#application security

In a world where financial accountability is non-negotiable, Atcuality provides tools that ensure your field collections are as reliable as your core banking or ERP systems. Designed for enterprises that operate across multiple regions or teams, our cash collection application empowers agents to accept, log, and report payments using just their mobile devices. With support for QR-based transactions, offline syncing, and instant reconciliation, it bridges the gap between field activities and central operations. Managers can monitor performance in real-time, automate reporting, and minimize fraud risks with tamper-proof digital records. Industries ranging from insurance to public sector utilities trust Atcuality to improve revenue assurance and accelerate their collection cycles. With API integrations, role-based access, and custom dashboards, our application becomes the single source of truth for your field finance workflows.

Okay, I know this isn't a general purpose security topic, but hey, I've seen a lot of Tumblr users admit to being in software dev over the years ;) Adam Shostack, well known in the security space on a variety of topics, particularly threat modeling, has a new book out. The twist? Looking at the concept of threats to software through the lens of Star Wars.

Amit Singh sharing his thoughts on being motivate and confident under difficult circumstances

Sunday Round up for the week ending the 26th of March, As stated last weeks still looking for feedback on how I can tweak this posts format - let me know:

Articles:

How to Get Started Using Java Cryptography Securely: http://www.veracode.com/blog/research/how-get-started-using-java-cryptography-securely

Strange But True Application Security Failures: https://img.readitlater.com/i/www.veracode.com/sites-default-files-styles-media_responsive_widest-public-strange-but-true-application-security-failures-image-png-itok-m3Tnnv_P/RS/w1408.png?url=http%3A%2F%2Fwww.veracode.com%2Fsites%2Fdefault%2Ffiles%2Fstyles%2Fmedia_responsive_widest%2Fpublic%2Fstrange-but-true-application-security-failures-image.png%3Fitok%3Dm3Tnnv_P

Ransomware operators are hiding malware deeper in installer packages: https://blogs.technet.microsoft.com/mmpc/2017/03/15/ransomware-operators-are-hiding-malware-deeper-in-installer-packages/

Wellcome to revfirmware.ml: https://revfirmware.ml/

That Is Not My Child Process!: https://blog.didierstevens.com/2017/03/20/that-is-not-my-child-process/amp/

.NET Reverse Enginering - Part 2: http://codepool.me/NET-Reverse-Enginering-Part-2/

Combining Responder and PsExec for Internal Penetration Tests: https://community.rapid7.com/community/infosec/blog/2017/03/21/combining-responder-and-psexec-for-internal-penetration-tests

Tracking Online Counterfeiters: https://www.sans.org/reading-room/whitepapers/detection/tracking-online-counterfeiters-37697

An Android Phone Makes A Better Server Than You’d Think: http://hackaday.com/2017/03/22/an-android-phone-makes-a-better-server-than-youd-think/

Twitter:

"Virtual machine escape fetches $105,000 at Pwn2Own hacking contest [updated]" #informationsecurity #feedly https://t.co/L7lJISXHQK

— The Security Sleuth (@Security_Sleuth) March 19, 2017

"European Data Protection Supervisor Publishes Priorities for 2017" #privacy #feedly https://t.co/K6K7mkh9t7

— The Security Sleuth (@Security_Sleuth) March 19, 2017

"A simple command allows the CIA to commandeer 318 models of Cisco switches" #informationsecurity #feedly https://t.co/0o8hLTIXCJ

— The Security Sleuth (@Security_Sleuth) March 20, 2017

"Your Next Steps if Your AppSec Program Is in the Expanded Stage" #informationsecurity #feedly https://t.co/228tas6Nkt

— The Security Sleuth (@Security_Sleuth) March 20, 2017

"Phill Moore's Round-Up Of This Month In Forensics" #forensics #feedly https://t.co/0gCa7fT1ag

— The Security Sleuth (@Security_Sleuth) March 21, 2017

"Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware" #tech #feedly https://t.co/RdW5IpkKwv

— The Security Sleuth (@Security_Sleuth) March 21, 2017

"Strategies for Rapid Adoption of a Security Programme Within a Large Enterprise" #informationsecurity #feedly https://t.co/oDgjcFMhVW

— The Security Sleuth (@Security_Sleuth) March 22, 2017

"Hackers Using Fake Cellphone Towers to Spread Android Banking Trojan" #infosec #feedly https://t.co/12huZuGw2b

— The Security Sleuth (@Security_Sleuth) March 22, 2017

"Shielding MAC addresses from stalkers is hard and Android fails miserably at it" #informationsecurity #feedly https://t.co/uUOyQu9LjS

— The Security Sleuth (@Security_Sleuth) March 23, 2017

"Breaking: Wikileaks reveals CIA's Apple MacOS and iPhone Hacking Techniques" #infosec #feedly https://t.co/TzA9vgz9b8

— The Security Sleuth (@Security_Sleuth) March 23, 2017

Read last weeks round up here

Security teams do not just have a vulnerability problem anymore. They have a translation problem. In 2025, the National Vulnerability Database published more than 48,000 new CVEs. The hard part is not only knowing those flaws exist. It is turning each new disclosure into production-ready detection logic before attackers get a head start. That is why Amazon’s RuleForge story matters. It is one…

Technical Post Mortem: The npm Packaging Oversight Behind the Claude Code Leak

Anthropic confirms proprietary source code for its Claude Code CLI was accidentally exposed through a misconfigured npm package, highlighting critical risks in modern TypeScript distribution workflows.