SafeLine is a self-hosted WAF to protect web applications from attacks such as SQL injection, XSS, and others. It offers features like blocking web attacks, rate limiting, anti-bot defense, authentication challenge, dynamic protection, and more.
The article discusses two unexpected sources of code execution in bash: arithmetic expressions and the test -v command, which can evaluate arbitrary code under certain conditions.
```
if [ "${num}" -eq 42 » ]
```
```
$ [ -v 'x[$(cat /etc/passwd > /tmp/pwned) » ' ]]
```
```
if [ "${num}" -eq 42 » ]
```
```
$ [ -v 'x[$(cat /etc/passwd > /tmp/pwned) » ' ]]
```
Google has released an updated version of its Authenticator app, featuring a Material 3 design overhaul and a new privacy screen that requires a PIN or biometric approval before accessing 2FA authentication codes.
Google is introducing new AI-powered, real-time protections for Pixel users to combat the $1 trillion in annual fraud. These include Scam Detection and enhanced Google Play Protect features designed to protect users from fraudulent calls and malicious apps while maintaining user privacy.
Okta has confirmed a security vulnerability where usernames of 52 characters or more allowed account access without a password.
This page requires JavaScript to be enabled in your browser to display its content related to Private Cloud Compute Documentation by Apple.
This GitHub repository contains the source code for the Private Cloud Compute (PCC) security guide, providing components that implement security mechanisms and privacy policies for independent verification.
The FIDO Alliance's new Passkey standard aims to make password-less authentication a reality, but the real challenge lies in getting users to adopt the technology.
Companies are increasingly looking for job candidates with skills in machine learning (ML) and large language models (LLMs) to fill cybersecurity jobs. LLM SecOps and ML SecOps are becoming must-have skills to address the risks associated with artificial language.
The National Institute of Standards and Technology (NIST) proposes eliminating some common but ineffective password requirements like periodic changes and restrictions on character types to improve overall security hygiene.
"The latest NIST guidelines now state that:
Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords and
Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator."
"The latest NIST guidelines now state that:
Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords and
Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator."
