Stephen Rees-Carter :laravel: · @valorin
761 followers · 55 posts · Server phpc.socialFun little vulnerability I found recently:
Change any user's profile picture based on the provided `?id=x` query parameter! 😈
Always pull User ID from the Auth system, rather than rely on a value from the browser...
#PHP #Laravel #SecurityTip
Lukas Beran · @lukasberancz
4 followers · 5 posts · Server infosec.exchange
A quick #securitytip on how to block password-protected attachments in emails.
If you have #Microsoft #Defender for #Office365 licenses, you can use the technology called Safe Attachments. Safe Attachments do advanced scanning of attachments through so called detonations, where these attachments are run on a test environment and what the file does when it is run is monitored.
If an email contains a password-protected attachment, then these detonations cannot take place. In the Safe Attachments settings, you can set what should happen if the scan couldn't complete for some reason, which is exactly the case with the password-protected attachment. In this case, it is recommended to set the email to be blocked. #email #mdo #cybersecurity #bes
#securitytip #microsoft #defender #office365 #email #mdo #cybersecurity #bes
Linus Lagerhjelm · @linuslagerhjelm
95 followers · 95 posts · Server infosec.exchangePeriodic reminder that no one should be able to log on to your production database. Especially not your developers
#infosec #security #securitytip
Anthony Hove 🐬 · @anthonyhove
38 followers · 235 posts · Server infosec.exchangeIf you put corporate data on mobile devices, you need to secure them.
#securitytip #mobilesecurity #mdm