Critical Bug Exploited in Fortinet's Management Console
An attacker compromised one of Fortinet's most sensitive products and mopped up all kinds of reconnaissance data helpful for future mass device attacks.
A government report's criticism of the 100x metric often used to justify fixing software earlier in development fuels a growing debate over pushing responsibility for secure code onto developers.
Development Features Enabled in Prodcution, (Thu, Oct 24th)
We do keep seeing attackers "poking around" looking for enabled development features. Developers often use these features and plugins to aid in debugging web applications. But if left behind, they may provide an attacker with inside to the...