| Blog | https://www.appsecguy.se/ |
Several DDoS attacks against swedish websites during Sunday, by the so-called hacker group Sudan. They supposedly revenge the burning of quran by a far-right extremist group, but there are suspicions that Russia is using this as an opportunity to attack.
Seems like a good timing to organize your DDoS defences?
π₯ NEW UPDATES RELEASED π₯
π» macOS 13.2.1 - 3 bugs fixed
π± iOS and iPadOS 16.3.1 - 2 bugs fixed
πΊ tvOS 16.3.2 - details available soon
β watchOS 9.3.1 - details available soon
https://support.apple.com/en-us/HT201222
Github was breached so here are some links to sources of further information
The overview
https://thehackernews.com/2023/01/github-breach-hackers-stole-code.html?m=1
A slightly deeper analysis and discussion
https://nakedsecurity.sophos.com/2023/01/31/github-code-signing-certificates-stolen-but-will-be-revoked-this-week/amp/
Open source security podcast
https://opensourcesecurity.io/2023/02/05/episode-361-github-got-pwnt-but-it-wasnt-very-exciting/
A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel.
https://thehackernews.com/2023/01/titan-stealer-new-golang-based.html?m=1 #cybersecuritynews
When I hear about the coup attempt in Germany & the desire of these violent extremists to insert Prince Heinrich XIII of Reuss as the leader after a planned execution of the German chancellor, it sounds ludicrous, laughable. But that's the thing: These people are deadly serious.
Because the plots of these anti-democratic extremists often seem so ludicrous, they can succeed because the public--& too many leaders--don't take them seriously enough. This tendency is how Trump got as far as he did.
#OWASP Stockholm held a presentation on #Github Advanced Security with help from Solidify at Microsoft reactor.
You can find the recorded version here: https://youtu.be/9dOR1Y8g3h4
Topics covered include dependabot, secrets scanning, codeQL scanning and shifting left. Rich presentation full of content.
@SonarResearch The hostname part of the URL does not end with a slash. The appended user input from the `path` parameter can change the domain of the API request which could leak the Authorization environment variable.
The domain github.computer is available and could be reached by the API handler if the `path` parameter is set to "puter".
A short ~this week in security~ just went out:
β’ Police seize iSpoof call spoofing site
β’ U.S. bans Huawei, ZTE, Hikvision
β’ Corellium offered trial to spyware maker
β’ Tax filers' data sent to Facebook
β’ A new cyber cat
Sign up: https://this.weekinsecurity.com
Read: https://mailchi.mp/zackwhittaker/this-week-in-security-november-27-edition
Apple Security Updates
Steven Beschloss
becojo
Zack Whittaker