.com)
Google AMP – The Newest of Evasive Phishing Tactic (12ft.io)
A new tactic employed by threat actors utilizes Google AMP URLs as links embedded within their phishing emails. These links are hosted on trusted domains and have proven to be successful at reaching enterprise-level employees.
SVG Security Risks - not just a scalable graphic (www.securesystems.de)
Hijacking S3 Buckets: New Attack Technique (checkmarx.com)
The Ultimate List of SANS Cheat Sheets | SANS Institute (www.sans.org)
FortiNAC - Just a few more RCEs (frycos.github.io)
GitHub - xalicex/LOLDrivers_finder (github.com)
The purpose of this project is to retrieve potential process killer drivers.
Avoiding the Apocalypse: A Guide to Finding Zombie APIs (danaepp.com)
