NewsNowGamingFeed · @NewsNowGamingFeed
3 followers · 6225 posts · Server mas.to(GGRecon) How to get pregnant in Maple Hospital
https://c.newsnow.co.uk/A/1169727716?-60269:17733
(GGRecon) Everything we know about Counter-Strike 2: CS:GO 2, Source 2, leaks, & more
https://c.newsnow.co.uk/A/1169727715?-60269:17733
(Charlie Intel) How to fix error #x41 in Modern Warfare 2
https://c.newsnow.co.uk/A/1169727551?-60269:17733
Marius (windsheep) ๐กโ ๐ฆโ :CIAverified:โ :donor:โ · @windsheep
68 followers · 227 posts · Server infosec.exchange
In the recent weeks developer ecosystem parts seem be be the #InfoSec weak spot no 1.
And a lot of the events are "published" behind #noindex flags to SEO-optimize the Public Relations. "We take security seriously... until it's serious". That's bad practice, and it helps no one. Be transparent about the issues.
* #pytorch got backdoored (apparently it was a test / dependency confusion attack)
https://pytorch.org/blog/compromised-nightly-dependency/#how-to-check-if-your-python-environment-is-affected
* #CircleCI - automation holds secrets, compromised via a dev workstation. Customers have to change keys etc.
https://circleci.com/blog/jan-4-2023-incident-report/
* #Slack "breach" - they lost their code. Who knows what hardcoded secrets etc. they lost as well.
https://slack.com/intl/en-au/blog/news/slack-security-update
* #jsonwebtoken - part of many JavaScript based #oauth stacks. An Authentication Bypass here is a total failure.
https://security.snyk.io/package/npm/jsonwebtoken/4.0.0
* #datadog changes the #rpm gpg key due to the CircleCI issue. Which is proactive, and well thought of.
https://docs.datadoghq.com/agent/faq/circleci-incident-impact-on-datadog-agent/
* #x41 audited #git and they found severe vulns. This also affects CI systems, like #Jenkins or #GitHub Actions in some cases (if the Runner uses Git to build things).
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/
What we learn: holistic #AppSec and Product Security has to look into these "mystical things" like the developer infrastructure, Software Bill Of Materials ( #sbom ), Continuous Integration etc. Things 99% of InfoSec professionals have 0 clue about.
In 2023 you should change that, and focus your training efforts there.
#infosec #noindex #pytorch #circleci #slack #jsonwebtoken #oauth #datadog #rpm #x41 #git #jenkins #github #appsec #SBOM
Xavier ยซXยป Santolaria :verified_paw: :donor: · @0x58
670 followers · 1085 posts · Server infosec.exchange
#Git has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses.
Security experts from #X41 (Eric Sesterhenn and Markus Vervier) and #GitLab (Joern Schneeweisz) found these vulnerabilities as part of a security source code audit of Git sponsored by #OSTIF.
#git #x41 #gitlab #ostif #cybersecurity #infosec #patching #appsec