Week in review: Password psychology, SaltStack Salt vulnerabilities exploited, Patch Tuesday forecast

From helpnetsecurity.com

SaltStack Salt vulnerabilities actively exploited by attackers, patch ASAP!
Two vulnerabilities in SaltStack Salt, an open-source remote task and configuration management framework, are being actively exploited by attackers, CISA warns.

May 2020 Patch Tuesday forecast: Time for a break?
Threat actor activity around COVID-19 exploitation increased dramatically in April. The US Department of Homeland Security and the UK National Cyber Security Centre issued a joint advisory in early April, warning about this increasing activity. This advisory provides a detailed summary of several attacks and valuable links to actions you can take for mitigation.

GitHub Code Scanning aims to prevent vulnerabilities in open source software
GitHub has made available two new security features for open and private repositories: code scanning (as a GitHub-native experience) and secret scanning.

Read more…