Why Public Links Expose Your SaaS Attack Surface

Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere. This encourages teamwork that helps create stronger campaigns and projects by encouraging collaboration among employees

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk

As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn’t have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk to protecting against data leakage, here is how

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

WYSIWYG is short for "what you see is what you get". Except when it isn't...

S3 Ep147: What if you type in your password during a meeting?

Latest episode - listen now! (Full transcript inside.)

Serious Security: Why learning to touch-type could protect you from audio snooping

Fast, quiet, smooth, consistent and low impact... why true hacker-grade touch-typing might keep you more secure.

S3 Ep146: Tell us about that breach! (If you want to.)

Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

Serious Security: Rowhammer returns to gaslight your computer

Gaslights produce a telltale flicker when nearby lamps are lit; DRAM values do something similar when nearby memory cells are accessed.

Windows 11 also vulnerable to “aCropalypse” image data leakage

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

SHEIN shopping app goes rogue, grabs price and URL data from your clipboard

It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes

Password-stealing “vulnerability” reported in KeePass – bug or feature?

Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?

Public URL scanning tools – when security leads to insecurity

Never make your users cry/By how you use an API

Breaching airgap security: using your phone’s gyroscope as a microphone

One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...

Serious Security: Apple Safari leaks private data via database API – what you need to know

There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing

The cool retro phone with a REAL DIAL… plus plenty of IoT problems

You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.

Github cookie leakage – thousands of Firefox cookie files uploaded by mistake

Be aware before you share! That's a good rule for developers and techies, just as much as it is for social media addicts.