Our selection of the best articles, code, and projects we found this past month.
Consequences of Inadequate Identity Management in GitHub
Identity and Access Management is a major area of concern for security teams, including source control management like GitHub. The blog article raises three major risks people should be aware of. In addition, we suggest taking a good look at the CI/CD system and the service accounts controlling production environments. >read<
Building A Product Security Program
Anshuman Bhartiya writes on his blog about the different aspects of building a product security program from scratch. He writes about the essential topics of risk appetite, prioritization, relationships, and empathy. This article is a great start for anyone who has to implement a secure development approach in an organization. >read<
Get A Headstart On Post-Quantum Cryptography
The topic of post-quantum (PQ) cryptography describes the fact practically all data sent over the Internet today is at risk in the future if a stable quantum computer is created. Cloudflare has released open-source software and experimental services to test post-quantum key agreements. >read<
Quantum Mechanics / Credit: pixabay.com
Cisco Data Breach
Cisco has confirmed a breach of its network, the attacker used voice phishing to convince an employee to accept a malicious multifactor authentication (MFA). With access established, the attacker then moved through the network by escalating privileges and logging into multiple systems. Cisco believes the threat actor is an initial access broker - an adversary that gains unauthorized access to networks and then sells that access on the Dark Web. >read<
Cisco Talos did a great write-up with all the details related to the cyber attack. >read<
LastPass Data Breach
Cyberattackers have compromised the internal systems of the password management company LastPass, stealing source code and intellectual property. LastPass said it detected anomalous activity in its development environment. After a forensic investigation, it was determined that the attacker compromised a developer account to gain access to the network, taking intellectual property from the company. The adversaries weren’t able to access customer data or encrypted password vaults according to LastPass. >read<
Record DDoS Layer7 Attack
Google reports a new record for DDoS on Layer 7: The Mēris botnet is believed to have sent a total of up to 46 million requests for HTTPS connections per second to the Google Cloud from 132 countries. The company compares the flood of data packets with all Wikipedia calls in an entire day, concentrated into ten seconds. According to its information, Google was able to fend off the attack. >read<
DDoS attack graph peaking at 46M requests per second / Credit: Google
Prioritize Vulnerability Management With ML
We get a little suspicious of marketing fluff whenever we see machine learning and security mentioned in the same sentence, but researchers have now created a model for predicting which vulnerabilities will likely result in a functional exploit, an interesting tool for prioritizing patches and estimating risk. >read<
SSH Commit Verification On GitHub
The biggest service provider for git repositories is now supporting commit verification with self-generated SSH keys. While GPG keys have been supported for a long time, we are now able to use SSH to give others confidence about the origin of a change. >read<
Cloud Isolation Problem: PostgreSQL
Tenant separation is a fundamental premise of the cloud and is at the core of trusting your cloud provider. The team of Wiz Research examined how effectively the environments of customers are isolated from each other across different cloud service providers and discovered multiple vulnerabilities in the PostgreSQL offerings of major cloud providers. >read<