Maikel - Maikel.pro Blog

Maikel

From S3 Bucket to entire login infrastructure compromise

From S3 Bucket to entire login infrastructure compromise

TL;DR I discovered an unclaimed AWS S3 bucket, which was still actively used to load JavaScript across multiple domains belonging to a major Brazilian media group, GJC Corp. This JavaScript was included even on their Keycloak-based authentication portals. If an attacker had taken over the bucket and served malicious

Roundcube and SMTP Error (-1) : Connection to server failed

In case you are having problems to configure Roundcube to send mail, please note the following: If you are connecting on port 587 you should probably use tls://mail.mydomain.org instead of ssl://mail.mydomain.org because (by default) STARTTLS is used on port 587. In case you are

NIS2 and Software Engineering

software-security

NIS2 and Software Engineering

Last week I watched a presentation about the new European directive about Network and Information Security 2 (NIS2). The essence of this presentation was that current regulations are still not sufficient enough to make companies resilient against cyber security threats. The current trend is that cyber security criminals (e.g.