The recent deadly shooting last month at a naval air station in Pensacola, Fla., brought in the spotlight the issue of iOS security: attorney General William P. Barr requested Apple to provide access to two phones used by the killer.
Continue reading “FBI got data from a locked iPhone 11 using GrayKey: how does this tool work?”Category: Cybersecurity
Security researcher found a hardcoded SSH Key in Fortinet SIEM appliances
Security researcher Andrew Klaus, from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that can be used in order to generate a denial of service against the FortiSIEM Supervisor.
Continue reading “Security researcher found a hardcoded SSH Key in Fortinet SIEM appliances”CVE-2020-0601: a critical Windows vulnerability discovered by…NSA!
Recently, Microsoft released a patch that fixes a critical vulnerability in the Windows’ crypto library.
Continue reading “CVE-2020-0601: a critical Windows vulnerability discovered by…NSA!”Some thoughts about “Shift Left” security in DevSecOps
A popular term in DevOps context is “shift left”: it refers to the effort by a DevOps team to implement measures to guarantee application quality at the most early point in the software development life cycle.
In a application security context, this refers to the measures implemented to ensure thart security concerns are taken into consideration during the whole application development, rather than at the end of the process.
CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability
Many Proof-of-concept exploits has been released for the unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products.
Continue reading “CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability”