Tuesday, August 3, 2021

Weekly Update 254

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.The plan this week was to do a super simple update whilst having some time out. In the back...

Weekly Update 253

Presently sponsored by: Guarantee peace of mind from credential stuffing attacks. Learn how at Arkose Labs’ webinar with Troy July 27 at 10 am PT. Save your seat!This week, by popular demand, it's Charlotte! Oh - and Scott. People...

Your Work Email Address is Your Work's Email Address

Presently sponsored by: Guarantee peace of mind from credential stuffing attacks. Learn how at Arkose Labs’ webinar with Troy July 27 at 10 am PT. Save your seat!When the Ashley Madison data breach occurred in 2015, it made headline...

Weekly Update 252

Presently sponsored by: AppTrana Ranks #1 on Customer Experience in 2021 Gartner Peer Insights 'Voice of Customer' for WAF. Only Vendor with 100% recommendation.Next week first: based on popular demand, at 18:00 on our end Friday 23 (that's 09:00...

The Internet of Things is a Complete Mess (and how to Fix it)

Presently sponsored by: AppTrana Ranks #1 on Customer Experience in 2021 Gartner Peer Insights 'Voice of Customer' for WAF. Only Vendor with 100% recommendation.I've spent more time IoT'ing my house over the last year than any sane person ever...

Welcoming the Israeli Government to Have I Been Pwned

Presently sponsored by: AppTrana Ranks #1 on Customer Experience in 2021 Gartner Peer Insights 'Voice of Customer' for WAF. Only Vendor with 100% recommendation.Marking the 25th national CERT to have full and free API level access to in HIBP,...

Weekly Update 251

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.Between school holidays and a house full of tradies repairing things, there wasn't a lot a free time this...

MVP 11

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.A little over a decade ago now, I awoke from a long haul flight to find an email I...

Welcoming the Dutch Government to Have I Been Pwned

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full...

Weekly Update 250

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.This week is a bit of everything again, although the main difference this time was...

Welcoming the Slovak Republic Government to Have I Been Pwned

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.Today I'm very happy to welcome the 23rd national government to Have I Been Pwned,...

Weekly Update 249

Presently sponsored by: ANY.RUN sandbox reveals a malicious sample in seconds. Try the unique approach with an interactive and easy process of analysis!A bit of a shorter work week this one as we escaped to a little getaway for...

Welcoming the Jamaican Government to Have I Been Pwned

Presently sponsored by: ANY.RUN sandbox reveals a malicious sample in seconds. Try the unique approach with an interactive and easy process of analysis!Recently, I've been providing a lot of additional government access to Have I Been Pwned. Today I'm...

Weekly Update 248

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.Thought I'd do a bit of AMA this week given the rest of the content...

Welcoming the Finnish Government to Have I Been Pwned

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.Today I'm very happy to welcome the Finnish government to Have I Been Pwned by...

Weekly Update 247

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.Lots of stuff going on this week, beginning with me losing my mind try to get local control of...

Nameless Malware Discovered by NordLocker is Now in Have I Been Pwned

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.I've had a couple of cases to date where email addresses compromised by malware then discovered in the course...

Expanding the Have I Been Pwned Volunteer Community

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open...

Welcoming the Uruguayan Government to Have I Been Pwned

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.This week as part of the ongoing initiative to make breach data available to national governments, I'm very happy...

Weekly Update 246

Presently sponsored by: Credential stuffing is currently the biggest threat to organisations, find out how you can protect your network right now with safepass.meThis week has been absolutely dominated by code contributions to Pwned Passwords. This is such an...
Google

Linux Kernel Security Done Right

Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
SecurityWeek

SAP Customer Survey Reveals False Sense of Security

Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis. The SAP Security Survey Report 2021 is based on information from over 100 SAP...

BazarCaller – the malware gang that talks you into infecting yourself

Calling someone back feels safer than clicking an unknown link... but it isn't! Remind your friends and family.

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.