Mateusz Krzeszowiec is a Principal Security Researcher at Veracode. He started his career as software engineer and after good couple of years transitioned into application security. Mateusz worked as builder, breaker, and defender in a handful of enterprises. He researches various languages and technologies and contributes to Veracode's Binary Static Analysis service.
Technical Summary
On 28th of August fortbridge.co.uk reported a vulnerability in csurf middleware – expressjs supporting library that enables CSRF protection in expressjs.
As of 13th of September csurf library has been deprecated with no plans to fix the vulnerabilities.
There is no…
IDEs and build infrastructure are being a target of various threat actors since at least 2015 when XcodeGhost has been discovered - https://en.wikipedia.org/wiki/XcodeGhost - malware-ridden Apple Xcode IDE that enabled attackers to plant malware in iOS applications…
