Critical GitHub Attack

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have...

BlazeStealer Malware Uncovered in Python Packages on PyPI

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Python Package Index PyPI repository is infiltrated with number of malicious python packages. These packages masquerade as obfuscation tools, however they harbor BlazeStealer malware, which initiates a...

Meet Josh Johnson: Senior Enterprise Architect

A love of technology and coding brought Josh Johnson to Akamai. Learn what he thinks a developer-first approach means for the Akamai developer community...

[Security Nation] Kate Stewart on Open-Source Projects at the Linux Foundation

!\Security Nation\ Kate Stewart on Open-Source Projects at the Linux Foundationhttps://blog.rapid7.com/content/images/2022/04/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Kate Stewart, VP of Dependable Embedded Systems at the Linux Foundation, about the...

10 Unknown Security Pitfalls for Python

Python developers trust their applications to have a solid security state due to the use of standard libraries and common frameworks. However, within Python, just like in any other programming language, there are certain features that can be misleading or misused by developers. Often it is only a...

Twitter Warns Developers of API Bug That Exposed App Keys, Tokens

Twitter developers are being warned of a security bug that may have exposed their applications’ credential information – including sensitive application keys and access tokens. The issue stemmed from a caching issue in developer.twitter.com. When developers visited this website, it temporarily...

Kicking off the Microsoft Graph Security Hackathon

Cybersecurity is one of the hottest sectors in tech with Gartner forecasting worldwide information spending to exceed $124 billion by the end of 2019. New startups and security solutions are coming onto the market while attackers continue to find new ways to breach systems. The security solutions...

Visit Akamai at AWS re:Invent 2018!

On November 26-29, the Las Vegas Strip will be flooded with tens of thousands of developers, engineers, admins, architects and other technologists for trainings, certifications and sessions put on by AWS and its partner community at re:Invent. Akamai is excited to be a Gold sponsor this year, wit...

Empowering Developers: How Unfiltered Data and Custom Integrations Became a Foundation for Carbon Black

Today, we’re hosting our first-ever Developer Day from the sold-out CbConnect18 conference in New York. The day features in-depth, technical workshops to accelerate developers’ ability to extend Carbon Black’s open cloud platform to improve the security stack. The way I see it, this day is years ...

Asylo Open-Source Framework Tackles TEEs for Cloud

Asylo, an open-source framework and software development kit SDK for creating applications that run in trusted execution environments TEEs, has launched to tackle the complexity involved in running a confidential computing platform for workloads in the cloud and virtual environments. TEEs provide...

ContextIS Introduces CbRCLI to Access Cb Response via the Command Line for Faster, More Efficient Incident Response

When you think of incident response, there are two key factors. The incident itself, and the need to respond quickly and effectively. You need to have an incident response toolkit that contains everything you need to be able to perform investigations and forensic analysis with speed, accuracy and...

Google to Pay Rewards For Patches to Open Source Projects

Google, one of the first companies to offer a significant bug bounty program, is extending its rewards to researchers and developers who contribute patches to a variety of open source projects and have an effect on the security of the project. The new rewards will range from $500 to $3,133.70, an...

claroline18x-rfi.txt

Claroline 1.8.x Remote File Inclusion Vulnerability By: e.wiZz! Info: Bosnian Idiot FTW! :D ------------cut here------------------- In the wild.... Script: claroline.net Info: Claroline is an Open Source eLearning and eWorking platform allowing teachers to build effective online courses and to...

JSPWiki Multiple Vulnerabilities

Application: JSPWiki Multiple Vulnerabilities Version: 2.4.103 and 2.5.139 Credit: Jason Kratzer Date: 9/24/2007 Background ------------------------------------------------------------ JSPWiki is wiki software built around the standard J2EE components of Java, servlets and JSP. It was written by...

Regarding "SMB Invalid Handle Value" - MS06-030. Vulnerability not fixed.

Hi, Just to confirm that Microsoft has not fixed the NtClose/ZwClose DeadLock vulnerability. The bulletin MS06-030 addressed this flaw as "SMB Invalid Handle Value" which is just an euphemism under my point of view. The code added to mrxsmb.sys is just a wrapper in order to avoid the "Invalid...