Application Security This Week for August 4

The Capital One breach leads the news this week, for a dozen good reasons.

https://start.jcolemorrison.com/the-technical-side-of-the-capital-one-aws-security-breach/

Reeeeeely good writup on Crypto attacks from Checkpoint.  More than just reading the unreadable, ya know.

https://research.checkpoint.com/cryptographic-attacks-a-guide-for-the-perplexed/

The Node Package Manager is in the news again, thanks to a huge kerfuffle related to someone injecting malware into a much-used package.  Think before you import, people.

https://harry.garrood.me/blog/malicious-code-in-purescript-npm-installer/

https://medium.com/commitlog/the-internet-is-at-the-mercy-of-a-handful-of-people-73fac4bc5068

Credential stuffing attacks are outpacing phishing, sayth Akamai.

https://www.theregister.co.uk/2019/07/31/black_hats_hate_banks_says_akamai/

And we are still talking about weakening encryption, of course:

https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/#37320cb05362

That’s the news, people.  Stay safe.