Saturday, January 19, 2019

Weekly Update 122

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackAnd then there was the biggest data breach to go into HIBP ever! I wrote that sentence from home just after publishing...

The 773 Million Record “Collection #1” Data Breach

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackMany people will land on this page after learning that their email address has appeared in a data breach I've called "Collection...

Weekly Update 121

Presently sponsored by: Twilio: Need to add 2FA quickly to your application? Use the Authy API to easily add more than just SMS 2FA within a matter of days.Well, it's one more sunny weekly update then snow time again...

No, Spotify Wasn’t Hacked

Presently sponsored by: Twilio: Learn how developers can now create and issue physical and virtual credit cards with just a few lines of code.Time and time again, I get emails and DMs from people that effectively boil down to...

Weekly Update 120

Presently sponsored by: Quantum computing may spell the end of RSA and elliptic curve cryptography. Get ahead of quantum threats with tips from DigiCert's CTOAnd then it was 2019. Funny how quickly it gets away from you, someone just...

2018 Retrospective

Presently sponsored by: Quantum computing may spell the end of RSA and elliptic curve cryptography. Get ahead of quantum threats with tips from DigiCert's CTOI started doing these retrospectives 3 years ago in my first year of independence. I...

10 Personal Finance Lessons for Technology Professionals

Presently sponsored by: Quantum computing may spell the end of RSA and elliptic curve cryptography. Get ahead of quantum threats with tips from DigiCert's CTOPatience.Frugality.Sacrifice.When you boil it down, what do those three things have in common? Those are...

Weekly Update 119

Presently sponsored by: Build scalable, reliable and secure cloud native applications with Tech FabricI'm home! And it's a nice hot Christmas! And I've got a new car! And that's where the discussion kinda started heading south this week. As...

Weekly Update 118

Presently sponsored by: strongDM: Use your SSO to grant/revoke access to any database or server. Audit every query, ssh command, and RDP session. Watch a 45s demo.And that's it for Canada. I recorded this Saturday morning local before heading...

Weekly Update 117

Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.I'm in Whistler! And as I say at the start of this video, I did seriously consider having...

Weekly Update 116

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.I'm on countdown to take-off for the next 2 and a bit weeks so I'm going to...

Have I Been Pwned – The Sticker

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.So today is Have I Been Pwned's (HIBP's) 5th birthday. I started this project out of equal...

Weekly Update 115

Presently sponsored by: DigiCert: Anyone with an internet connection can compromise unsecured IoT systems. See how PKI can help solve IoT security challengesI'm pushing this out a day late so firstly, apologies for the break in what's otherwise a...

Weekly Update 114

Presently sponsored by: Build scalable, reliable and secure cloud native applications with Tech FabricIt's a no-blog week, but that doesn't mean any less is happening! This week, I've finally wrapped up the Lego Bugatti, got myself into the new...

Weekly Update 113

Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.Bit of a change of scenery this week; I've gone to the other end of the house whilst...

Beyond Passwords: 2FA, U2F and Google Advanced Protection

Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be...

Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies

Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.You know what I really like? A nice, slick, clean set of violation reports from the content security...

Weekly Update 112

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.Wow, didn't the passwords discussions go nuts this week! Passwords suck and they must die, they're never...

When Accounts are “Hacked” Due to Poor Passwords, Victims Must Share the Blame

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.It's just another day on the internet when the news is full of headlines about accounts being...

It’s End of Life for ASafaWeb

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.A lot has changed in the Microsoft technology world in the last 7 years since I launched...
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more