Monday, January 30, 2023

Weekly Update 332

Presently sponsored by: CrowdSec - Gain crowd-sourced protection against malicious IPs and benefit from the most accurate CTI in the world. Get started for free.Breaches all over the place today! Well, this past week, and there's some debate as...

Weekly Update 331

Presently sponsored by: CrowdSec - Gain crowd-sourced protection against malicious IPs and benefit from the most accurate CTI in the world. Get started for free.Well and truly back into the swing of things in the new year, I think...

Pwned or Bot

Presently sponsored by: CrowdSec - Gain crowd-sourced protection against malicious IPs and benefit from the most accurate CTI in the world. Get started for free.It's fascinating to see how creative people can get with breached data. Of course there's...

Weekly Update 330

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for freeBig week! So big, in fact, that I rushed into this week's update less prepared and...

Weekly Update 329

Presently sponsored by: 1Password, a secure password manager, is building the passwordless experience you deserve. See how passkeys workStrap yourself in, this is a big one! Big video, big breach (scrape?), and a big audience today. The Twitter incident...

Weekly Update 328

Presently sponsored by: 1Password, a secure password manager, is building the passwordless experience you deserve. See how passkeys workWe made it! That's 2022 done and dusted, and what a year it was, both professionally and personally. It feels great...

Weekly Update 327

Presently sponsored by: 1Password, a secure password manager, is building the passwordless experience you deserve. See how passkeys workIt's my last weekly update on the road for a while! As enjoyable as travel is, I'm looking forward to getting...

Weekly Update 326

Presently sponsored by: Kolide believes that maintaining endpoint security shouldn’t mean compromising employee privacy. Check out our manifesto: Honest Security.Despite having both my tripod and mic in the wrong suitcase in the wrong place, Scott and I still pulled...

Weekly Update 325

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.For the first time in I don't know how long, I couldn't do this live. Turns out both cell...

Weekly Update 324

Presently sponsored by: Kolide is an endpoint security solution for teams that want to meet SOC2 compliance goals without sacrificing privacy. Learn more here.We're in Copenhagen! Scott and family joined us in Oslo for round 2 of wedding celebrations...

Weekly Update 323

Presently sponsored by: Kolide is an endpoint security solution for teams that want to meet SOC2 compliance goals without sacrificing privacy. Learn more here.Finally, after nearly 3 long years, I'm back in Norway! We're here at last, leaving our...

Get Pwned, for 30% Less!

Presently sponsored by: 1Password, a secure password manager, is building the passwordless experience you deserve. See how passkeys workWe've had great feedback from people who have gotten Pwned. Loads of people had told us how much they've enjoyed it...

Data Breach Misattribution, Acxiom & Live Ramp

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineIf you find your name and home address posted online, how do you know where it came from? Let's assume there's no further...

Weekly Update 322

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.It's very strange to have gone 1,051 days without spending more than a few hours apart, but here we...

Weekly Update 321

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.What a week to pick to be in Canberra. Planned well before things got cyber-crazy in Australia, I spent...

The Have I Been Pwned API Now Has Different Rate Limits and Annual Billing

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.A couple of weeks ago I wrote about some big changes afoot for Have I Been Pwned (HIBP), namely...

Weekly Update 320

Presently sponsored by: Kolide is a fleet visibility solution for Mac, Windows, and Linux that can help you securely scale your business. Learn more here.I feel like life is finally complete: I have beaches, sunshine and fast internet! (Yes,...

Better Supporting the Have I Been Pwned API with Zendesk

Presently sponsored by: Kolide is a fleet visibility solution for Mac, Windows, and Linux that can help you securely scale your business. Learn more here.I've been investing a heap of time into Have I Been Pwned (HIBP) lately, ranging...

Weekly Update 319

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.Geez we've been getting hammered down here: Optus, MyDeal, Vinomofo, Medibank and now Australian Clinical Labs. It's crazy how...

Big Changes are Afoot: Expanding and Enhancing the Have I Been Pwned API

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.Just over 3 years ago now, I sat down at a makeshift desk (ok, so it was a kitchen...

GitHub says hackers cloned code-signing certificates in breached repository

Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place...
Security Affairs

QNAP addresses a critical flaw impacting its NAS devices

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
The Register

Chromebook SH1MMER exploit promises admin jailbreak

Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…

MusicLM: Google AI generates music in various genres at 24 kHz

Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica) On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...

Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.