#security (2021-03)
Archive: https://archive.sweetops.com/security/
2021-03-01
![Meb avatar](https://secure.gravatar.com/avatar/22f2dd879a5accf3929330d977b39106.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0004-72.png)
![attachment image](https://www.zdnet.com/a/hub/i/r/2020/12/18/377018e3-317d-41b5-b1e4-c365d5b8f2d6/thumbnail/770x578/dfb0d3235bee556f4f12f87540ff14d5/istock-8437791281.jpg)
Bot attacks are on the rise as businesses move online due to the pandemic, according to Google
![Zach avatar](https://avatars.slack-edge.com/2020-07-21/1278358623280_e99d673db1471fc93095_72.jpg)
bad bots bad bots whatcha gonna do whatcha gonna do when they come for you
![attachment image](https://www.zdnet.com/a/hub/i/r/2020/12/18/377018e3-317d-41b5-b1e4-c365d5b8f2d6/thumbnail/770x578/dfb0d3235bee556f4f12f87540ff14d5/istock-8437791281.jpg)
Bot attacks are on the rise as businesses move online due to the pandemic, according to Google
2021-03-02
![Noa Ginzbursky avatar](https://avatars.slack-edge.com/2021-02-20/1775450782547_a743c2c670541bab42e8_72.png)
Hey there! after some internal discussion post the recent dependency confusion attack vector publication I read in https://github.blog/2021-02-12-avoiding-npm-substitution-attacks/#never-ignore-build-failures about creating a .npmrc
file in the root of projects to ensure that developers checking out a specific repo will always work against our private registry, even if their .npmrc
configuration says otherwise. I am looking for an effective way to enforce that this is indeed the setup consistently across all of our repos. Is anyone familiar with an effective way to enforce/gain visibility on this?
![attachment image](https://github.blog/wp-content/uploads/2021/02/npm-github.png?fit=1200%2C630)
Supply chain attacks are a reality in modern software development, but you can reduce attack surface by taking precautions and managing dependencies.
2021-03-04
![Meb avatar](https://secure.gravatar.com/avatar/22f2dd879a5accf3929330d977b39106.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0004-72.png)
![attachment image](https://www.zdnet.com/a/hub/i/r/2021/03/04/b608de4d-ed84-431a-b02e-15dcb17ecdbd/thumbnail/770x578/ac4e13e64eaf33ca1e11fc74cfb0e795/okta-autho.png)
There are clouds for infrastructure, CRM, HR and other business functions. Is identity going to be one of the handful of clouds in the enterprise?
2021-03-09
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Well that explains why I had to log back into GitHub this morning… Race conditions are the devil! https://github.blog/2021-03-08-github-security-update-a-bug-related-to-handling-of-authenticated-sessions/
![attachment image](https://github.blog/wp-content/uploads/2019/09/security-1200-630.png?fit=1200%2C630)
On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Hah! I was wondering about that too
![attachment image](https://github.blog/wp-content/uploads/2019/09/security-1200-630.png?fit=1200%2C630)
On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution.
2021-03-29
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
![attachment image](https://regmedia.co.uk/2021/03/29/poisonedshutterstock.jpg)
Backdoor quickly spotted and reverted
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
about time
![attachment image](https://regmedia.co.uk/2021/03/29/poisonedshutterstock.jpg)
Backdoor quickly spotted and reverted
2021-03-30
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the incident response to that breach alleges Ubiquiti…
2021-03-31
![Gabe avatar](https://avatars.slack-edge.com/2018-09-18/438189792083_bdb8f075d8d0a1246f88_72.jpg)
Does anyone here have experience with data residency and sovereignty in AWS? I have a project coming up to deal with this and would love to hear other experiences.