US National Security Advisor Not So Good At Personal Security In light of “Signalgate”, reporters are looking for more breaches of security at the upper echelon of the president’s team. All of this is unclassified, but still sensitive. This includes National Security Advisor Waltz’s Venmo friend list (he has 328 friends), mobile phone numbers, email […]
Continue reading → [DISPLAY_ACURAX_ICONS]Hard coded secrets are things like passwords and API keys that are hard coded into “apps” for anyone to find. Generally considered a bad thing. 🙂 Cybernews researched more than 150,000 iOS apps and found more than 815,000 secrets. This includes thousands that are sensitive. Secrets that could lead to breaches. Now that this information […]
Continue reading → [DISPLAY_ACURAX_ICONS]API Keys are an alternative to passwords for connecting to a computer or web service. Typically, API Keys are used by software applications to talk to other applications and are considered more secure than using userids and passwords to authenticate. Unfortunately, too many developers don’t treat APIkKeys like the security risk they are. API keys […]
Continue reading → [DISPLAY_ACURAX_ICONS]We hear stories about the time it takes to weaponize security patches. This test, by Orca Security, tested a different problem. They wanted to know how long it takes hackers to discover secrets that you leave exposed in your cloud environment. They tested a variety of resources from Github to AWS. The good news is […]
Continue reading → [DISPLAY_ACURAX_ICONS]GitGuardian reported yesterday that organizations leaked more than 6 million passwords, API keys and other secrets last year. That is just in the code that they scanned. This is double the number found the year before. In part, this is due to better software that can sniff out these secrets. That translates to 3 out […]
Continue reading → [DISPLAY_ACURAX_ICONS]