#security (2021-03)

Archive: https://archive.sweetops.com/security/

2021-03-01

Meb avatar
Meb
07:35:21 AM

https://www.zdnet.com/article/google-bad-bots-are-on-the-attack-and-your-defence-plan-is-probably-wrong/

Google: Bad bots are on the attack, and your defence plan is probably wrong | ZDNetattachment image

Bot attacks are on the rise as businesses move online due to the pandemic, according to Google

Zach avatar
Zach
01:25:34 PM

bad bots bad bots whatcha gonna do whatcha gonna do when they come for you

Google: Bad bots are on the attack, and your defence plan is probably wrong | ZDNetattachment image

Bot attacks are on the rise as businesses move online due to the pandemic, according to Google

1

2021-03-02

Noa Ginzbursky avatar
Noa Ginzbursky
09:49:45 AM

Hey there! after some internal discussion post the recent dependency confusion attack vector publication I read in https://github.blog/2021-02-12-avoiding-npm-substitution-attacks/#never-ignore-build-failures about creating a .npmrc file in the root of projects to ensure that developers checking out a specific repo will always work against our private registry, even if their .npmrc configuration says otherwise. I am looking for an effective way to enforce that this is indeed the setup consistently across all of our repos. Is anyone familiar with an effective way to enforce/gain visibility on this?

Avoiding npm substitution attacks - The GitHub Blogattachment image

Supply chain attacks are a reality in modern software development, but you can reduce attack surface by taking precautions and managing dependencies.

2021-03-04

Meb avatar
Meb
12:21:50 PM

https://www.zdnet.com/article/okta-and-auth0-a-6-5-billion-bet-that-identity-will-warrant-its-own-cloud/

Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud | ZDNetattachment image

There are clouds for infrastructure, CRM, HR and other business functions. Is identity going to be one of the handful of clouds in the enterprise?

2021-03-09

loren avatar
loren
12:29:27 AM

Well that explains why I had to log back into GitHub this morning… Race conditions are the devil! https://github.blog/2021-03-08-github-security-update-a-bug-related-to-handling-of-authenticated-sessions/

GitHub security update: A bug related to handling of authenticated sessions - The GitHub Blogattachment image

On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
12:29:48 AM

Hah! I was wondering about that too

GitHub security update: A bug related to handling of authenticated sessions - The GitHub Blogattachment image

On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution.

1

2021-03-30

loren avatar
loren
11:12:00 PM

https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/

Whistleblower: Ubiquiti Breach “Catastrophic”

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the incident response to that breach alleges Ubiquiti…

2021-03-31

Gabe avatar
Gabe
05:24:06 PM

Does anyone here have experience with data residency and sovereignty in AWS? I have a project coming up to deal with this and would love to hear other experiences.

    keyboard_arrow_up