FBI got data from a locked iPhone 11 using GrayKey: how does this tool work?

The recent deadly shooting last month at a naval air station in Pensacola, Fla., brought in the spotlight the issue of iOS security: attorney General William P. Barr requested Apple to provide access to two phones used by the killer.

Continue reading “FBI got data from a locked iPhone 11 using GrayKey: how does this tool work?”

Security researcher found a hardcoded SSH Key in Fortinet SIEM appliances

Security researcher Andrew Klaus, from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that can be used in order to generate a denial of service against the FortiSIEM Supervisor.

Continue reading “Security researcher found a hardcoded SSH Key in Fortinet SIEM appliances”

Some thoughts about “Shift Left” security in DevSecOps

A popular term in DevOps context is “shift left”: it refers to the effort by a DevOps team to implement measures to guarantee application quality at the most early point in the software development life cycle.
In a application security context, this refers to the measures implemented to ensure thart security concerns are taken into consideration during the whole application development, rather than at the end of the process.

Continue reading “Some thoughts about “Shift Left” security in DevSecOps”

CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability

Many Proof-of-concept exploits has been released for the unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products.

Continue reading “CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability”