You've got this. 3 days left to file your taxes.
cash.app/taxes

We're totally fallin' for DUA LIPA's 'Illusion' + we're ready to 'dance all night.' 💃 🕺 tidal.link/43T4ZqL

Love all the angry people in the replies who demand username/password with for every app… and then have a “recover password” button that lets the email address owner bypass it all anyway. More steps, same vulnerability.

Secure products, not security products!

So, everyone reading about Sisense and Palo Alto Networks this week... are we all thinking about least privilege architectures yet? I know 'secure by design' is a catchy phrase, but vendors are just going to say they are SxD now because there's still no way to confirm/dispute it.

99% of vulnerabilities don’t matter

In the last 3 years or so of internal pentesting I’ve never exploited a vuln that was found by Nessus

Don't panic. 4 days left to file your taxes.

cash.app/taxes

CISA advisors Jack Cable and æva black describe in our latest blog how we are responding to the XZ Utils compromise and how every tech manufacturer should take a #SecureByDesign approach to securing open source software: go.dhs.gov/JHf

Imagine if every team had someone who says 'hmm, no, I think we can get this done today' on a regular basis.

The effect is incredible.

'The pain of failing to try...is less intense but never really goes away.'

STRONG RECOMMENDATION -
If you are a CISO and you have a 3rd party (Automation, AI, Analytics) that uses Sisense or you SUSPECT uses Sisense INSIST on an impact statement NOW.
I can 100% guarantee there are a lot of you with impact.

Your data was accessed by a threat actor.

The nature of sisense is they require access to their customers confidential data sources. They have direct access to JDBC connections, to SSH, and to SaaS platforms like Salesforce and many more. It also means they have tokens, credentials, certificates often upscoped. 1/2

NEW: Apple notified people in 92 countries they may have been targeted with spyware, TechCrunch learned.

“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone' linked to your Apple ID.

techcrunch.com/2024/04/10/app…

Sick of managing GitHub PATs? Check out octo-sts!

chainguard.dev/unchained/the-…

'In short: GitHub didn’t expose an STS, so we went ahead and built one.'

Eid Mubarak! TIDAL is wishing a joyous day with delicious feasts and cherished moments to all who celebrate the end of Ramadan. tidal.link/3UaEr25

“ The maintainer who added the backdoor has disappeared.”

github.com/tukaani-projec…

#xzutils What an legendary change.

'suddenly disappeared'