"Awesome secure by default libraries to help you eliminate bug classes!"
https://github.com/tldrsec/awesome-secure-defaults
#security #softwaredevelopment #programming
"Fighting cookie theft using device bound sessions"
https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html
🤔
#security #browsers #cookies
"Vulnerabilities Identified in LG WebOS"
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
#security #netsec #infosec #lg #webos
"Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled."
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2
#security #nodejs #infosec
"Microsoft employees exposed internal passwords in security lapse"
https://techcrunch.com/2024/04/09/microsoft-employees-exposed-internal-passwords-security-lapse/
#security #infosec #microsoft
"Containers and Unikernels: Conceptually Similar, Fundamentally Different, and Inextricably Intertwined."
https://unikraft.io/blog/containers-and-unikernels/
🤔
#unikernels #containers #deployment
"The Copenhagen Book provides a general guideline on implementing auth in web applications."
https://thecopenhagenbook.com/
#security #authentication #web #webdev
"Diving Deeper into AI Package Hallucinations"
"In three months the fake and empty package got more than 30k authentic downloads! (and still counting)."
https://www.lasso.security/blog/ai-package-hallucinations
#security #ai #supplychain #dependencies #hallucination
"How uv saves Home Assistant 215 compute hours per month"
https://developers.home-assistant.io/blog/2024/04/03/build-images-with-uv/
#python #uv #homeassistant
New Node.js security releases:
"Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash (CVE-2024-27983) - (High)"
"HTTP Request Smuggling via Content Length Obfuscation - (CVE-2024-27982) - (Medium)"
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
#security #nodejs #infosec #javascript
"Bringing Python to Workers using Pyodide and WebAssembly"
https://blog.cloudflare.com/python-workers
This is cool 👍
#python #cloudflare #cloudflareworkers
"After a hacker congress in Hamburg, Pentagrid noticed that an IBIS Budget hotel check-in terminal leaked room keypad codes of almost half of the hotel rooms, when a users searches for a specific form of a non-alphanumeric booking number."
https://www.pentagrid.ch/en/blog/ibis-hotel-check-in-terminal-keypad-code-leakage/
#security #infosec #ibis #hotels
"backdoor in upstream xz/liblzma leading to ssh server compromise"
https://www.openwall.com/lists/oss-security/2024/03/29/4
#security #lzma #openssh #linux
"Typosquatting Campaign Targets Python Developers"
"PyPI rightfully decided to put their foot down to prevent further publications and fallout from this attack by temporarily suspending new project and new account creations."
https://blog.phylum.io/typosquatting-campaign-targets-python-developers/
#python #security #typosquatting #pypi
"Wall-Escape (CVE-2024-28085)"
"This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid."
"On Ubuntu 22.04, we have enough control to leak a users password by default."
https://seclists.org/oss-sec/2024/q1/257
#security #infosec #linux
"“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation"
#security #browsers #edge #microsoft
"Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF."
https://github.com/Notselwyn/CVE-2024-1086
#security #infosec #linux
"Wishing: Webhook Phishing in Teams"
https://www.blackhillsinfosec.com/wishing-webhook-phishing-in-teams/
#security #webhooks #microsoft #teams #microsoftteams