Data Safety and Information Security

Data Safety and Information Security

749 bookmarks
Custom sorting
OAuth Security in a Cloud Native World
OAuth Security in a Cloud Native World
Outlining how my thinking has evolved after working with various cloud deployment types and integrating security into many kinds of apps.
·thenewstack.io·
OAuth Security in a Cloud Native World
Does GraphQL Introduce New Security Risks?
Does GraphQL Introduce New Security Risks?
GraphQL is a friendly alternative to REST APIs. But there are some security repercussions of adopting GraphQL developers need to know.
·devops.com·
Does GraphQL Introduce New Security Risks?
Linux Security Study Reveals When, How You Patch Matters
Linux Security Study Reveals When, How You Patch Matters
Computer security only happens when software is kept up to date. That should be a basic tenet for business users and IT departments. Apparently, it isn’t. At least for some Linux users who ignore installing patches, critical or otherwise.
·linuxinsider.com·
Linux Security Study Reveals When, How You Patch Matters
Removing the stigma of a CVE | The GitHub Blog
Removing the stigma of a CVE | The GitHub Blog
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here's how we think of them at GitHub.
·github.blog·
Removing the stigma of a CVE | The GitHub Blog
The Problem With Security
The Problem With Security
Making security every team’s problem and recruiting those most interested to formalize their involvement is a solid cultural approach.
·devops.com·
The Problem With Security
First Malware Running on AWS Lambda Discovered
First Malware Running on AWS Lambda Discovered
Amazon Web Services (AWS) Lambda, serverless computing's poster child, is over seven years old and only now has experienced the first malware specifically targeting Lambda, Denonia
·thenewstack.io·
First Malware Running on AWS Lambda Discovered
How to Build a Zero-Trust Culture
How to Build a Zero-Trust Culture
When few developers see security it as their responsibility, how do you build a culture to support a zero trust strategy in your organization? #security #DevSecOps #zerotrust
·thenewstack.io·
How to Build a Zero-Trust Culture
The Ukrainian War, PKI, and Censorship
The Ukrainian War, PKI, and Censorship
PKI has created a global trust framework for the web. But the war in Ukraine has shone a light on its weaknesses. Hierarchies are not good architectures for building robust, trustworthy, and stable digital systems.
·windley.com·
The Ukrainian War, PKI, and Censorship
Provisional Authenticity and Functional Privacy
Provisional Authenticity and Functional Privacy
Provisional authenticity and confidentiality can help us manage the trade offs between privacy and authenticity to support online accountability along with functional privacy.
·windley.com·
Provisional Authenticity and Functional Privacy
Software Supply Chain Security: Tearing Down the Silos
Software Supply Chain Security: Tearing Down the Silos
Both application and infrastructure security are required to keep a cloud native system safe. A single solution can integrate both to foil hackers. #DevSecOps #security
·thenewstack.io·
Software Supply Chain Security: Tearing Down the Silos
The 3 S’s of Software Supply Chain Security: SBOMs, Signing, Slimming - The New Stack
The 3 S’s of Software Supply Chain Security: SBOMs, Signing, Slimming - The New Stack
At Slim.AI, the cloud-native startup I founded with my longtime colleague and creator of the DockerSlim open-source project Kyle Quest, we believe we must address the problem of WHAT gets shipped to production, not just how fast or how frequently teams can deploy.
·thenewstack.io·
The 3 S’s of Software Supply Chain Security: SBOMs, Signing, Slimming - The New Stack
Report: Recent 10x Increase in Cyberattacks on Ukraine
Report: Recent 10x Increase in Cyberattacks on Ukraine
As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks…
·krebsonsecurity.com·
Report: Recent 10x Increase in Cyberattacks on Ukraine
Privacy, Authenticity, and Confidentiality
Privacy, Authenticity, and Confidentiality
Authenticity and privacy are usually traded off against each other. The tradeoff is a tricky one that can lead to the over collection of data.
·windley.com·
Privacy, Authenticity, and Confidentiality
Conti Ransomware Group Diaries, Part IV: Cryptocrime
Conti Ransomware Group Diaries, Part IV: Cryptocrime
Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and intelligence agencies,…
·krebsonsecurity.com·
Conti Ransomware Group Diaries, Part IV: Cryptocrime
Conti Ransomware Group Diaries, Part III: Weaponry
Conti Ransomware Group Diaries, Part III: Weaponry
Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. Part II explored what it's like to be an employee of Conti's sprawling organization. Today's…
·krebsonsecurity.com·
Conti Ransomware Group Diaries, Part III: Weaponry
Conti Ransomware Group Diaries, Part II: The Office
Conti Ransomware Group Diaries, Part II: The Office
Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesday’s story examined how Conti dealt with its own internal…
·krebsonsecurity.com·
Conti Ransomware Group Diaries, Part II: The Office
How to Build an Effective API Security Strategy
How to Build an Effective API Security Strategy
At the API Security Summit, security leaders will discuss how to increase API security fluency across an organization.
·devops.com·
How to Build an Effective API Security Strategy
Python Cybersecurity — Zip File Password Cracker
Python Cybersecurity — Zip File Password Cracker
Learn how to develop a simple Zip File password cracker, which uses a password list to brute force the encrypted file also known as a…
·vinsloev.medium.com·
Python Cybersecurity — Zip File Password Cracker
Why Developer-First is the Future of AppSec
Why Developer-First is the Future of AppSec
Developer-first AppSec is the future; here's how organizations can evaluate tools that will help them adopt a developer-first approach.
·devops.com·
Why Developer-First is the Future of AppSec