Scanning for AWS Security Issues With Trivy
What is Trivy?Trivy is a multifunctional, open-source security scanner. It can scan various targets (filesystems, containers, git repositories and more) in order to discover security issues (vulnerabilities, misconfigurations, and secrets). In short, Trivy can find a bunch of different types of security issue in pretty much anything you point it at, for free. Scanning AWSAs of this week, Trivy v0.
Samba - Security Announcement Archive
CVE-2021-44142.html: ================================================================= == Subject: Out-of-bounds heap read/write vulnerability == in VFS module vfs_fruit allows code execution == == CVE ID#: CVE-2021-44142 == == Versions: All versions of Samba prior to 4.13.17 == == Summary: This vulnerability allows remote attackers to == execute arbitrary code as root on affected Samba == install
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks | Microsoft Security Blog
HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted attacks. Notably, this technique was observed in a spear-phishing campaign from the threat actor NOBELIUM in May. More recently, we have also see
Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness
Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness2021-05-13 Select all the buses. Click on bikes. Does this photo have traffic lights? As ridiculous as these questions are, you’re almost guaranteed to have seen one recently. They are a way for online services to separate humans from bots, and they’re called CAPTCHAs. CAPTCHAs strengthen the security of online servi
Security keys are now supported for SSH Git operations
AI & MLLearn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry. Generative AILearn how to build with generative AI. GitHub CopilotChange how you work with GitHub Copilot. LLMsEverything developers need to know about LLMs. Machine learningMachine learning tips, tricks, and best practices. How AI code generation worksExplore the capabilities and be
OAuth2の次に来ると言われる認可プロトコルGNAPとはなにか | メルカリエンジニアリング
Merpay Advant Calendar 2020、23日目の記事は、趣味で認証認可をやっている @nerocrux が送りいたします。 最近 GNAP という認可プロトコルのワーキンググループドラフトが出ていて頑張って細かく読みましたので、(次回はいい加減に仕事でやってることについてお話しますが)今回はその GNAP について紹介させてください。 GNAP とはなにか? GNAP は Grant Negotiation and Authorization Protocol の略で、認可のプロトコルです。Justin Richerさんという方を中心に策定しています。作者によると、GNAP の発音は げなっぷ になります。 認可(Authorization)プロトコルと言えば、OAuth 2.0 (RFC6749) が広く知られ、運用されています。GNAP は OAuth 2 の後継とし
SSH defaults, config, and priorities | Root
Over the years I’ve collected a rather messy ~/.ssh/config which resulted in some undesired behavior as a result of me misunderstanding how the config file prioritizes its options. Today I investigated that. In short, this is what I found: Priority goes from top to bottom Defaults MUST come last Host specificity is NOT a factor of priority Host sections can be specified multiple times Multiple hos
eBPF - The Future of Networking & Security
Nov 10, 2020eBPF - The Future of Networking & Security Today is an exciting day for the Cilium community: Isovalent, the company behind Cilium, is announcing its $29M Series A financing round backed by Andreessen Horowitz, Google, and Cisco. This is a perfect occasion to take a deeper look into where eBPF-based networking is coming from and to understand what the excitement is all about. Two weeks
Introduction to Windows tokens for security practitioners
This blog series is aimed at giving defense practitioners a thorough understanding of Windows access tokens for the purposes of detection engineering. Here in Part 1, we'll cover key concepts in Windows Security. The desired outcome is to help defenders understand how access tokens work in Windows environments. In Part 2 of the series, we’ll build on the concepts outlined in Part 1 and cover how a
Red Hat Introduces open source Project Quay container registry
Today Red Hat is introducing the open sourcing of Project Quay, the upstream project representing the code that powers Red Hat Quay and Quay.io. Newly open sourced, as per Red Hat’s open source commitment, Project Quay represents the culmination of years of work around the Quay container registry since 2013 by CoreOS, and now Red Hat. Quay was the first private hosted registry on the market, havin
Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted
Attention Linux Users! A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Li
YARN vs NPM (vs pnpm) in 2019: comparison and verdict
YARN vs NPM (vs pnpm) in 2019: comparison and verdict A comparative analysis of the most used package managers for JavaScript and Node.js and what to use in 2019 In this article I'll talk about Yarn and NPM, arguably the most popular JavaScript package managers available as of today, with the precise intent of compare their respective features and explain what I'm (mostly) using nowadays and why:
Yubico announces the first Lightning security key for iPhones
Yubico has announced a new version of its popular Security Key for use in Lightning ports, the first such device to enable physical token authentication for iPhones. The device also supports a USB-C connection. Previously, the only way to connect a security key to an iPhone was over Bluetooth, which suffered Bluetooth’s normal usability issues as well as potential security concerns around mistaken
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Cross-browser tracking vulnerability in Tor, Safari, Chrome, and Firefox