Tuesday, March 19, 2019

Weekly Update 130

Presently sponsored by: Twilio: Passwords are no longer enough. Two-factor authentication improves security, implement fast with 'Twilio's Authy API.'Well that was a hell of a week of travel. Seriously, the Denver situation was just an absolute mess but when...

These Cookie Warning Shenanigans Have Got to Stop

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackThis will be short, ranty and to the point: these warnings are getting ridiculous: I know, tell you something you don't...

Weekly Update 129

Presently sponsored by: Twilio: If you only offer 2FA via SMS, your customers are at risk. Learn about our Authy API and how to better protect your user accounts.Heaps of stuff going on this week with all sorts of...

Weekly Update 128

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackI'm not intentionally pushing these out later than usual, but events have just been such over the last few weeks that it's...

Weekly Update 127

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...It was another travel week so another slightly delayed weekly update, but still plenty of...

Weekly Update 126

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackAnother week, another conference. This time it was Microsoft Ignite in Sydney and as tends to happen at these events, many casual...

The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More)

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackA race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand...

Weekly Update 125

Presently sponsored by: Twilio: Learn what regulations like PSD2 mean for your business, and how Twilio can help you achieve secure, compliant transactionsI'm back home! It was an amazing trip in many ways, not least of which was the...

Weekly Update 124

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackI'm pumping this weekly update out a little bit later, pushing it just before I get on the plane back home to...

Weekly Update 123

Presently sponsored by: Twilio: Learn about why building your own 2FA solution is risky and expensive. Use our Authy API to add 2FA to your app in a matter of days.So it's been a bit of a crazy week....

Weekly Update 122

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackAnd then there was the biggest data breach to go into HIBP ever! I wrote that sentence from home just after publishing...

The 773 Million Record “Collection #1” Data Breach

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackMany people will land on this page after learning that their email address has appeared in a data breach I've called "Collection...

Weekly Update 121

Presently sponsored by: Twilio: Need to add 2FA quickly to your application? Use the Authy API to easily add more than just SMS 2FA within a matter of days.Well, it's one more sunny weekly update then snow time again...

No, Spotify Wasn’t Hacked

Presently sponsored by: Twilio: Learn how developers can now create and issue physical and virtual credit cards with just a few lines of code.Time and time again, I get emails and DMs from people that effectively boil down to...

Weekly Update 120

Presently sponsored by: Quantum computing may spell the end of RSA and elliptic curve cryptography. Get ahead of quantum threats with tips from DigiCert's CTOAnd then it was 2019. Funny how quickly it gets away from you, someone just...

2018 Retrospective

Presently sponsored by: Quantum computing may spell the end of RSA and elliptic curve cryptography. Get ahead of quantum threats with tips from DigiCert's CTOI started doing these retrospectives 3 years ago in my first year of independence. I...

10 Personal Finance Lessons for Technology Professionals

Presently sponsored by: Quantum computing may spell the end of RSA and elliptic curve cryptography. Get ahead of quantum threats with tips from DigiCert's CTOPatience.Frugality.Sacrifice.When you boil it down, what do those three things have in common? Those are...

Weekly Update 119

Presently sponsored by: Build scalable, reliable and secure cloud native applications with Tech FabricI'm home! And it's a nice hot Christmas! And I've got a new car! And that's where the discussion kinda started heading south this week. As...

Weekly Update 118

Presently sponsored by: strongDM: Use your SSO to grant/revoke access to any database or server. Audit every query, ssh command, and RDP session. Watch a 45s demo.And that's it for Canada. I recorded this Saturday morning local before heading...

Weekly Update 117

Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.I'm in Whistler! And as I say at the start of this video, I did seriously consider having...
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.