Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. …
Continue readingCategory: Gefundenes
Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD pipelines
Cloud-native applications are made up of multiple loosely coupled components called microservices. https://csrc.nist.gov/pubs/sp/800/204/d/ipd
Continue readingSAMATE
Welcome to the Software Assurance Metrics And Tool Evaluation (SAMATE) Website! Software assurance is a set of methods and processes to prevent, mitigate or remove weaknesses and vulnerabilities and ensure that software functions as intended. …
Continue readingRevisiting Traditional Security Advice for Modern Threats
Modern attacks targeting supply chains, using zero-day exploits, and exploiting vulnerabilities in security appliances have been flooding newsrooms, boardrooms and threat reports in recent months. https://www.mandiant.com/resources/blog/traditional-advice-modern-threats
Continue readingWho Will AI Help More—Attackers or Defenders?
👀 Continous Intelligent Monitoring and Analysis: Doing security at scale requires software. There are too many events and policies and constantly-evolving situations to handle things properly using just humans. And even SIEMs put most of the …
Continue readingOPENCYBER-FR/RustHound
RustHound SummaryLimitation Description Usage Demo How to compile it? Linux x86_64 static version Windows static version from Linux How to build documentation? Roadmap Links Limitations Not all SharpHound features are implemented yet. Please refer to …
Continue readingTU Graz liefert internationalen Kryptographie-Standard
Das US-amerikanische National Institute of Standards and Technology (NIST) hat den an der TU Graz entwickelten Algorithmus “Ascon” zum internationalen Standard für Lightweight Cryptography erklärt. https://science.apa.at/power-search/14057194440293097084
Continue readingThe Attackers Guide to Azure AD Conditional Access
Conditional Access is one of Microsoft’s most powerful security features and the central engine for their zero trust architecture. https://danielchronlund.com/2022/01/07/the-attackers-guide-to-azure-ad-conditional-access/
Continue readingIIS Crypto
IIS Crypto allows you to create your own custom templates which can be saved and then executed on multiple servers. To create your own template, select all of the settings for your configuration. Click on …
Continue readingWeb Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
During the fall of 2022, a few friends and I took a road trip from Chicago, IL to Washington, DC to attend a cybersecurity conference and (try) to take a break from our usual computer …
Continue reading