Dec 13, 2022
FreeBSD joins the ping of death list, exploiting a SQL injection through JSON manipulation, Apple's design for iCloud encryption, attacks against machine learning systems and AIs like ChatGPT
Threat modeling is an important part of a security program, but as companies grow you will choose which features you want to...
Dec 6, 2022
Android platform certs leaked, SQL injection to leaked credentials to cross-tenant access in IBM's Cloud Database, hacking cars through web-based APIs, technical and social considerations when getting into bug bounties, a brief note on memory safety in Android
Finding the balance between productivity and security is...
Nov 29, 2022
Crossing tenants with AWS AppSync, more zeros in C++ to defeat vulns, HTTP/3 connection contamination, Thinkst Quarterly review of research, building a research team
MongoDB recently announced the industry’s first encrypted search scheme using breakthrough cryptography engineering called Queryable Encryption. This...
Nov 15, 2022
CosMiss in Azure, $70k bounty for a Pixel Lock Screen bypass, finding path traversal with Raspberry Pi-based emulators, NSA guidance on moving to memory safe languages, implementing phishing-resistant MFA, egress filtering, and how to approach code reviews
Cider Security’s recently published research of the Top 10...
Nov 8, 2022
While APIs enable innovation, they’re increasingly targeted as a pathway to data. API abuses are often carried out through automated attacks, in which a botnet floods the API with unwanted traffic—seeking vulnerable applications and unprotected data. In this discussion, Karl Triebes shares what you need to know...