Tuesday, September 27, 2022

Weekly Update 314

Presently sponsored by: SecAlerts vulnerability awareness: Receive CVE & zero-day alerts, news & version updates all matched to your software. Discount code within!Wow, what a week! Of course there's lots of cyber / tech stuff in this week's update,...

Weekly Update 313

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.I came so close to skipping this week's video. I'm surrounded by family, friends and my amazing wife to...

Weekly Update 312

Presently sponsored by: Kolide believes that maintaining endpoint security shouldn’t mean compromising employee privacy. Check out our manifesto: Honest Security.I'm so excited to see the book finally out and awesome feedback coming in, but I'm disappointed with this week's...

“Pwned”, the Book, is Finally Here!

Presently sponsored by: Kolide believes that maintaining endpoint security shouldn’t mean compromising employee privacy. Check out our manifesto: Honest Security.The first time I ever wrote publicly about a company's security vulnerabilities, my boss came to have a word with...

Weekly Update 311

Presently sponsored by: Kolide is an endpoint security solution for teams that want to meet SOC2 compliance goals without sacrificing privacy. Learn more here.Well, after a crazy amount of work, a lot of edits, reflection, and feedback cycles, "Pwned"...

Weekly Update 310

Presently sponsored by: Kolide is a fleet visibility solution for Mac, Windows, and Linux that can help you securely scale your business. Learn more here.By all accounts, this was one of the best weekly updates ever courtesy of a...

Weekly Update 309

Presently sponsored by: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet. Learn more here.Right off the back of a visit to our wedding venue (4 weeks and counting!) and...

Weekly Update 308

Presently sponsored by: Kolide believes that maintaining endpoint security shouldn’t mean compromising employee privacy. Check out our manifesto: Honest Security.It was all a bit last minute today after travel, office works and then a quick rebuild of desk and...

Weekly Update 307

Presently sponsored by: Cloudflare. Speed up and protect your apps, APIs and websites with the world's fastest DNS. Add CDN, SSL, WAF, bot management and much more.A very early weekly update this time after an especially hectic week. The...

Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV

Presently sponsored by: Cloudflare. Used by businesses small and large to protect and accelerate their web properties. Try DNS, DDoS protection and SSL for free.How best to punish spammers? I give this topic a lot of thought because I...

Weekly Update 306

Presently sponsored by: Kolide is an endpoint security solution for teams that want to meet SOC2 compliance goals without sacrificing privacy. Learn more here.I didn't intend for a bunch of this week's vid to be COVID related, but between...

Weekly Update 305

Presently sponsored by: Kolide is a fleet visibility solution for Mac, Windows, and Linux that can help you securely scale your business. Learn more here.I broke Yoda's stick! 3D printing woes, and somehow I managed to get through the...

If You're Not Paying for the Product, You Are… Possibly Just Consuming Goodwill for Free

Presently sponsored by: Kolide is a fleet visibility solution for Mac, Windows, and Linux that can help you securely scale your business. Learn more here.How many times have you heard the old adage about how nothing in life is...

Weekly Update 304

Presently sponsored by: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet. Learn more here.It's very much a last-minute agenda this week as I catch up on the inevitable post-travel...

Weekly Update 303

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for freeAnd we're finally done with this trip. 26 days, 14 different accommodations, 5,146km of driving through...

MVP Award 12

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free11 years now, wow 😲 It's actually 11 and a bit because it was April Fool's...

Welcoming the Polish Government to Have I Been Pwned

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for freeContinuing the rollout of Have I Been Pwned (HIBP) to national governments around the world, today...

Weekly Update 302

Presently sponsored by: Detack. Detect & prevent weak, leaked, shared passwords with EPAS, a patented, privacy compliant solution used in 40 countries. Try it free!In a complete departure from the norm, this week's video is the much-requested "cultural differences"...

Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity

Presently sponsored by: Detack. Detect & prevent weak, leaked, shared passwords with EPAS, a patented, privacy compliant solution used in 40 countries. Try it free!Four and a half years ago now, I rolled out version 2 of HIBP's Pwned...

Weekly Update 301

Presently sponsored by: Varonis for Salesforce. Protect Salesforce data from overexposure and cyberthreats. Try it free!First up, I'm really sorry about the audio quality on this one. It's the exact same setup I used last week (and carefully tested...
The Register

Ukraine fears ‘massive’ Russian cyberattacks on power, infrastructure

Will those be before or after the nuke strikes Putin keeps banging on about? Russia plans to conduct "massive cyberattacks" on Ukraine and its allies' critical infrastructure and energy sector, according to Kyiv.…

BrandPost: Extortion Economics: Ransomware’s New Business Model

Did you know that over 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cybercriminals have become emboldened by the underground ransomware economy.And...

Police ‘all over’ dark web ransom threat to release 10,000 customer records a day, Optus CEO says

Purported hackers post ultimatum demanding $1m within four days after massive Optus data breachFollow our Australia news live blog for the latest updatesGet our free news app, morning email briefing or daily news podcastThe chief executive of Optus, Kelly...

Barracuda Unveils New Capabilities To Protect Against Persistent And Evolving Threats

Barracuda announced a number of product enhancements and innovative new capabilities at its recent Secured.22 virtual conference to expand the protection for customers and help them defend against the latest cyber threats.

Zoho ManageEngine flaw is actively exploited, CISA warns

A remote code execution vulnerability in Zoho's ManageEngine, a popular IT management solution for enterprises, is being exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) added the flaw to its catalog of known exploited vulnerabilities...