Written by Geovana & Guisso
Curiosity of the month#
In June 2013, Edward Snowden, a former NSA and CIA employee, made public confidential documents that revealed NSA mass surveillance programs. This historic event, which occurred in June, highlighted the importance of cybersecurity and sparked global debates on privacy, surveillance, and the ethics of government surveillance, leading to greater awareness of online security threats and the protection of private information.
Securing cloud-native microservices with role-based access control using Keycloak#
The article discusses the implementation of role-based access control (RBAC) using Keycloak to secure cloud-native microservices, addressing security strategies and integration of identity and access in distributed environments.
Threat Modelling Cloud Platform Services by Example: Google Cloud Storage#
This NCC Group publication discusses the importance of threat modeling when assessing the security of cloud platform services, with a specific focus on Google Cloud Storage. It provides examples of common threats, along with security best practices to mitigate these risks.
OWASP Top 10 for Large Language Model Applications#
It is an OWASP (Open Web Application Security Project) project that identifies and highlights the main security vulnerabilities in applications that use large-scale language models, such as GPT-3. The OWASP Top 10 is a list of the main threats that developers should be aware of when building and implementing these applications. The goal is to provide guidance and recommended practices to mitigate these threats and improve the security of applications based on large-scale language models.
Ransomware as a service: understanding the cybercrime gig economy and how to protect yourself#
It is an article published by Microsoft’s security blog that explores the concept of Ransomware as a Service (RaaS), which is a model where cybercriminals offer malicious software and infrastructure for others to execute ransomware attacks. The article addresses how RaaS works, its implications for cybercrime, and provides guidance on how to protect against these attacks, such as maintaining updated backups, using reliable security solutions, and educating users about cybersecurity awareness.
Nosy Parker: Find secrets in textual data#
Maintained by Praetorian, “Nosy Parker” is an open-source tool that uses machine learning techniques to detect secrets encoded in source code. The tool performs an automated analysis in search of confidential data, such as passwords, API keys, access tokens, and other sensitive information. The goal is to help identify and correct these data exposures, strengthening the security of your projects.
Secrets Patterns Database#
The “Secrets Patterns Database” project contains a database of patterns for detecting sensitive secrets in source code. These patterns help identify passwords, API keys, and other confidential information accidentally exposed in repositories. It is a useful tool for increasing security and promoting good practices for protecting secrets in software development.
ReDoS “vulnerabilities” and misaligned incentives#
This text, published on the yossarian.net blog, explores ReDoS vulnerabilities in regular expressions and how they can be exploited by attackers. It also addresses the misaligned incentives between developers, security agents, and system owners, which can lead to a lack of attention to ReDoS vulnerabilities. The article aims to raise awareness about these vulnerabilities and promote better collaboration between the parties involved to mitigate security risks.