XING

Lutra Security

6 Follower

1-10 Mitarbeitende

Neuigkeiten

Lutra Securityhat einen Beitrag geschrieben•7. Juli 2023

📢 Manifest confusion: Why npm cannot be trusted The architecture of npm has a problem known as manifest confusion, as recently highlighted in an article by Darcy Clarke. The manifest, which contains the metadata of the package, is published independently of the package's tarball and is never fully validated. We have looked into this problem and describe in our new article - how npm's package normalization process exacerbates the problem - how npm itself gets confused by this (we show how to b...

Manifest confusion – Lutra Security

Manifest confusion is a problem in the architecture of npm, pointed out by Darcy Clarke: An npm package’s manifest is independently published from its tarball and never fully validated.lutrasecurity.com

Lutra Securityhat einen Beitrag geschrieben•13. Juni 2023

Verwenden Sie Fortinet in Ihrem Unternehmen? Sind Sie sich nicht sicher? Dann schauen Sie nach und aktualisieren Sie: In FortiOS gibt es eine kritische Sicherheitslücke (CVE-2023-27997), die eine unauthorisierte Remote Code Execution ermöglicht. Es wurden bereits erste Angriffe registriert. https://www.fortiguard.com/psirt/FG-IR-23-097

PSIRT | FortiGuard Labs

Nonewww.fortiguard.com

Lutra Securityhat einen Beitrag geschrieben•26. Mai 2023

Sometimes all it takes is a little copy and paste. That's why in this article we won't focus on password policies in general, but rather give you a reasonable default for Django with all the explanations you need to customize it for your project. https://lutrasecurity.com/en/articles/django-password-validation/