Software depositories are a prime target for threat actors, especially those offering modules that other developers include in their software. Here is an attack aimed at a Python repository: Malicious PyPi packages aim DDoS attacks at Counter-Strike servers (bleepingcomputer.com) How secure is open source software? Do you use open source …
Cybersecurity and Infrastructure Security Agency exploited vulnerability advisory. How this type of mistake can impact your cyber security and steps to protect yourself.
The US Cybersecurity and Infrastructure Security Agency has added a new vulnerabilities to it’s Known Exploited Vulnerabilities Catalog. CISA Adds One Known Exploited Vulnerability to Catalog | CISA This is an interesting issue, as credentials had been hard coded into the application: “Atlassian Questions For Confluence App has hard-coded credentials, …
How secure is open source software? Do you use open source software or have software written for you? If so read on… UPDATED
When we undertake any cyber security survey, and we ask about software, we know the greatest amount of work we will have to do, is when the client says “we had this written for us” or we use this “open source software”. (We will not get into Android apps or …
Anonymous browsing – not anymore
Researchers from the New Jersey Institute of Technology have written a paper, which they will present at the Usenix Security Symposium in Boston, demonstrating how threat actors (or governments or law enforcement) could de-anonymise a users from their browsing habits. The attackers would analyse browsing activity and state to determine …
The Rolling Pwn Attack – Honda drivers beware! UPDATED
Here is another research paper outlining how the wireless security car manufacturers are suing to secure our vehicles is woefully inadequate. The vulnerability often comes from the technology being used, having been developed for another task altogether. This time it is Honda – check to see if your car is …
Continue reading “The Rolling Pwn Attack – Honda drivers beware! UPDATED”