Friday 19 February 2021

SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs - Security Boulevard

“Trust Us (Except Don’t)”

Thursday 18 February 2021

Oracle is Said to Help China Find Dissidents and Jail Minorities - Security Boulevard

When Larry Met δΉ 

Lesson from supply chain attacks: Beware 'dependency confusion' - TechBeacon

After Alex Birsan’s $130,000 bug-bounty haul last week, hundreds of bogus npm packages have popped up out of nowhere. They appear to have been published by copycat researchers—some of whom have less-than-pure intentions.

The moral of the story? Make sure the code you’re importing really is the code you think you’re importing.

Monday 15 February 2021

Internal Leak of 4,887 Users: Yandex Employee Fate Unknown - Security Boulevard

$YNDX Stays Schtum