Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2023-02-20 to 2023-02-27.
Matt Frisbie takes a look at the current limitations of Manifest v3. The poc simply request all possible permissions and upon installation chrome will display a warning message. He even provides the Spy Extension code on Github.
The website pbom.dev published their OSC&R matrix. Like MITTRE ATT&CK, OSC&R is organized into a clear and structured view of the tactics, techniques, and procedures (TTPs) used by adversaries. However, OSC&R is the first and only matrix that focuses specifically on the software supply chain attacks. It covers a wide range of attack vectors, including vulnerabilities in third-party libraries and components, supply chain attacks on build and deployment systems, and compromised or malicious software updates.
PBOM stands for pipeline bill of materials. This is related to a software bill of materials (SBOM), which lists the components used to build software. Furthermore, PBOMs also include the build pipeline from design to production.
SysReptor makes Pentest Reporting easy.
Currently in Beta with a Community and a Professional model.
Open, adaptable email security platform.
Open source password manager for teams