CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy

Original release date: December 2, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has released a draft of Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy. BOD 20-01 will require each federal agency to publish a vulnerability disclosure policy (VDP). CISA has posted the draft directive for public feedback. The deadline for submitting comments is 11:59 PM EST on December 27, 2019.
 
CISA encourages users and administrators to review the CISA blog post, Improving Vulnerability Disclosure Together, and draft BOD 20-01 for more information. CISA encourages feedback on draft BOD 20-01 from individuals with personal or institutional expertise in vulnerability disclosure and from organizations that have a VDP and manage coordinated vulnerability disclosures.

This product is provided subject to this Notification and this Privacy & Use policy.

Cyber Monday: Tips for Safeguarding Personal Information

Original release date: December 2, 2019

Cyber Monday draw millions of shoppers online for deals and savings, but this day also provides opportunities for an attacker to steal personal information. The Cybersecurity and Infrastructure Security Agency (CISA) reminds users to remain vigilant when browsing or shopping online.

CISA encourages Cyber Monday shoppers to review the following online shopping safety tips:

  • Do business with reputable vendors. Before providing any information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information. (See Avoiding Social Engineering and Phishing Attacks.)
  • Use caution with email links and attachments. Take appropriate precautions when using email and web browsers to reduce the risk of an infection. Be wary of unsolicited email attachments and avoid clicking on email links, even if they seem to come from people or businesses you know. (See Using Caution with Email Attachments.)
  • Pay using a credit card. There are laws to limit your liability for fraudulent credit card charges, but debit cards may not have the same level of protection.
  • Ensure your information is encrypted. Check website URLs to ensure they begin with "https:" (instead of "http:") accompanied by a padlock icon to verify that the site is secure.

This product is provided subject to this Notification and this Privacy & Use policy.

truffleHog – Search Git for High Entropy Strings with Commit History

truffleHog – Search Git for High Entropy Strings with Commit History

truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.

truffleHog previously functioned by running entropy checks on git diffs. This functionality still exists, but high signal regex checks have been added, and the ability to surpress entropy checking has also been added.

truffleHog --regex --entropy=False https://github.com/dxa4481/truffleHog.git

or

truffleHog file:///user/dxa4481/codeprojects/truffleHog/

truffleHog will go through the entire commit history of each branch, and check each diff from each commit, and check for secrets.

Read the rest of truffleHog – Search Git for High Entropy Strings with Commit History now! Only available at Darknet.