#security

Archive: https://archive.sweetops.com/security/

2019-11-18

2019-11-13

Erik Osterman
A new security flaw hits Intel’s Cascade Lake chips – TechCrunch

Time to reset your “days since last major chip vulnerability” counter back to zero. Security researchers have found another flaw in Intel processors — this time it’s a new variant of the Zombieload attack they discovered earlier this year, but targeting Intel’s latest family…

Erik Osterman

chrism

one way to pay for the processing time of hashing

2019-11-12

chrism

We run it nightly; its pretty handy.

Yeah prowlers’ best, we also run ScoutSuite. Prowler does a better job of mapping to controls.

1

2019-11-11

davidvasandani

Has https://github.com/toniblyx/prowler come up in this channel before? Has anyone tried it?

toniblyx/prowler

AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks …

@davidvasandani just used it for my soc2 audit

davidvasandani

Whoa! How’d it go?

@davidvasandani @Erik Osterman prowler is a decent tool. we were asked to use it for our soc2 audit. It’s definitely not a super robust tool, but it does the job. We had a couple use cases where we had false negatives. The tool just greps for “true” and we had a client with the word “true” in it’s name where we got some false negatives on. Also after doing key rotations, we ended up with a ton of fails because the keys hadn’t been used yet (because we had just finished our key rotations!)

Erik Osterman

Looks amazing. Thanks for sharing.

Erik Osterman

@lvh

2019-11-06

Maciek Strömich

update your chromes/chromium based browser asap

PSA Major vulnerability in SimpleSamlPHP/XMLSecLibs XML signature validation, if anyone uses it

1
    keyboard_arrow_up