For solutions to these and other problems please contact us at The-Techy.com

Zero-Day Exploitation of Atlassian Confluence | Volexity

June 3, 2022 Leave a comment

There is another 0-day for Atlassian, they are having a tough time with RCEs
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/

Categories: General Tags: ,

SLSA • Supply-chain Levels for Software Artifacts

May 8, 2022 Leave a comment

Oh thank God I am not the only one who sees the next techopolus (O-day apocalypse) as we all adopt kubernetes as the orchestration platform and we forget about *where* those container images come from… http://slsa.dev/

Categories: security Tags: , , ,

Bank API as Microservices with CQRS in TypeScript | Level Up Coding

May 6, 2022 Leave a comment

Very seldom, do we get to see several technologies used so well together. With the exception of how to illustrate how the secrets should be managed, this article really shows what secure by design is all about.

https://levelup.gitconnected.com/microservices-with-cqrs-in-typescript-and-nestjs-5a8af0a56c3a

Categories: security Tags: ,

Bank had no firewall license, intrusion or phishing protection – guess the rest • The Register

April 6, 2022 Leave a comment

Wow, ‘Security is hard’, but keeping licenses updated? It’s not THAT hard folks…

https://www.theregister.com/2022/04/05/mahesh_bank_no_firewall_attack/

Categories: General

How Modern Log Management Strengthens Enterprises’ Security Posture

February 17, 2022 Leave a comment

If you have decided that you will just ‘log everything’, I suspect you may have already failed in that objective. If you are intrigued, then please read on…

https://www.darkreading.com/crowdstrike/how-modern-log-management-strengthens-enterprise-security-posture

Categories: General

How to Implement Security HTTP Headers to Prevent Vulnerabilities?

February 12, 2022 Leave a comment

Looking for a great guide to understanding the the ‘must have’ collection of headers? Implementation of any/all of these can make the difference between 🙂 & 🙄https://geekflare.com/http-header-implementation/

Categories: General

Howard Hesseman, the hard rocking DJ on ‘WKRP in Cincinnati,’ dies at 81 – CNN

January 30, 2022 Leave a comment

RIP Johnny Fever 🤘

https://www.cnn.com/2022/01/30/entertainment/howard-hesseman-wkrp-cincinnati-dies/index.html

Categories: General

Google Cloud Anthos MultiCloud API and GKE on Azure GA | Google Cloud Blog

January 1, 2022 Leave a comment

It’s here and ready to join your fleet of clusters – check out the newest member of the Anthos capable deployments now on Azure too!

https://cloud.google.com/blog/products/containers-kubernetes/google-cloud-anthos-multicloud-api-and-gke-on-azure-ga

Categories: General

Why exfil your payload via ASCII? A picture is worth…

July 6, 2020 Leave a comment

Malwarebytes has discovered a new type of skimming attack where the booty is sent via an image!

The attackers hides the credit card skimmers in the metadata of icon files and then sends the sensitive info after the attack is successful, to the C2 via an image.

Talk about the need for ‘copy protection’?

As if hiding JavaScript in the copyright tag of the ico file isn’t ingenuous enough, they capture input field data, obfuscate it and place it in a image file to be uploaded so your Siem doesn’t even see it?

They have shared the details in a blog post if you want to learn more.
https://latesthackingnews.com/2020/07/06/attackers-hide-credit-card-skimmers-in-image-files-to-steal-data/

Categories: General Tags: , ,

Thinking of rooting your Android…think again

June 30, 2020 Leave a comment

While many of us have been home, wondering if this virus will go away as quickly as it came upon us, Google has been silently preparing for ‘Round 2’ in the phone wars.

SafetyNet is Android’s third party attestation API and if you want to install legit software from the Google Play Store, you already have it.

Getting ready to route out the last of the modified bootloaders, they have now rolled out a hardware backed detection method to ensure application developers can tell if your device is rooted. This allows high risk vendors like your banking app to prevent the application from running to help curb fraud. Read more about it here.

https://www.xda-developers.com/safetynet-hardware-attestation-hide-root-magisk/amp/

Categories: General