Wednesday, December 11, 2019

Weekly Update 168

YOW! Sydney / Brisbane / Melbourne; Have I Been Pwned’s 6th Birthday; Sectigo’s Phishing Cert; Crazy System-Generated Password Tweet; Sponsored by Whois XML API https://www.troyhunt.com/weekly-update-168/

Weekly Update 167

DDD Brisbane; Arguing About Kangaroos; Ari & Teaching Kids to Code in Oslo & London; Swiss Gov on Have I Been Pwned; Sponsored by IVPN https://www.troyhunt.com/weekly-update-167/

Weekly Update 166

Kangaroos! Norwegian Goverment & HIBP; Banks Looking Like Phishers; “Data Enrichment” Services & Data Breaches; Sponsored by IVPN https://www.troyhunt.com/weekly-update-166/

Weekly Update 165

Scott Helme’s “Hack Yourself First” Workshop; Googling Your Password; Charging to Change Your Password; 1Password’s Cash Injection; IVPN Sponsoring https://www.troyhunt.com/weekly-update-165/

Weekly Update 164

Nord & Credential Stuffing; Veritas, DNA & Breach; Azure & Free SSL; Sectigo DV Craziness; LinkedIn & security.txt; HSTS or GTFO; Sponsored by Varonis https://www.troyhunt.com/weekly-update-164/

Weekly Update 163

Speaking Events; Got a Bit Sick; Scott’s HYF Workshop; Zoho & Pwned Passwords; Stuff I See Messing Me Up; Adobe Breached (Again); Varonis Sponsoring https://www.troyhunt.com/weekly-update-163/

Weekly Update 162

Chrome and Mixed Content; Firefox has Killed the EV Indicator; Firefox HAS NOT Removed Support for EV; Zooville & Hookers.nl Data Breaches https://www.troyhunt.com/weekly-update-162/

Weekly Update 161

NDC Sydney; Removing the Padlock Icon from Chrome; Hack to the Future; Project Svalbard is Still in Progress; Sponsored by Varonis https://www.troyhunt.com/weekly-update-161/

Weekly Update 160

Back in Australia; Recording on iPhone 11 Pro; The UX of EEA GDPR 451 Messages; Visual Indicators and Elephants; Sponsored by Resistance DEX https://www.troyhunt.com/weekly-update-160/

Weekly Update 159

Geneva, Bern, Bellagio; Experiences at CERN; 10 Years of Blogging; Have I Been Pwned and Fake FCC Comments; Sponsored by Kolide https://www.troyhunt.com/weekly-update-159/

Weekly Update 158

Presently sponsored by: Kolide is a User Focused Security app for teams that care about the trust and privacy of their users. Start your free 30 day trial now!It's been a bit of intense country-hopping since the last update...

Weekly Update 157

Presently sponsored by: Sponsored by Okta: You wouldn’t roll your own hashing algorithm, so why build your own auth? Secure users in mins with a free dev account.Hungary! And that's about as much intro as I'm going to do...

Banks, Arbitrary Password Restrictions and Why They Don’t Matter

Presently sponsored by: Sponsored by Okta: You wouldn’t roll your own hashing algorithm, so why build your own auth? Secure users in mins with a free dev account.Allow me to be controversial for a moment: arbitrary password restrictions on...

Weekly Update 156

Presently sponsored by: Sponsored by Okta: You wouldn’t roll your own hashing algorithm, so why build your own auth? Secure users in mins with a free dev account.Turns out it's actually a sunny day in Oslo today, although it's...

Weekly Update 155

Presently sponsored by: Friends don’t let friends write user auth. Use Okta instead. Start your free trial today.From the emerging spring to the impending autumn, I'm back in Oslo at the beginning of another series of European events that'll...

Weekly Update 154

Presently sponsored by: strongDM-see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else"How's that for a setting in this week's video? 🌴 First day of spring here...

Weekly Update 153

Presently sponsored by: strongDM-see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else"Australia! Sunshine, good coffee and back in the water on the tail end of "winter"....

Weekly Update 152

Presently sponsored by: strongDM-see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else"I made it out of Vegas! That was a rather intense 8 days and if...

Extended Validation Certificates are (Really, Really) Dead

Presently sponsored by: strongDM-see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else"Almost one year ago now, I declared extended validation certificates dead. The entity name had...

Weekly Update 151

Presently sponsored by: strongDM-see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else"Well that's Vegas done. 8 days of absolutely non-stop events that's now pretty much robbed...
SC Magazine

Pensacola confirms ransomware attack

Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...

Trickbot Operators Now Selling Attack Tools to APT Actors

North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Brian Krebs

The Great $50M African IP Address Heist

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
TechRepublic

How to stop spam calls right now

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.