Daily Perk 2/10/2021

Patch Tuesday Quick Hits: 56 just from Microsoft. 3 critical and high severity TCP/IP bugs that are magnets for exploit. Two for .NET framework which are manual patches. And the critical one for WindowsDNS server. May the patching gods smile upon you

Dependency Confusion: How I Hacked into Apple, Microsoft and Dozens of Other Companies by Alex Birsan on Medium

We live in an increasingly interconnected digital world, where relationships and connections need to be understood and monitored at the system level, up through business and personal levels. Trust but verify. Attackers will be actively seeking out dependency vulnerabilities, leverage automated downloads and target open source repositories.

With automation, trust and expectation are bigger factors than we realize. Security researchers Alex Birsan and Justin Gardner highlight “Dependency Confusion” and how this can become something we missed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s