#security (2023-06)

Archive: https://archive.sweetops.com/security/

2023-06-01

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
02:50:15 PM

We’ve launched a compliance channel to discuss topics like FedRAMP, HIPAA, SOC2, PCI/DSS, HITRUST, etc.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
10:54:12 PM

@Jonathan Eunice https://trufflesecurity.com/blog/running-trufflehog-in-a-github-action/

Jonathan Eunice avatar
Jonathan Eunice
10:54:15 PM

@Jonathan Eunice has joined the channel

2023-06-05

jimp avatar
jimp
03:37:28 AM

Dang it Gigabyte. https://www.wired.com/story/gigabyte-motherboard-firmware-backdoor/

Millions of PC Motherboards Were Sold With a Firmware Backdoorattachment image

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.

Darren Cunningham avatar
Darren Cunningham
12:33:26 PM

anybody know if there is a utility to parse system information and return whether or not the system is affected? here’s a list of known affected motherboards so I guess it wouldn’t be too hard to script something.

Check if your motherboard is on new Gigabyte malware listattachment image

A Gigabyte feature designed to update motherboards with the latest firmware accidentally opens up a backdoor for hackers to exploit in major malware oof.

2023-06-06

jonjitsu avatar
jonjitsu
06:17:07 PM

Anyone have experience simplifying a SSO login page which provides multiple ways of logging in by using multiple vanity login domains instead. For example a menu asking user to choose a way to sign in between “microsoft account” and “google account” would be converted into two domains ms.example.com and ga.example.com. What are the negatives to such an approach (besides increase in resources to manage)? Is this against some best practice? Is this somewhat common?

1

2023-06-20

Sudhish KR avatar
Sudhish KR
01:49:51 AM

Hey Folks,

I’m thrilled to share our journey towards Continuous Security Audits at Dgraph Labs Inc. In our blog post, we delve into how we detect and remediate potential Security Issues within our offerings. Our new setup integrates a selection of toolsets and aids in “Improved Visibility” and “Faster Security Issue Resolution” for our organization (and our esteemed customers). Within a concise timeframe (~3 months), we’ve successfully addressed over 2k+ security issues with this, significantly bolstering our SOC2 compliance endeavors. Learn more about our Security Landscape, Layers, Tools in our blog post. https://www.sudhishkr.com/posts/20230609_how-we-fixed-2kplus-security-issues/

#DevSecOps #SecurityAudit #DgraphLabs #ContinuousSecurity #OpenSource #DevOps #CVEs #Linters #GitHubActions #SecureCoding

How We Fixed 2k+ Security Issuesattachment image

In this article we explain our journey towards Continuous Security Audits to detect and remediate potential Security Issues within our OpenSource offerings at Dgraph Labs Inc. As part of this initiative, we have integrated a selection of toolsets to facilitate Security Audits to provide ‘Improved Visibility’ and ‘Faster Security Issue Resolution’. Notably, we have successfully addressed over 2k+ security issues, significantly bolstering our SOC2 compliance endeavors.

    keyboard_arrow_up