TLDR

TLDR Information Security 2024-04-17

PuTTY flaw leaks private keys 😱, OpenJS discovers takeover attempt πŸ›‘, FTC Fines Cerebral 🧠

How AI is helping solve five long-standing industry security problems (Sponsor)

πŸ”“
Attacks & Vulnerabilities

Ivanti warns of critical flaws in its Avalanche MDM solution (2 minute read)

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt (2 minute read)

PuTTY SSH Client Flaw Allows Recovery of Cryptographic Private Keys (3 minute read)

🧠
Strategies & Tactics

β€œAll Your Secrets Are Belong To Us” - A Delinea Secret Server AuthN/AuthZ Bypass (7 minute read)

Deploying Tailscale For a Remote Only Company (8 minute read)

Unraveling SIEM Correlation Techniques (5 minute read)

πŸ§‘β€πŸ’»
Launches & Tools

Awesome-Secure-Defaults (GitHub Repo)

cloud-key-rotator (GitHub Repo)

CVENotifier (GitHub Repo)

🎁
Miscellaneous

A quick post on Chen's algorithm (3 minute read)

FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations (3 minute read)

AWS Took 6 Months to Fix STS Bug - IAM Policy Inadequate (3 minute read)

⚑️
Quick Links

NSA Publishes Guidance for Strengthening AI System Security (2 minute read)

Chirp Systems Vulnerability (3 minute read)

DDoS threat report for 2024 Q1 (11 minute read)

Curated news πŸ“°, research πŸ§‘β€πŸ”¬, and tools πŸ”’ for information security professionals
Join 300,000 readers for one daily email
PrivacyCareersAdvertise