Saturday, July 20, 2019

Weekly Update 148

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.It's the last one from Norway before heading off to the US and diving into the deep...

Authentication and the Have I Been Pwned API

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.The very first feature I added to Have I Been Pwned after I launched it back in...

Weekly Update 147

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.So "Plan A" was to publish Pwned Passwords V5 on Tuesday but a last-minute check showed control...

Pwned Passwords, Version 5

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern...

Weekly Update 146

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.After a very non-stop Cyber Week in Israel, I'm back in Oslo working through the endless emails...

Microsoft MVP Award, Year 9

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.I've become especially reflective of my career this year, especially as Project Svalbard marches forward and I...

Welcoming the Austrian Government to Have I Been Pwned

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.Early last year, I announced that I was making HIBP data on government domains for the UK...

Weekly Update 145

Presently sponsored by: If engineers need access, you need strongDM. Use your SSO to grant or revoke access to any database, server, or k8s. Try strongDM now.Something totally new this week - Israel! I spent the week in Tel...

Weekly Update 144

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackSo first things first - my patience for the Instamics we're wearing just reached zero. One of them recorded and one of...

Weekly Update 143

Presently sponsored by: Twilio: Learn what regulations like PSD2 mean for your business, and how Twilio can help you achieve secure, compliant transactionsWell this was a big one. The simple stuff first - I'm back in Norway running workshops...

Hack Yourself First – The UK Tour by Scott Helme

Presently sponsored by: Twilio: Learn what regulations like PSD2 mean for your business, and how Twilio can help you achieve secure, compliant transactionsIt's the Hack Yourself First UK Tour! I've been tweeting a bit about this over recent times...

Project Svalbard: The Future of Have I Been Pwned

Presently sponsored by: Twilio: Learn what regulations like PSD2 mean for your business, and how Twilio can help you achieve secure, compliant transactionsBack in 2013, I was beginning to get the sense that data breaches were becoming a big...

Weekly Update 142

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackI made it to the Infosecurity hall of fame! Yesterday was an absolutely unreal experience that was enormously exciting:It was an...

Weekly Update 141

Presently sponsored by: Twilio: Passwords are no longer enough. Two-factor authentication improves security, implement fast with Twilio's Authy API.Another week, another conference. This time, Scott and I have just wrapped up the AusCERT event which is my local home...

Weekly Update 140

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackI'm a day and a half behind with this week's update again - sorry! Thursday and Friday were solid with training in...

PayPal’s Beautiful Demonstration of Extended Validation FUD

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackSometimes the discussion around extended validation certificates (EV) feels a little like flogging a dead horse. In fact, it was only September...

Weekly Update 139

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackPer the beginning of the video, it's out late, I'm jet lagged, all my clothes are dirty and I've had to raid...

Weekly Update 138

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threatsAfter a mammoth 30-hour door-to-door journey, I'm back in the USA! It's Minnesota this week and I've just wrapped...

Weekly Update 137

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...It's the last one from home for a few weeks, both for Scott and myself....

Weekly Update 136

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threatsScott is still here with me on the Gold Coast lapping up the sunshine before NDC Security next week...

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.