Experimental News Clipping Site

Tag: application security

  • Microsoft Security Blog: Code injection attacks using publicly disclosed ASP.NET machine keys

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/02/06/code-injection-attacks-using-publicly-disclosed-asp-net-machine-keys/ Source: Microsoft Security Blog Title: Code injection attacks using publicly disclosed ASP.NET machine keys Feedly Summary: Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and…

  • Microsoft Security Blog: 3 priorities for adopting proactive identity and access security in 2025

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/01/28/3-priorities-for-adopting-proactive-identity-and-access-security-in-2025/ Source: Microsoft Security Blog Title: 3 priorities for adopting proactive identity and access security in 2025 Feedly Summary: Adopting proactive defensive measures is the only way to get ahead of determined efforts to compromise identities and gain access to your environment. The post 3 priorities for adopting proactive identity and access security…

  • Slashdot: iOS App Store Apps With Screenshot-Reading Malware Found For the First Time

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/02/05/2010251/ios-app-store-apps-with-screenshot-reading-malware-found-for-the-first-time?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: iOS App Store Apps With Screenshot-Reading Malware Found For the First Time Feedly Summary: AI Summary and Description: Yes Summary: The discovery of “SparkCat” malware infiltrating iOS and Android apps marks a significant breach of security, being the first to implement malicious screenshot-reading capabilities in Apple’s App Store. This…

  • CSA: Ensure Secure Software with CCM Application Security

    by

    Kurt Seifried
    in

    Source URL: https://cloudsecurityalliance.org/blog/2025/02/05/implementing-ccm-ensure-secure-software-with-the-application-and-interface-security-domain Source: CSA Title: Ensure Secure Software with CCM Application Security Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM), specifically focusing on the Application & Interface Security (AIS) domain. It outlines the importance of securing applications and interfaces in cloud environments…

  • Hacker News: OWASP Non-Human Identities Top 10

    by

    Kurt Seifried
    in

    Source URL: https://owasp.org/www-project-non-human-identities-top-10/2025/ Source: Hacker News Title: OWASP Non-Human Identities Top 10 Feedly Summary: Comments AI Summary and Description: Yes Summary: The OWASP Non-Human Identity (NHI) Top 10 – 2025 project outlines significant risks associated with non-human identities, which are increasingly prevalent in development environments. It emphasizes the need for developers to understand these risks…

  • Hacker News: Managing Secrets in Docker Compose – A Developer’s Guide

    by

    Kurt Seifried
    in

    Source URL: https://phase.dev/blog/docker-compose-secrets Source: Hacker News Title: Managing Secrets in Docker Compose – A Developer’s Guide Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses best practices for managing secrets in Docker Compose, emphasizing security implications of using environment variables and providing progressively secure methods for handling secrets. It highlights issues and…

  • Google Online Security Blog: How we kept the Google Play & Android app ecosystems safe in 2024

    by

    Kurt Seifried
    in

    Source URL: https://security.googleblog.com/2025/01/how-we-kept-google-play-android-app-ecosystem-safe-2024.html Source: Google Online Security Blog Title: How we kept the Google Play & Android app ecosystems safe in 2024 Feedly Summary: AI Summary and Description: Yes Summary: The text outlines Google’s ongoing initiatives for enhancing security and privacy within the Android and Google Play ecosystem in 2024. Key highlights include the integration…

  • Cloud Blog: Outbrain: Taking control of extension security with Chrome Enterprise

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/chrome-enterprise/outbrain-taking-control-of-extension-security-with-chrome-enterprise/ Source: Cloud Blog Title: Outbrain: Taking control of extension security with Chrome Enterprise Feedly Summary: Editor’s note: Today’s post is by Travis Naraine, IT Infrastructure Engineer, and Harel Shaked, Director of IT Services and Support, both for Outbrain, a leading technology platform that drives business results by engaging people across the open…

  • Hacker News: What’s OAuth2, Anyway?

    by

    Kurt Seifried
    in

    Source URL: https://www.romaglushko.com/blog/whats-aouth2/ Source: Hacker News Title: What’s OAuth2, Anyway? Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text provides an in-depth exploration of the OAuth2 protocol, explaining its design, purpose, and various authorization flows. It delves into the common issues of credential sharing, presents alternatives like Personal Access Tokens (PATs), and discusses…