This Week in Security: ID Breaches, Code Smell, and Poetic Flows

Discord had a data breach back on September 20th, via an outsourced support contractor. It seems it was a Zendesk instance that was accessed for 58 hours through a compromised …read more Continue reading This Week in Security: ID Breaches, Code Smell, and Poetic Flows

This Week in Security: Randomness is Hard, SNMP Shouldn’t Be Public, and GitHub Malware Delivery

Randomness is hard. To be precise, without dedicated hardware, randomness is impossible for a computer. This is actually important to keep in mind when writing software. When there’s not hardware …read more Continue reading This Week in Security: Randomness is Hard, SNMP Shouldn’t Be Public, and GitHub Malware Delivery

This Week in Security: The Shai-Hulud Worm, ShadowLeak, and Inside the Great Firewall

Hardly a week goes by that there isn’t a story to cover about malware getting published to a repository. Last week it was millions of downloads on NPM, but this …read more Continue reading This Week in Security: The Shai-Hulud Worm, ShadowLeak, and Inside the Great Firewall

This Week in Security: NPM, Kerbroasting, and The Rest of the Story

Two billion downloads per week. That’s the download totals for the NPM packages compromised in a supply-chain attack this week. Ninety-nine percent of the cloud depends on one of the …read more Continue reading This Week in Security: NPM, Kerbroasting, and The Rest of the Story