🔒 Passwordless, effortless! Experience the power of pass keys with Sara and Jurjen. Uncover the secrets behind this breach-resistant, phishing-resistant authentication method. Join us in this tech journey! #PassKeys#TechInnovation 📲🔑 https://t.co/VFEG90BAnt
📝 Master the art of secure coding with my new book, "Alice and Bob Learn Secure Coding." Sharpen your coding skills and strengthen your software against vulnerabilities. Pre-order your copy now!
https://t.co/CgxoHezNLA
🚨MàJ Alerte CERT-FR🚨
Le CERT-FR a connaissance d'une vulnérabilité de type jour-zéro permettant de contourner partiellement le correctif FG-IR-24-423.
En l'absence de correctif, la seule mesure de contournement connue à ce jour est de déconnecter ou d'éteindre les équipements FortiManager.
https://t.co/OFYLs11R2i
Crowdstrike Analysis:
It was a NULL pointer from the memory unsafe C++ language.
Since I am a professional C++ programmer, let me decode this stack trace dump for you.
Le CERT-FR a été informé d’incidents impactant les systèmes Windows sur lesquels l’agent de l’EDR Crowdstrike Falcon est installé. Le bulletin d’actualité https://t.co/xXAijLjKee résume les éléments dont le CERT-FR a connaissance.
CrowdStrike Falcon agents are imploding right now and causing a Blue Screen of Death boot loop on every endpoint. Reports of massive outages globally.
https://t.co/cS9Zt4SagH
⚠️Alerte CERT-FR⚠️
La vulnérabilité critique CVE-2024-6387 affecte OpenSSH et permet à un attaquant non authentifié d'exécuter du code arbitraire à distance avec les privilèges root.
https://t.co/qpx9NXn1ad
A simple password is like keeping a key under the front door mat; easy for you to get in, but also anyone else! If your password is easy to guess, it isn't secure. This #WorldPasswordDay, the #FBI encourages you to use strong passcodes to keep your digital life safe.
This #WorldPasswordDay, trade your old passwords for passkeys 🔑
Passkeys combine the advanced security of 2-Step Verification with the convenience of just unlocking your Pixel with your face, fingerprint, or PIN.
Learn more about a passwordless future: https://t.co/lf6gmXmvWf
⏰ Save the date! @shehackspurple will be leading a discussion at @RSAConference on May 7th. Join her and gain valuable insights into navigating and resolving issues in security champion initiatives. Don't miss out! https://t.co/wQLw2L7Vfp
The #AppSec queen is back with more secure coding content for F R E E ! Thank you @semgrep and @shehackspurple for sharing your precious knowledge for appsec and #devsecops practitionners 😘
Today is the launch of @Semgrep Academy! Free courses on #AppSec, Secure Coding, #API Security, Functional Programming, and MORE! Please go check it out here:
https://t.co/wwkpXzXxQL
GKE Workload Identity is now simpler to understand, explain and configure.
This is one of the most popular features of GKE. Allowing users to configure access to Google API from GKE on Google Cloud or other environments without the need of Service Account Keys.
GKE Workload Identity is now Workload Identity Federation to simplify branding and terminology across environments. and Best of all ? Less Steps to configure it
https://t.co/tj2hpHGale
#GKE #WhatsUPGKE #ThisWeekInGKE #GoogleCloud
The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.
The xz situation is absolutely insane and almost certainly state sponsored.
This is an excellent example of a widely used software being maintained by basically one person.
Read this web article and then frown and become sad.
https://t.co/0nHEh7hsBY
🐳 Docker Security – Step-by-Step Hardening (Docker Hardening)
One of the most detailed guides I've ever seen 🔥
Covers hardening steps for the Docker Host, Docker Daemon, images, and containers
https://t.co/eAsWhamcC9
From my experience all software developers are now security engineers wether they know it, admit to it or do it. Your code is now the security of the org you work for. #GoldenAgeOfDefense
💪 Maturing Your Threat Modeling Skills
Threat modeling legend Adam Shostack joins @shehackspurple to discuss how to:
* Both structure and free flow to ensure comprehensive threat models
* Seamlessly integrate threat modeling into your SDLC
* + more!
https://t.co/rELjuOAieI
I’m doing a keynote on the history of application security and @OWASP this year.
I’d love your help!
What are some of the major historical moments in application security over the last 5 years or so? I’d love your advice!
Please RT!