CISA, NSA, and ODNI Release Part One of Guidance on Securing the Software Supply Chain

CISA, the National Security Agency NSA, and the Office of the Director of National Intelligence ODNI, have published part one of a three-part joint publication series, Securing Software Supply Chain Series - Recommended Practices for Developers. This guidance—created by the Enduring Security...

Attacking EFB updates

Software So who actually develops the software installed on Electronic Flight Bags EFBs? The software can originate from a large range of sources: System software developers including the OS, drivers, firmware and utility The aircraft manufacturer for Installed & Portable EFB devices The airline...

Watch out for the email that says “You have a new voicemail!”

A phishing campaign is using voicemail notification messages to go after victims Office 365 credentials. According to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a new voicemail and that you can...

What do Developers Look for When Choosing Software

We asked five software developers at Trend Micro how they research the software solutions they use professionally or in their own projects...

[SECURITY] Fedora 34 Update: tor-0.4.5.9-1.fc34

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

A New Tool Wants to Save Open Source from Supply Chain Hacks

Sigstore will make code signing free and easy for software developers, providing an important first line of defense...

Ransomware Going for $4K on the Cyber-Underground

In the cybercriminal underground, ransomware samples and builders are going for anywhere between $300 to $4,000, with ransomware-as-a-service rentals costing $120 to $1,900 per year. That’s according to an analysis by Kaspersky of the three main underground forums where ransomware is circulated...

[SECURITY] Fedora 32 Update: tor-0.4.5.7-1.fc32

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

[SECURITY] Fedora 33 Update: tor-0.4.5.7-1.fc33

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

[SECURITY] Fedora 33 Update: tor-0.4.4.6-1.fc33

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

48 U.S. States and FTC are suing Facebook for illegal monopolization

The US Federal Trade Commission and a coalition of 48 state attorneys general on Wednesday filed a pair of sweeping antitrust suits against Facebook, alleging that the company abused its power in the marketplace to neutralize competitors through its acquisitions of Instagram and WhatsApp and...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...

BlogCMS Cross-Site Request Forgery Vulnerability

BlogCMS is a PHP and MySQL based blogging system by Pramod Mahato Software Developers in India. A cross-site request forgery vulnerability exists in the admin/changepass.php file in BlogCMS 2019-12-31 and earlier versions. The vulnerability stems from the WEB application not adequately verifying...

Windows Unquoted Service Path Privilege Escalation

This module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths:...

[SECURITY] Fedora 31 Update: tor-0.4.2.7-1.fc31

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

[SECURITY] Fedora 30 Update: tor-0.4.2.7-1.fc30

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

[SECURITY] Fedora 32 Update: tor-0.4.2.7-1.fc32

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

5 Reasons Why Programmers Should Think like Hackers

Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation. It's a meticulous process that cannot be completed without going through all the essential points. In all of these,...

Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper...

#OTTuesday: Who Wins in a Format War - A Chat with Encoding.com

If you asked anyone 10 years ago who the winner would be in the over online video formats, you would have heard some strong opinions -- and some incorrect predictions. Video standards and formats will continue to change as long as users demand new ways to view content. AkamaiTV's Nelson Rodriguez...