FreshRSS

πŸ”’
β–³ πŸ”ƒ
☐ β˜† βœ‡ The Hacker News

Why Public Links Expose Your SaaS Attack Surface

By The Hacker News β€” January 9th 2024 at 11:27
Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere. This encourages teamwork that helps create stronger campaigns and projects by encouraging collaboration among employees
☐ β˜† βœ‡ The Hacker News

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk

By The Hacker News β€” December 4th 2023 at 11:38
As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn’t have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk to protecting against data leakage, here is how
☐ β˜† βœ‡ Naked Security

β€œSnakes in airplane mode” – what if your phone says it’s offline but isn’t?

By Paul Ducklin β€” August 21st 2023 at 17:45
WYSIWYG is short for "what you see is what you get". Except when it isn't...

☐ β˜† βœ‡ Naked Security

S3 Ep147: What if you type in your password during a meeting?

By Paul Ducklin β€” August 10th 2023 at 13:34
Latest episode - listen now! (Full transcript inside.)

☐ β˜† βœ‡ Naked Security

Serious Security: Why learning to touch-type could protect you from audio snooping

By Paul Ducklin β€” August 8th 2023 at 18:51
Fast, quiet, smooth, consistent and low impact... why true hacker-grade touch-typing might keep you more secure.

☐ β˜† βœ‡ Naked Security

S3 Ep146: Tell us about that breach! (If you want to.)

By Paul Ducklin β€” August 3rd 2023 at 17:56
Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

☐ β˜† βœ‡ Naked Security

Serious Security: Rowhammer returns to gaslight your computer

By Paul Ducklin β€” July 10th 2023 at 21:22
Gaslights produce a telltale flicker when nearby lamps are lit; DRAM values do something similar when nearby memory cells are accessed.

☐ β˜† βœ‡ Naked Security

Windows 11 also vulnerable to β€œaCropalypse” image data leakage

By Paul Ducklin β€” March 22nd 2023 at 17:59
Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

☐ β˜† βœ‡ Naked Security

SHEIN shopping app goes rogue, grabs price and URL data from your clipboard

By Paul Ducklin β€” March 10th 2023 at 19:58
It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes

☐ β˜† βœ‡ Naked Security

Password-stealing β€œvulnerability” reported in KeePass – bug or feature?

By Paul Ducklin β€” February 1st 2023 at 19:58
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?

☐ β˜† βœ‡ Naked Security

Public URL scanning tools – when security leads to insecurity

By Paul Ducklin β€” November 7th 2022 at 19:59
Never make your users cry/By how you use an API

☐ β˜† βœ‡ Naked Security

Breaching airgap security: using your phone’s gyroscope as a microphone

By Paul Ducklin β€” August 24th 2022 at 18:59
One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...

☐ β˜† βœ‡ Naked Security

Serious Security: Apple Safari leaks private data via database API – what you need to know

By Paul Ducklin β€” January 18th 2022 at 19:23
There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing

☐ β˜† βœ‡ Naked Security

The cool retro phone with a REAL DIAL… plus plenty of IoT problems

By Paul Ducklin β€” December 23rd 2021 at 17:58
You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.

☐ β˜† βœ‡ Naked Security

Github cookie leakage – thousands of Firefox cookie files uploaded by mistake

By Paul Ducklin β€” November 18th 2021 at 22:20
Be aware before you share! That's a good rule for developers and techies, just as much as it is for social media addicts.

❌