-
Charting Your Course: Cyber Security Governance [National Cyber Security Centre – New Zealand]
- “The steps outlined in Charting Your Course define the principles of a cyber security programme and help to focus engagement between senior leadership and security practitioners.” -
NIST Developing Hardware Security Guidelines for Enterprises [Dennis Fisher, Duo Security] – new draft guidance on supply chain security
- find it here: Validating the Integrity of Servers and Client Devices -
SQL Injection Errors No Longer the Top Software Security Issue [Jai Vijayan, Dark Reading]
- 2019 CWE Top 25 Most Dangerous Software Errors
- see also: Runtime Application Self-Protection (RASP), Investigation of the Effectiveness of a RASP Solution in Protecting Known Vulnerable Target Applications - OUCH! Newsletter: Messaging / Smishing Attacks [Jen Fox]
- Incident Response Casefile – A successful BEC leveraging lookalike domains [Matan Ben David, Check Point Research]
- Fundamentals of Cross Domain Solutions [Australian Cyber Security Centre]
-
Two third-party SDKs allowed secret harvesting of Twitter and Facebook user data [Catalin Cimpanu, Zero Day]
- see also: Keeping your account safe from malicious activity - Alert (AA19-339A) – Dridex Malware [US Cybersecurity and Infrastructure Security Agency]
- New Disney Plus Streaming Service Hit By Credential Stuffing Cyber Attack [Nicole Lindsey, CPO Magazine / Data Privacy Asia]
- Avast Online Security and Avast Secure Browser are spying on you [Wladimir Palant]
- Lessons learned from playing a willing phish [Jan Kopriva, SANS ISC]
C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F