Sign up to save your podcasts
Or
Share Groundhog Day, TypeScript, Minimum Standard for Vendor, and more
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Groundhog Day, TypeScript, Minimum Standard for Vendor, and more
1. Groundhog day: NPM package caught stealing browser passwords
The author intended to trick the targets into executing the malicious package. In cases of malware placed in package repositories, attackers usually rely on typo squatting.
2. TypeScript Doesn't Suck; You Just Don't Care About Security
Security wins against the eleven popular reasons developers disapprove of TypeScript.
3.Recommended Minimum Standard for Vendor or Developer Verification of Code
Threat modeling, automated testing, code-based (static) analysis, DAST, check included software, fix bugs.
4.CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable
An exploitable kernel driver vulnerability can lead an unprivileged user to a SYSTEM account and run code in kernel mode (since the vulnerable driver is locally available to anyone).
5.Over half of exploits sold on underground forums are for Microsoft products
Microsoft Office exploits make up 23 percent, while Windows accounts for 12 percent of exploits sold on hacker forums. Remote Desktop Protocol (RDP) exploits make up 10 percent, with Internet Explorer and Share Point taking three percent each.
View all episodes
By Security Journey1. Groundhog day: NPM package caught stealing browser passwords
The author intended to trick the targets into executing the malicious package. In cases of malware placed in package repositories, attackers usually rely on typo squatting.
2. TypeScript Doesn't Suck; You Just Don't Care About Security
Security wins against the eleven popular reasons developers disapprove of TypeScript.
3.Recommended Minimum Standard for Vendor or Developer Verification of Code
Threat modeling, automated testing, code-based (static) analysis, DAST, check included software, fix bugs.
4.CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable
An exploitable kernel driver vulnerability can lead an unprivileged user to a SYSTEM account and run code in kernel mode (since the vulnerable driver is locally available to anyone).
5.Over half of exploits sold on underground forums are for Microsoft products
Microsoft Office exploits make up 23 percent, while Windows accounts for 12 percent of exploits sold on hacker forums. Remote Desktop Protocol (RDP) exploits make up 10 percent, with Internet Explorer and Share Point taking three percent each.