-
GoCD Patches Critical Vulnerability Allowing User Privilege Escalation
GoCD Patches Critical Vulnerability Allowing User Privilege Escalation Open-source CI/CD platform GoCD has released an urgent security update to address a critical vulnerability that could allow malicious authenticated users to escalate their privileges to administrator … Read more Published Date: Jan 06, 2025 (12 hours, 41 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-10957 Go…
-
Weekly Update 433
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite It sounds easy – “just verify people’s age before they access the service” – but whether we’re talking about porn in the US or Australia’s incoming social media laws, the reality is way more complex…
-
Navigating the Future of Secure Code Signing and Cryptography
In today’s interconnected world, the integrity of software has never been more critical. With the increasing reliance on open-source components and the complexities introduced by containerized applications, ensuring trust in software has become a cornerstone of modern security practices. I […] The post Navigating the Future of Secure Code Signing and Cryptography appeared first on…
-
CISO Challenges for 2025: Overcoming Cybersecurity Complexities
As organizations recognize the immense value and criticality of your data and systems, cybersecurity has become intrinsically linked to business strategy. Chief Information Security Officers (CISOs) are increasingly expected to play a central role in shaping business decisions, assessing and mitigating risks, and ensuring that security strategies align with overall business objectives. This requires a…
-
Simson Garfinkel on Spooky Cryptographic Action at a Distance
Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud, I am prompted for an…
-
Practical Advice for PQC Migration for TLS 1.3
Numerous blogs and articles are urging security professionals to start migrating to quantum-resistant algorithms immediately. This urgency was heightened on August 13, 2024, when NIST finalized the FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) standards. In this article, I present a simplified example of a client establishing a TLS 1.3 connection to…
-
Friends don’t let friends reuse nonces
By Joe Doyle If you’ve encountered cryptography software, you’ve probably heard the advice to never use a nonce twice—in fact, that’s where the word nonce (number used once) comes from. Depending on the cryptography involved, a reused nonce can reveal encrypted messages, or even leak your secret key! But common knowledge may not cover every…