Cybersecurity Alerts, News, and Tips

All You Need to Know About User Session Security

What follows is a two-part series on session management  —  inspired by extensive conversations with over 70 developers and our own intensive research. We will explore different session management practices, identify issues, and converge on a solution to these issues. Through it all, I hope to leave you with clarity on deciding how to manage user sessions (and auth tokens) for your application. In 20 minutes, we summarize all the important information it took us hundreds of hours to obtain and document.
This article will introduce session management, analyze commonly use session flaws, and demonstrate best practices. Part two will take a look at a new open source flow that is secure and easy to integrate into existing systems. 
Specifically, in part one, we cover


How to Lead a Blockchain Engineering Team

Santiago Palladino is a team leader at OpenZeppelin, a company based in Buenos Aires that creates development tools for blockchain and also audits blockchain applications for security. He shared with us his methods for overcoming the unique challenges of leading teams working with a distributed Blockchain development team.
Short on time? Here are three key takeaways from Santiago’s interview which outline what he does to build and maintain effective development teams for a large and complex product:




Op Wocao – China-linked APT20 was able to bypass 2FA

China-linked cyber espionage group APT20 has been bypassing two-factor authentication (2FA) in recent attacks, cyber-security firm Fox-IT warns. Security experts from cyber-security firm Fox-IT warns of a new wave of attacks, tracked as Operation Wocao, carried out by China-linked cyber espionage group APT20 that has been bypassing 2FA. The attacks aimed at government entities and […]
The post Op Wocao – China-linked APT20 was able to bypass 2FA appeared first on Security Affairs.


Mastercard Acquires RiskRecon for Cybersecurity, Risk Mitigation

Mastercard acquires RiskRecon, a provider of artificial intelligence (AI), data analytics, cybersecurity & risk mitigation solutions to MSSPs & channel partners.
The post Mastercard Acquires RiskRecon for Cybersecurity, Risk Mitigation appeared first on MSSP Alert.



RavnAir Alaska airline canceled some flights following a cyber attack

RavnAir airline was forced to cancel at least a half-dozen flights in Alaska on Saturday following a “malicious cyber attack” The RavnAir airline was forced to cancel at least a half-dozen flights in Alaska on Saturday following a cyber attack, around 260 passengers were not able to fly. According to the company, the attack hit […]
The post RavnAir Alaska airline canceled some flights following a cyber attack appeared first on Security Affairs.


Lithuanian man sentenced to 5 years in prison for stealing $120 Million From Google, Facebook

Lithuanian man Evaldas Rimasauskas was sentenced to five years in jail for stealing $120 Million from Google and Facebook employees. Evaldas Rimasauskas was sentenced to five years of prison for stealing $120 Million from Google and Facebook employees with business email compromise (BEC) attacks carried out between 2013 and 2015. The Lithuanian citizen Evaldas Rimasauskas (48) […]
The post Lithuanian man sentenced to 5 years in prison for stealing $120 Million From Google, Facebook appeared first on Security Affairs.