An attack on the software build pipeline can to some degree be compared to an attack on your supply chain. Your code can be 100% reviewed, but still the end product will contain malicious code – a very dangerous situation.
Defending software build pipelines from malicious attack – NCSC.GOV.UK
Are the bad guys using AI? They might! AI tools like ChatGPT or DALL-E-2 are currently widely tested out on the internet – both for the good as well as for the bad. From my point of view, we are at the very beginning of an interesting development, which will unfold over the next couple…
A Military-Type Explosive Sent Via USB Drive (gbhackers.com) ⚡ So far, USB-Killer devices were used by attackers (or pentesters) to disable or destroy devices with USB interfaces by discharging a high power electrical shock into the data lines of the USB port. ❗ If you find a USB stick somewhere: Do not plug it into…
This week: Learn about the three fundamentals of security: 🔒confidentiality, 🏡 integrity and 🟢 availability
The German Federal Office for Information Security (BSI) informs about a wave of DDoS attacks against websites of mainly airports as well as from the financial sector and the government, which happened last week. Post of BSI on LinkedIn
A new hashtag#attack technique on the rise: 2FA phishing.Learn how it works: How do attackers try to get around multi-factor authentication? https://www.microsoft.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud
This is actually a very interesting attack vector described in this post:As an attacker place a Google Ad for a keyword, which will be mapped to accidentally pasted unprotected Dropbox links (I’m sure, this will also work with other cloud providers) and see what you will get… LinkedIn Post