Wednesday, May 12, 2021

Weekly Update 242

Presently sponsored by: CrowdSec - The open-source massively multiplayer firewall: respond to attacks & share signals across the community. Download it for free.A fairly hectic week this one, in a large part due to chasing down really flakey network...

Weekly Update 241

Presently sponsored by: CrowdSec - The open-source massively multiplayer firewall: respond to attacks & share signals across the community. Download it for free.What. A. Week. Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I...

Weekly Update 241

Presently sponsored by: CrowdSec - The open-source massively multiplayer firewall: respond to attacks & share signals across the community. Download it for free.What. A. Week. Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I...

Welcoming the Romanian Government to Have I Been Pwned

Presently sponsored by: CrowdSec - The open-source massively multiplayer firewall: respond to attacks & share signals across the community. Download it for free.Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned,...

Welcoming the Luxemburg Government CERT to Have I Been Pwned

Presently sponsored by: CrowdSec - The open-source massively multiplayer firewall: respond to attacks & share signals across the community. Download it for free.Continuing my efforts to make more breach data available to governments after data breaches impact their domains,...

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Presently sponsored by: CrowdSec - The open-source massively multiplayer firewall: respond to attacks & share signals across the community. Download it for free.Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German...

Weekly Update 240

Presently sponsored by: CrowdSec - The open-source massively multiplayer firewall: respond to attacks & share signals across the community. Download it for free.Lots of bit and pieces this week, most of which is self-explanatory based on the references below....

Weekly Update 239

Presently sponsored by: SecurityFWD. A brand new YouTube show from Varonis. Watch Episode 1: How Far can Wi-Fi Travel?Geez I'm glad the Facebook stuff was the week before this one! With that (mostly) out of the way, we headed...

Data Breaches, Class Actions and Ambulance Chasing

Presently sponsored by: SecurityFWD. A brand new YouTube show from Varonis. Watch Episode 1: How Far can Wi-Fi Travel?This post has been brewing for a while, but the catalyst finally came after someone (I'll refer to him as Jimmy)...

Weekly Update 238

Presently sponsored by: Credential stuffing is currently the biggest threat to organisations, find out how you can protect your network right now with safepass.me"What a shit week". I stand by that statement in the opening couple of minutes of...

Welcoming the Ukrainian Government to Have I Been Pwned

Presently sponsored by: Credential stuffing is currently the biggest threat to organisations, find out how you can protect your network right now with safepass.meAnother month, another national government to bring onto Have I Been Pwned. This time it's the...

I’m Writing a Book with Rob Conery, and It’s Gonna Be Awesome

Presently sponsored by: Credential stuffing is currently the biggest threat to organisations, find out how you can protect your network right now with safepass.meI've been chatting about this in some of my recent weekly videos and I thought it...

The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned

Presently sponsored by: Credential stuffing is currently the biggest threat to organisations, find out how you can protect your network right now with safepass.meThe headline is pretty self-explanatory so in the interest of time, let me just jump directly...

Weekly Update 237

Presently sponsored by: @Hack – from the masterminds behind Black Hat. Taking place in Saudi Arabia, 2021. Watch this space.As soon as I started watching this video back, I remembered why I don't do daylight mode in these any...

I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

Presently sponsored by: @Hack – from the masterminds behind Black Hat. Taking place in Saudi Arabia, 2021. Watch this space.If you've landed on this page because you saw a strange message on a completely different website then followed a...

Weekly Update 236

Presently sponsored by: SecurityFWD. A brand new YouTube show from Varonis. Watch Episode 1: How Far can Wi-Fi Travel?This 🤬🤬🤬 DAC! I mean it's a lovely device, but it's just impossible to use it as an audio source in...

Weekly Update 235

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA slow start this week as the camera refused to be recognised by any browser. The problem, of course, was that I'd plugged...

Weekly Update 234

Presently sponsored by: Get a FREE password audit on your Active Directory users with pwncheck from safepass.meA big, big week with a heap of different things on the boil. Cyber stuff, audio stuff, IoT stuff - it's all there!...

Home Assistant, Pwned Passwords and Security Misconceptions

Presently sponsored by: Get a FREE password audit on your Active Directory users with pwncheck from safepass.meTwo of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter...

Weekly Update 233

Presently sponsored by: MEGA - The world's largest provider of zero-knowledge E2EE cloud storage plus chat. Join 200m others who enjoy privacy - try MEGA for free.Data breaches all over the place this week! Not just data breaches, but...
The Hacker News

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager,...
The Register

Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data

Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…
SecurityWeek

SAP Patches High-Severity Flaws in Business One, NetWeaver Products

SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News. read more
The Register

South Korea orders urgent review of energy infrastructure cybersecurity

No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week South Korea’s Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation’s energy infrastructure.…
SecurityWeek

Ransomware Gang Threatens Release of DC Police Records

A Russian-speaking ransomware syndicate that stole data from the Washington, D.C., police department says negotiations over payment have broken down, with it rejecting a $100,000 payment, and it will release sensitive information that could put lives at risk if...