This week's articles
Dropbox's 8-K
Dropbox has filed an 8-K with the SEC, reporting a cybersecurity incident affecting Dropbox Sign.
#attack
#saas
Semgrep for Terraform Security
Use Semgrep to evangelize secure-by-default modules, create opinonated rules, and to secure your CI/CD.
#build
#ci/cd
#iac
(The) Postman Carries Lots of Secrets
Postman, the popular API testing platform, hosts the largest collection of public APIs. Unfortunately, it's become one of the largest public sources of leaked secrets.
#attack
#saas
Arbitrary 1-click Azure tenant takeover via MS application
This blog explains how reply URLs in Azure Applications can be used as a vector for phishing. The impact of this can range from data leaks to complete tenant takeover; just by luring a victim into clicking on a link.
#attack
#azure
|